diff options
Diffstat (limited to 'docs/_locale/ja/configuration.pot')
-rw-r--r-- | docs/_locale/ja/configuration.pot | 5623 |
1 files changed, 2387 insertions, 3236 deletions
diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index 7a5f67f1..cf365560 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag" msgid "\"Other configuration\" flag" msgstr "\"Other configuration\" flag" +#: ../../configuration/firewall/flowtables.rst:5 +msgid "###################ä############# Flowtables Firewall Configuration #################################" +msgstr "###################ä############# Flowtables Firewall Configuration #################################" + #: ../../configuration/protocols/babel.rst:146 msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." @@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic." msgid "**Apply the traffic policy to an interface ingress or egress**." msgstr "**Apply the traffic policy to an interface ingress or egress**." +#: ../../configuration/firewall/index.rst:22 +msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." +msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." + +#: ../../configuration/firewall/index.rst:23 +msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" -#: ../../configuration/service/pppoe-server.rst:69 +#: ../../configuration/service/pppoe-server.rst:66 msgid "**Client IP address via IP range definition**" msgstr "**Client IP address via IP range definition**" @@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**" msgid "**Cluster-List length check**" msgstr "**Cluster-List length check**" +#: ../../configuration/firewall/index.rst:35 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." +#: ../../configuration/interfaces/wwan.rst:53 #: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-vlan-8021ad.txt:121 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-common-with-dhcp.txt:9 -#: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-vlan-8021q.txt:97 #: ../../_include/interface-vlan-8021ad.txt:121 -#: ../../_include/interface-common-with-dhcp.txt:9 #: ../../_include/interface-vlan-8021q.txt:97 -#: ../../_include/interface-vlan-8021ad.txt:121 -#: ../../configuration/interfaces/wwan.rst:53 msgid "**DHCP(v6)**" msgstr "**DHCP(v6)**" #: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1 msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" +#: ../../configuration/firewall/index.rst:41 +msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." + +#: ../../configuration/firewall/index.rst:43 +msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." + +#: ../../configuration/firewall/index.rst:44 +msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." + +#: ../../configuration/firewall/bridge.rst:9 +#: ../../configuration/firewall/flowtables.rst:9 +msgid "**Documentation under development**" +msgstr "**Documentation under development**" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" -#: ../../configuration/service/dhcp-server.rst:235 -#: ../../configuration/service/dhcp-server.rst:657 -#: ../../configuration/service/dhcp-server.rst:694 +#: ../../configuration/service/dhcp-server.rst:200 +#: ../../configuration/service/dhcp-server.rst:587 +#: ../../configuration/service/dhcp-server.rst:626 msgid "**Example:**" msgstr "**Example:**" @@ -177,10 +182,30 @@ msgstr "**External check**" msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/flowtables.rst:51 +msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" +msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" + +#: ../../configuration/firewall/index.rst:152 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" +#: ../../configuration/firewall/index.rst:58 +msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:86 +msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/index.rst:87 +msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:83 +msgid "**Hardware offload:** should be supported by the NICs used." +msgstr "**Hardware offload:** should be supported by the NICs used." + #: ../../configuration/protocols/bgp.rst:94 msgid "**IGP cost check**" msgstr "**IGP cost check**" @@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" +#: ../../configuration/firewall/ipv4.rst:60 +#: ../../configuration/firewall/ipv6.rst:60 +msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/bridge.rst:143 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 +msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:72 msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**." @@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface." msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface." +#: ../../configuration/firewall/index.rst:48 +msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:49 +msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" -#: ../../configuration/vpn/site2site_ipsec.rst:299 +#: ../../configuration/vpn/site2site_ipsec.rst:303 msgid "**LEFT**" msgstr "**LEFT**" -#: ../../configuration/vpn/site2site_ipsec.rst:283 +#: ../../configuration/vpn/site2site_ipsec.rst:287 msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)" msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)" -#: ../../configuration/interfaces/vxlan.rst:214 +#: ../../configuration/firewall/bridge.rst:48 +msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**." +msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**." + +#: ../../configuration/interfaces/vxlan.rst:235 msgid "**Leaf2 configuration:**" msgstr "**Leaf2 configuration:**" -#: ../../configuration/interfaces/vxlan.rst:239 +#: ../../configuration/interfaces/vxlan.rst:260 msgid "**Leaf3 configuration:**" msgstr "**Leaf3 configuration:**" @@ -261,33 +309,33 @@ msgstr "**MED check**" msgid "**Multi-path check**" msgstr "**Multi-path check**" -#: ../../configuration/protocols/bgp.rst:1192 +#: ../../configuration/protocols/bgp.rst:1193 msgid "**Node1:**" msgstr "**Node1:**" -#: ../../configuration/protocols/bgp.rst:1220 +#: ../../configuration/protocols/bgp.rst:1221 msgid "**Node2:**" msgstr "**Node2:**" #: ../../configuration/protocols/ospf.rst:840 #: ../../configuration/protocols/ospf.rst:913 #: ../../configuration/protocols/ospf.rst:985 -#: ../../configuration/protocols/ospf.rst:1348 +#: ../../configuration/protocols/ospf.rst:1350 #: ../../configuration/protocols/segment-routing.rst:281 msgid "**Node 1**" msgstr "**Node 1**" #: ../../configuration/protocols/babel.rst:192 -#: ../../configuration/protocols/bgp.rst:1102 -#: ../../configuration/protocols/bgp.rst:1129 -#: ../../configuration/protocols/bgp.rst:1147 -#: ../../configuration/protocols/bgp.rst:1175 -#: ../../configuration/protocols/isis.rst:313 -#: ../../configuration/protocols/isis.rst:388 -#: ../../configuration/protocols/isis.rst:429 -#: ../../configuration/protocols/isis.rst:467 +#: ../../configuration/protocols/bgp.rst:1103 +#: ../../configuration/protocols/bgp.rst:1130 +#: ../../configuration/protocols/bgp.rst:1148 +#: ../../configuration/protocols/bgp.rst:1176 +#: ../../configuration/protocols/isis.rst:341 +#: ../../configuration/protocols/isis.rst:416 +#: ../../configuration/protocols/isis.rst:457 +#: ../../configuration/protocols/isis.rst:495 #: ../../configuration/protocols/ospf.rst:948 -#: ../../configuration/protocols/ospf.rst:1318 +#: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 #: ../../configuration/protocols/segment-routing.rst:195 msgid "**Node 1:**" @@ -296,20 +344,20 @@ msgstr "**Node 1:**" #: ../../configuration/protocols/ospf.rst:850 #: ../../configuration/protocols/ospf.rst:930 #: ../../configuration/protocols/ospf.rst:1001 -#: ../../configuration/protocols/ospf.rst:1363 +#: ../../configuration/protocols/ospf.rst:1365 #: ../../configuration/protocols/segment-routing.rst:296 msgid "**Node 2**" msgstr "**Node 2**" #: ../../configuration/protocols/babel.rst:202 -#: ../../configuration/protocols/bgp.rst:1113 -#: ../../configuration/protocols/bgp.rst:1135 -#: ../../configuration/protocols/bgp.rst:1159 -#: ../../configuration/protocols/bgp.rst:1181 -#: ../../configuration/protocols/isis.rst:324 -#: ../../configuration/protocols/isis.rst:404 -#: ../../configuration/protocols/isis.rst:483 -#: ../../configuration/protocols/ospf.rst:1327 +#: ../../configuration/protocols/bgp.rst:1114 +#: ../../configuration/protocols/bgp.rst:1136 +#: ../../configuration/protocols/bgp.rst:1160 +#: ../../configuration/protocols/bgp.rst:1182 +#: ../../configuration/protocols/isis.rst:352 +#: ../../configuration/protocols/isis.rst:432 +#: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 msgid "**Node 2:**" @@ -331,15 +379,39 @@ msgstr "**One gateway:**" msgid "**Origin check**" msgstr "**Origin check**" +#: ../../configuration/firewall/index.rst:64 +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" +#: ../../configuration/firewall/index.rst:38 +msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." +msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." + #: ../../configuration/policy/examples.rst:5 msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/service/dhcp-server.rst:450 +#: ../../configuration/firewall/index.rst:76 +msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" +msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" + +#: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:28 +msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" + +#: ../../configuration/service/dhcp-server.rst:391 msgid "**Primary**" msgstr "**Primary**" @@ -401,19 +473,19 @@ msgstr "**R2**" msgid "**R2 Static Key**" msgstr "**R2 Static Key**" -#: ../../configuration/service/pppoe-server.rst:104 +#: ../../configuration/service/pppoe-server.rst:91 msgid "**RADIUS based IP pools (Framed-IP-Address)**" msgstr "**RADIUS based IP pools (Framed-IP-Address)**" -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/pppoe-server.rst:115 msgid "**RADIUS sessions management DM/CoA**" msgstr "**RADIUS sessions management DM/CoA**" -#: ../../configuration/vpn/site2site_ipsec.rst:335 +#: ../../configuration/vpn/site2site_ipsec.rst:343 msgid "**RIGHT**" msgstr "**RIGHT**" -#: ../../configuration/vpn/site2site_ipsec.rst:289 +#: ../../configuration/vpn/site2site_ipsec.rst:293 msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)" msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)" @@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172 msgid "**Router-ID check**" msgstr "**Router-ID check**" -#: ../../configuration/protocols/igmp.rst:46 +#: ../../configuration/protocols/pim.rst:228 msgid "**Router 1**" msgstr "**Router 1**" -#: ../../configuration/protocols/igmp.rst:74 +#: ../../configuration/protocols/pim.rst:256 msgid "**Router 2**" msgstr "**Router 2**" -#: ../../configuration/protocols/igmp.rst:59 +#: ../../configuration/protocols/pim.rst:241 msgid "**Router 3**" msgstr "**Router 3**" @@ -449,7 +521,7 @@ msgstr "**SW1**" msgid "**SW2**" msgstr "**SW2**" -#: ../../configuration/service/dhcp-server.rst:459 +#: ../../configuration/service/dhcp-server.rst:400 msgid "**Secondary**" msgstr "**Secondary**" @@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**" msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/interfaces/vxlan.rst:191 +#: ../../configuration/firewall/index.rst:80 +msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." +msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." + +#: ../../configuration/interfaces/vxlan.rst:212 msgid "**Spine1 Configuration:**" msgstr "**Spine1 Configuration:**" -#: ../../configuration/protocols/ospf.rst:1378 +#: ../../configuration/protocols/ospf.rst:1380 msgid "**Status**" msgstr "**Status**" -#: ../../configuration/protocols/ospf.rst:1336 +#: ../../configuration/protocols/ospf.rst:1338 msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" @@ -490,48 +566,12 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 -#: ../../_include/interface-dhcp-options.txt:69 +#: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" #: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 #: ../../_include/interface-address.txt:6 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:7 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" @@ -579,51 +619,19 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/vpn/sstp.rst:188 +#: ../../configuration/vpn/sstp.rst:199 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" -#: ../../configuration/nat/nat44.rst:201 +#: ../../configuration/nat/nat44.rst:213 msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured." msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured." #: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:9 msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment." msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment." #: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 -#: ../../_include/interface-address-with-dhcp.txt:11 msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." @@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server msgid "**discard:** Received packets which already contain relay information will be discarded." msgstr "**discard:** Received packets which already contain relay information will be discarded." -#: ../../configuration/protocols/igmp.rst:195 +#: ../../configuration/protocols/igmp-proxy.rst:23 msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured." msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured." @@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way" msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way" -#: ../../configuration/firewall/general.rst:99 +#: ../../configuration/firewall/global-options.rst:36 msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way" msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way" @@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to." +#: ../../configuration/nat/nat44.rst:165 +msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." +msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." + #: ../../configuration/interfaces/bonding.rst:161 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" @@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to." -#: ../../configuration/vpn/sstp.rst:187 +#: ../../configuration/nat/nat44.rst:149 +msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." +msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." + +#: ../../configuration/vpn/sstp.rst:198 msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" @@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client." msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client." -#: ../../configuration/nat/nat44.rst:169 +#: ../../configuration/nat/nat44.rst:181 msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." @@ -767,7 +783,7 @@ msgstr "**remote side - commands**" msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." -#: ../../configuration/vpn/sstp.rst:186 +#: ../../configuration/vpn/sstp.rst:197 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -779,7 +795,7 @@ msgstr "**right**" msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/nat/nat44.rst:183 +#: ../../configuration/nat/nat44.rst:195 msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT." msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT." @@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock" msgid "**transition** - Send and accept both styles of TLVs during transition." msgstr "**transition** - Send and accept both styles of TLVs during transition." -#: ../../configuration/protocols/igmp.rst:191 +#: ../../configuration/protocols/igmp-proxy.rst:19 msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface." msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface." @@ -860,25 +876,6 @@ msgid "011110" msgstr "011110" #: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 -#: ../../_include/interface-ipv6.txt:79 msgid "0: Disable DAD" msgstr "0: Disable DAD" @@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing." msgid "0 if not defined." msgstr "0 if not defined." -#: ../../configuration/service/dhcp-server.rst:270 +#: ../../configuration/service/dhcp-server.rst:237 #: ../../configuration/system/syslog.rst:114 #: ../../configuration/system/syslog.rst:173 #: ../../configuration/trafficpolicy/index.rst:801 @@ -898,7 +895,7 @@ msgstr "0 if not defined." msgid "1" msgstr "1" -#: ../../configuration/nat/nat44.rst:588 +#: ../../configuration/nat/nat44.rst:612 msgid "1-to-1 NAT" msgstr "1-to-1 NAT" @@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s" msgid "11" msgstr "11" -#: ../../configuration/service/dhcp-server.rst:352 +#: ../../configuration/service/dhcp-server.rst:319 msgid "119" msgstr "119" @@ -963,11 +960,11 @@ msgstr "119" msgid "12" msgstr "12" -#: ../../configuration/service/dhcp-server.rst:357 +#: ../../configuration/service/dhcp-server.rst:324 msgid "121, 249" msgstr "121, 249" -#: ../../configuration/service/dhcp-server.rst:337 +#: ../../configuration/service/dhcp-server.rst:304 #: ../../configuration/system/syslog.rst:138 #: ../../configuration/trafficpolicy/index.rst:870 msgid "13" @@ -979,7 +976,7 @@ msgstr "13" msgid "14" msgstr "14" -#: ../../configuration/service/dhcp-server.rst:297 +#: ../../configuration/service/dhcp-server.rst:264 #: ../../configuration/system/syslog.rst:142 #: ../../configuration/trafficpolicy/index.rst:866 msgid "15" @@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgid "18" msgstr "18" -#: ../../configuration/service/dhcp-server.rst:302 +#: ../../configuration/service/dhcp-server.rst:269 #: ../../configuration/system/syslog.rst:150 msgid "19" msgstr "19" @@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 -#: ../../_include/interface-ipv6.txt:80 +#: ../../configuration/firewall/flowtables.rst:144 +msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" @@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)" msgid "1 if not defined." msgstr "1 if not defined." -#: ../../configuration/service/dhcp-server.rst:276 +#: ../../configuration/service/dhcp-server.rst:243 #: ../../configuration/system/syslog.rst:116 #: ../../configuration/system/syslog.rst:178 #: ../../configuration/trafficpolicy/index.rst:799 @@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s" msgid "2500 - 2.5 GBit/s" msgstr "2500 - 2.5 GBit/s" -#: ../../configuration/service/dhcp-server.rst:362 +#: ../../configuration/service/dhcp-server.rst:329 msgid "252" msgstr "252" @@ -1097,30 +1079,15 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 -#: ../../_include/interface-ipv6.txt:81 +#: ../../configuration/firewall/flowtables.rst:148 +msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." +msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." + #: ../../_include/interface-ipv6.txt:81 msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." -#: ../../configuration/service/dhcp-server.rst:282 +#: ../../configuration/service/dhcp-server.rst:249 #: ../../configuration/system/syslog.rst:118 #: ../../configuration/system/syslog.rst:181 #: ../../configuration/trafficpolicy/index.rst:797 @@ -1148,7 +1115,7 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" -#: ../../configuration/service/dhcp-server.rst:287 +#: ../../configuration/service/dhcp-server.rst:254 #: ../../configuration/system/syslog.rst:120 #: ../../configuration/system/syslog.rst:183 #: ../../configuration/trafficpolicy/index.rst:795 @@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s" msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." -#: ../../configuration/service/dhcp-server.rst:307 +#: ../../configuration/service/dhcp-server.rst:274 msgid "42" msgstr "42" -#: ../../configuration/service/dhcp-server.rst:312 +#: ../../configuration/service/dhcp-server.rst:279 msgid "44" msgstr "44" @@ -1180,6 +1147,10 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:153 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." + #: ../../configuration/system/syslog.rst:122 #: ../../configuration/system/syslog.rst:185 #: ../../configuration/trafficpolicy/index.rst:793 @@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s" msgid "5000 - 5 GBit/s" msgstr "5000 - 5 GBit/s" -#: ../../configuration/service/dhcp-server.rst:317 +#: ../../configuration/service/dhcp-server.rst:284 msgid "54" msgstr "54" +#: ../../configuration/firewall/flowtables.rst:157 +msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + #: ../../configuration/highavailability/index.rst:257 #: ../../configuration/highavailability/index.rst:288 msgid "5 if not defined." msgstr "5 if not defined." -#: ../../configuration/service/dhcp-server.rst:292 +#: ../../configuration/service/dhcp-server.rst:259 #: ../../configuration/system/syslog.rst:124 #: ../../configuration/system/syslog.rst:189 #: ../../configuration/trafficpolicy/index.rst:791 @@ -1212,7 +1187,7 @@ msgstr "5 if not defined." msgid "6" msgstr "6" -#: ../../configuration/service/dhcp-server.rst:327 +#: ../../configuration/service/dhcp-server.rst:294 msgid "66" msgstr "66" @@ -1220,14 +1195,18 @@ msgstr "66" msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic." msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic." -#: ../../configuration/service/dhcp-server.rst:332 +#: ../../configuration/service/dhcp-server.rst:299 msgid "67" msgstr "67" -#: ../../configuration/service/dhcp-server.rst:342 +#: ../../configuration/service/dhcp-server.rst:309 msgid "69" msgstr "69" +#: ../../configuration/firewall/flowtables.rst:161 +msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin msgid "7" msgstr "7" -#: ../../configuration/service/dhcp-server.rst:347 +#: ../../configuration/service/dhcp-server.rst:314 msgid "70" msgstr "70" @@ -1252,11 +1231,6 @@ msgid "8" msgstr "8" #: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 -#: ../../_include/interface-vlan-8021q.txt:21 msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." @@ -1325,22 +1299,31 @@ msgstr "<x.x.x.x>-<x.x.x.x>: IP range to match." msgid "<x.x.x.x>: IP address to match." msgstr "<x.x.x.x>: IP address to match." +#: ../../configuration/pki/index.rst:252 +msgid "ACME" +msgstr "ACME" + +#: ../../configuration/pki/index.rst:281 +msgid "ACME Directory Resource URI." +msgstr "ACME Directory Resource URI." + +#: ../../configuration/service/https.rst:59 +msgid "API" +msgstr "API" + #: ../../configuration/protocols/static.rst:150 msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/general.rst:302 -#: ../../configuration/firewall/general-legacy.rst:257 +#: ../../configuration/firewall/groups.rst:129 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/general.rst:284 -#: ../../configuration/firewall/general-legacy.rst:242 +#: ../../configuration/firewall/groups.rst:111 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/general.rst:259 -#: ../../configuration/firewall/general-legacy.rst:217 +#: ../../configuration/firewall/groups.rst:86 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by msgid "A Rule-Set can be applied to every interface:" msgstr "A Rule-Set can be applied to every interface:" -#: ../../configuration/service/dhcp-server.rst:631 +#: ../../configuration/service/dhcp-server.rst:561 msgid "A SNTP server address can be specified for DHCPv6 clients." msgstr "A SNTP server address can be specified for DHCPv6 clients." @@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." -#: ../../configuration/service/dns.rst:149 +#: ../../configuration/service/dns.rst:162 msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." -#: ../../configuration/service/dhcp-server.rst:603 +#: ../../configuration/service/dhcp-server.rst:533 msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients." msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients." @@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:73 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." @@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" -#: ../../configuration/vpn/sstp.rst:323 +#: ../../configuration/vpn/sstp.rst:335 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`." msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`." -#: ../../configuration/nat/nat44.rst:685 +#: ../../configuration/nat/nat44.rst:709 msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" @@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`." msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`." -#: ../../configuration/service/dhcp-server.rst:187 +#: ../../configuration/service/dhcp-server.rst:152 msgid "A generic `<name>` referencing this sync service." msgstr "A generic `<name>` referencing this sync service." @@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" +#: ../../configuration/firewall/flowtables.rst:44 +msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." +msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." + #: ../../configuration/protocols/bgp.rst:698 msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route." msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route." @@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted." msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted." -#: ../../configuration/nat/nat44.rst:360 +#: ../../configuration/nat/nat44.rst:374 msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/general.rst:761 -#: ../../configuration/firewall/general-legacy.rst:506 +#: ../../configuration/firewall/ipv4.rst:485 +#: ../../configuration/firewall/ipv6.rst:491 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1536,23 +1523,14 @@ msgid "A segment ID that contains an IP address prefix calculated by an IGP in t msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it" #: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 -#: ../../_include/interface-disable-flow-control.txt:11 msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:659 +#: ../../configuration/service/dhcp-server.rst:589 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" -#: ../../configuration/protocols/bgp.rst:1145 +#: ../../configuration/protocols/bgp.rst:1146 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." @@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6." msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." -#: ../../configuration/protocols/bgp.rst:1100 +#: ../../configuration/protocols/bgp.rst:1101 msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" @@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities." msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." +#: ../../configuration/firewall/index.rst:14 +msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." +msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." + +#: ../../configuration/firewall/index.rst:14 +msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." +msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." + #: ../../configuration/nat/nat66.rst:28 msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device." msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device." @@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa msgid "A sync group allows VRRP groups to transition together." msgstr "A sync group allows VRRP groups to transition together." -#: ../../configuration/protocols/ospf.rst:1316 +#: ../../configuration/protocols/ospf.rst:1318 msgid "A typical configuration using 2 nodes." msgstr "A typical configuration using 2 nodes." -#: ../../configuration/nat/nat44.rst:400 +#: ../../configuration/nat/nat44.rst:414 msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall." msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall." @@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:33 +#: ../../configuration/firewall/zone.rst:52 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." -#: ../../configuration/service/dns.rst:384 +#: ../../configuration/service/dns.rst:397 msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized." msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized." @@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/general.rst:327 +#: ../../configuration/firewall/bridge.rst:65 +#: ../../configuration/firewall/ipv4.rst:81 +#: ../../configuration/firewall/ipv6.rst:81 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:431 +#: ../../configuration/interfaces/openvpn.rst:483 msgid "Active Directory" msgstr "Active Directory" @@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." -#: ../../configuration/vpn/openconnect.rst:169 +#: ../../configuration/vpn/openconnect.rst:176 msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" @@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." -#: ../../configuration/nat/nat44.rst:738 +#: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis msgid "Address" msgstr "Address" -#: ../../configuration/nat/nat44.rst:219 +#: ../../configuration/nat/nat44.rst:231 msgid "Address Conversion" msgstr "Address Conversion" @@ -1773,20 +1761,19 @@ msgstr "Address Conversion" msgid "Address Families" msgstr "Address Families" -#: ../../configuration/firewall/general.rst:192 -#: ../../configuration/firewall/general-legacy.rst:168 +#: ../../configuration/firewall/groups.rst:19 msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:662 +#: ../../configuration/service/dhcp-server.rst:592 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:582 msgid "Address pools" msgstr "Address pools" -#: ../../configuration/service/https.rst:42 +#: ../../configuration/service/https.rst:33 msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" @@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/nat/nat44.rst:289 +#: ../../configuration/nat/nat44.rst:301 msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." @@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:323 +#: ../../configuration/vrf/index.rst:325 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." @@ -1846,7 +1833,7 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" -#: ../../configuration/service/dns.rst:154 +#: ../../configuration/service/dns.rst:167 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." -#: ../../configuration/service/dns.rst:156 +#: ../../configuration/service/dns.rst:169 msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" @@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve msgid "All reply sizes are accepted by default." msgstr "All reply sizes are accepted by default." +#: ../../configuration/protocols/pim.rst:91 +msgid "All routers in the PIM network must agree on these values." +msgstr "All routers in the PIM network must agree on these values." + #: ../../configuration/system/task-scheduler.rst:10 msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." @@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:36 +#: ../../configuration/firewall/zone.rst:55 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:35 +#: ../../configuration/firewall/zone.rst:54 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/dns.rst:346 +#: ../../configuration/service/dns.rst:359 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface." msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." +#: ../../configuration/service/mdns.rst:43 +msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected." +msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected." + #: ../../configuration/protocols/bfd.rst:34 msgid "Allow this BFD peer to not be directly connected" msgstr "Allow this BFD peer to not be directly connected" -#: ../../configuration/firewall/general.rst:1137 #: ../../configuration/firewall/general-legacy.rst:694 msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." +#: ../../configuration/firewall/ipv4.rst:812 +#: ../../configuration/firewall/ipv6.rst:821 +#: ../../configuration/system/conntrack.rst:199 +msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." +msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." + #: ../../configuration/interfaces/bridge.rst:162 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." @@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/general.rst:377 +#: ../../configuration/firewall/bridge.rst:123 +#: ../../configuration/firewall/ipv4.rst:166 +#: ../../configuration/firewall/ipv6.rst:166 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." @@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" -#: ../../configuration/nat/nat44.rst:276 +#: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." @@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables" msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`." msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`." -#: ../../configuration/interfaces/vxlan.rst:321 +#: ../../configuration/interfaces/vxlan.rst:342 msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" -#: ../../configuration/service/dhcp-server.rst:130 +#: ../../configuration/service/dhcp-server.rst:116 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/general.rst:241 +#: ../../configuration/firewall/groups.rst:68 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" +#: ../../configuration/firewall/ipv4.rst:373 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." + #: ../../configuration/firewall/general-legacy.rst:424 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" @@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)." -#: ../../configuration/firewall/general.rst:619 +#: ../../configuration/firewall/ipv6.rst:371 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" @@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:" msgid "An example of key generation:" msgstr "An example of key generation:" -#: ../../configuration/vpn/openconnect.rst:291 +#: ../../configuration/vpn/openconnect.rst:298 msgid "An example of the data captured by a FREERADIUS server with sql accounting:" msgstr "An example of the data captured by a FREERADIUS server with sql accounting:" @@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." +#: ../../configuration/firewall/flowtables.rst:142 +msgid "Analysis on what happens for desired connection:" +msgstr "Analysis on what happens for desired connection:" + +#: ../../configuration/firewall/bridge.rst:297 +msgid "And, to print only bridge firewall information:" +msgstr "And, to print only bridge firewall information:" + +#: ../../configuration/firewall/ipv4.rst:57 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" + +#: ../../configuration/firewall/ipv6.rst:57 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" + #: ../../configuration/policy/route.rst:76 msgid "And for ipv6:" msgstr "And for ipv6:" +#: ../../configuration/firewall/groups.rst:165 +msgid "And next, some configuration example where groups are used:" +msgstr "And next, some configuration example where groups are used:" + +#: ../../configuration/firewall/bridge.rst:349 +msgid "And op-mode commands:" +msgstr "And op-mode commands:" + #: ../../configuration/system/ip.rst:84 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" @@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:" msgid "And then hash is reduced modulo slave count." msgstr "And then hash is reduced modulo slave count." -#: ../../configuration/nat/nat44.rst:590 +#: ../../configuration/nat/nat44.rst:614 msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa." msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa." @@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces" -#: ../../configuration/firewall/zone.rst:82 +#: ../../configuration/firewall/zone.rst:101 msgid "Applying a Rule-Set to a Zone" msgstr "Applying a Rule-Set to a Zone" @@ -2151,49 +2181,11 @@ msgstr "Arista EOS" msgid "Aruba/HP" msgstr "Aruba/HP" -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 #: ../../configuration/interfaces/pppoe.rst:207 #: ../../configuration/interfaces/pppoe.rst:253 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 #: ../../configuration/interfaces/sstp-client.rst:79 #: ../../_include/interface-ip.txt:4 #: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 -#: ../../_include/interface-ip.txt:4 -#: ../../_include/interface-ipv6.txt:60 msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'." msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'." @@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." +#: ../../configuration/firewall/index.rst:7 +msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." +msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." + #: ../../configuration/interfaces/wwan.rst:326 msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." @@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." -#: ../../configuration/firewall/zone.rst:49 +#: ../../configuration/firewall/zone.rst:68 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." +#: ../../configuration/firewall/flowtables.rst:109 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + #: ../../configuration/system/option.rst:80 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." +#: ../../configuration/firewall/groups.rst:147 +msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." +msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." + #: ../../configuration/trafficpolicy/index.rst:196 msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." @@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." -#: ../../configuration/firewall/index.rst:81 +#: ../../configuration/firewall/index.rst:176 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." -#: ../../configuration/firewall/index.rst:60 +#: ../../configuration/firewall/index.rst:182 msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface." msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface." @@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" -#: ../../configuration/interfaces/vxlan.rst:264 +#: ../../configuration/interfaces/vxlan.rst:285 msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" @@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel" msgid "Assign static IP address to `<user>` account." msgstr "Assign static IP address to `<user>` account." -#: ../../configuration/service/dhcp-server.rst:111 +#: ../../configuration/service/dhcp-server.rst:97 msgid "Assign the IP address to this machine for `<time>` seconds." msgstr "Assign the IP address to this machine for `<time>` seconds." @@ -2377,7 +2381,6 @@ msgstr "Assured Forwarding(AF) 43" msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." -#: ../../configuration/firewall/general.rst:1489 #: ../../configuration/firewall/general-legacy.rst:972 msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``" msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``" @@ -2434,7 +2437,7 @@ msgstr "Authentication – to verify that the message is from a valid source." msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:172 +#: ../../configuration/service/pppoe-server.rst:159 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" @@ -2442,6 +2445,10 @@ msgstr "Automatic VLAN Creation" msgid "Automatic VLAN creation" msgstr "Automatic VLAN creation" +#: ../../configuration/protocols/pim.rst:137 +msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed." +msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed." + #: ../../configuration/system/option.rst:19 msgid "Automatically reboot system on kernel panic after 60 seconds." msgstr "Automatically reboot system on kernel panic after 60 seconds." @@ -2450,7 +2457,7 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds." msgid "Autonomous Systems" msgstr "Autonomous Systems" -#: ../../configuration/nat/nat44.rst:370 +#: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Avoiding \"leaky\" NAT" @@ -2530,7 +2537,7 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:411 +#: ../../configuration/vrf/index.rst:413 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." @@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name" msgstr "Balancing based on domain name" #: ../../configuration/service/ipoe-server.rst:122 -#: ../../configuration/service/pppoe-server.rst:195 +#: ../../configuration/service/pppoe-server.rst:182 #: ../../configuration/vpn/l2tp.rst:113 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2573,7 +2580,7 @@ msgstr "Bandwidth Shaping" msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:184 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2585,7 +2592,14 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." -#: ../../configuration/vpn/dmvpn.rst:34 +#: ../../configuration/firewall/ipv4.rst:54 +msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:54 +msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" + #: ../../configuration/vpn/dmvpn.rst:34 msgid "Baseline DMVPN topology" msgstr "Baseline DMVPN topology" @@ -2594,7 +2608,6 @@ msgstr "Baseline DMVPN topology" msgid "Basic Concepts" msgstr "Basic Concepts" -#: ../../configuration/protocols/igmp.rst:91 #: ../../configuration/protocols/pim6.rst:26 msgid "Basic commands" msgstr "Basic commands" @@ -2611,7 +2624,7 @@ msgstr "Basic filtering could also be applied to IPv6 traffic." msgid "Basic setup" msgstr "Basic setup" -#: ../../configuration/vpn/openconnect.rst:255 +#: ../../configuration/vpn/openconnect.rst:262 msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." @@ -2631,11 +2644,11 @@ msgstr "Because existing sessions do not automatically fail over to a new path, msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:103 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." -#: ../../configuration/vpn/site2site_ipsec.rst:413 +#: ../../configuration/vpn/site2site_ipsec.rst:422 msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured." msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured." @@ -2663,7 +2676,7 @@ msgstr "Binary value" msgid "Bind listener to specific interface/address, mandatory for IPv6" msgstr "Bind listener to specific interface/address, mandatory for IPv6" -#: ../../configuration/interfaces/vxlan.rst:285 +#: ../../configuration/interfaces/vxlan.rst:306 msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge." msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge." @@ -2695,15 +2708,15 @@ msgstr "Bond / Link Aggregation" msgid "Bond options" msgstr "Bond options" -#: ../../configuration/service/dhcp-server.rst:339 +#: ../../configuration/service/dhcp-server.rst:306 msgid "Boot image length in 512-octet blocks" msgstr "Boot image length in 512-octet blocks" -#: ../../configuration/service/dhcp-server.rst:334 +#: ../../configuration/service/dhcp-server.rst:301 msgid "Bootstrap file name" msgstr "Bootstrap file name" -#: ../../configuration/interfaces/vxlan.rst:102 +#: ../../configuration/interfaces/vxlan.rst:123 msgid "Both IPv4 and IPv6 multicast is possible." msgstr "Both IPv4 and IPv6 multicast is possible." @@ -2712,25 +2725,6 @@ msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Aut msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported." #: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 -#: ../../_include/interface-ip.txt:88 msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." @@ -2746,10 +2740,18 @@ msgstr "Bridge" msgid "Bridge:" msgstr "Bridge:" +#: ../../configuration/firewall/bridge.rst:7 +msgid "Bridge Firewall Configuration" +msgstr "Bridge Firewall Configuration" + #: ../../configuration/interfaces/bridge.rst:66 msgid "Bridge Options" msgstr "Bridge Options" +#: ../../configuration/firewall/bridge.rst:56 +msgid "Bridge Rules" +msgstr "Bridge Rules" + #: ../../configuration/interfaces/bridge.rst:198 #: ../../configuration/interfaces/bridge.rst:233 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" @@ -2779,7 +2781,7 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client." msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client." -#: ../../configuration/service/dns.rst:380 +#: ../../configuration/service/dns.rst:393 msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP." msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP." @@ -2792,7 +2794,7 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic msgid "By default, it supports both planned and unplanned outages." msgstr "By default, it supports both planned and unplanned outages." -#: ../../configuration/service/https.rst:54 +#: ../../configuration/service/https.rst:45 msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." @@ -2808,8 +2810,7 @@ msgstr "By default, the BGP prefix is advertised even if it's not present in the msgid "By default, this bridging is allowed." msgstr "By default, this bridging is allowed." -#: ../../configuration/firewall/general.rst:90 -#: ../../configuration/firewall/general-legacy.rst:42 +#: ../../configuration/firewall/global-options.rst:27 msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." @@ -2876,7 +2877,7 @@ msgstr "Certificates" msgid "Change system keyboard layout to given language." msgstr "Change system keyboard layout to given language." -#: ../../configuration/firewall/zone.rst:75 +#: ../../configuration/firewall/zone.rst:94 msgid "Change the default-action with this setting." msgstr "Change the default-action with this setting." @@ -2896,6 +2897,10 @@ msgstr "Changing the keymap only has an effect on the system console, using SSH msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" +#: ../../configuration/system/updates.rst:28 +msgid "Check:" +msgstr "Check:" + #: ../../configuration/system/acceleration.rst:32 msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Check if the Intel® QAT device is up and ready to do the job." @@ -2908,10 +2913,14 @@ msgstr "Check status" msgid "Check the many parameters available for the `show ipv6 route` command:" msgstr "Check the many parameters available for the `show ipv6 route` command:" -#: ../../configuration/service/pppoe-server.rst:320 +#: ../../configuration/service/pppoe-server.rst:307 msgid "Checking connections" msgstr "Checking connections" +#: ../../configuration/firewall/flowtables.rst:165 +msgid "Checks" +msgstr "Checks" + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." @@ -2921,25 +2930,6 @@ msgid "Cisco Catalyst" msgstr "Cisco Catalyst" #: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 -#: ../../_include/interface-ip.txt:168 msgid "Cisco and Allied Telesyn call it Private VLAN" msgstr "Cisco and Allied Telesyn call it Private VLAN" @@ -2955,7 +2945,7 @@ msgstr "Class treatment" msgid "Classes" msgstr "Classes" -#: ../../configuration/service/dhcp-server.rst:359 +#: ../../configuration/service/dhcp-server.rst:326 msgid "Classless static route" msgstr "Classless static route" @@ -2975,7 +2965,7 @@ msgstr "Client:" msgid "Client Address Pools" msgstr "Client Address Pools" -#: ../../configuration/interfaces/openvpn.rst:388 +#: ../../configuration/interfaces/openvpn.rst:440 msgid "Client Authentication" msgstr "Client Authentication" @@ -2983,7 +2973,7 @@ msgstr "Client Authentication" msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/vpn/sstp.rst:278 +#: ../../configuration/vpn/sstp.rst:289 msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" @@ -2995,11 +2985,11 @@ msgstr "Client Side" msgid "Client configuration" msgstr "Client configuration" -#: ../../configuration/service/dhcp-server.rst:299 +#: ../../configuration/service/dhcp-server.rst:266 msgid "Client domain name" msgstr "Client domain name" -#: ../../configuration/service/dhcp-server.rst:354 +#: ../../configuration/service/dhcp-server.rst:321 msgid "Client domain search" msgstr "Client domain search" @@ -3011,7 +3001,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" -#: ../../configuration/service/dhcp-server.rst:590 +#: ../../configuration/service/dhcp-server.rst:514 msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." @@ -3023,7 +3013,9 @@ msgstr "Clock daemon" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." -#: ../../configuration/firewall/general.rst:530 +#: ../../configuration/firewall/bridge.rst:216 +#: ../../configuration/firewall/ipv4.rst:298 +#: ../../configuration/firewall/ipv6.rst:298 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." @@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration." msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/general.rst:1544 -#: ../../configuration/firewall/general-legacy.rst:1054 +#: ../../configuration/firewall/ipv4.rst:1179 +#: ../../configuration/firewall/ipv6.rst:1195 msgid "Command used to update GeoIP database and firewall sets." msgstr "Command used to update GeoIP database and firewall sets." -#: ../../configuration/service/dhcp-server.rst:438 +#: ../../configuration/firewall/flowtables.rst:119 +msgid "Commands" +msgstr "Commands" + +#: ../../configuration/service/dhcp-server.rst:379 msgid "Common configuration, valid for both primary and secondary node." msgstr "Common configuration, valid for both primary and secondary node." @@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." #: ../../configuration/container/index.rst:12 -#: ../../configuration/firewall/zone.rst:47 +#: ../../configuration/firewall/global-options.rst:23 +#: ../../configuration/firewall/groups.rst:11 +#: ../../configuration/firewall/zone.rst:66 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3081,6 +3079,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 +#: ../../configuration/interfaces/openvpn.rst:585 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3090,7 +3089,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 #: ../../configuration/loadbalancing/reverse-proxy.rst:13 -#: ../../configuration/nat/nat44.rst:681 +#: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 #: ../../configuration/policy/community-list.rst:10 @@ -3101,7 +3100,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/policy/route-map.rst:10 #: ../../configuration/protocols/bfd.rst:143 #: ../../configuration/protocols/bgp.rst:164 -#: ../../configuration/protocols/igmp.rst:186 +#: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 @@ -3112,13 +3111,13 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/dhcp-relay.rst:19 #: ../../configuration/service/dhcp-relay.rst:137 #: ../../configuration/service/dhcp-server.rst:22 -#: ../../configuration/service/dhcp-server.rst:586 +#: ../../configuration/service/dhcp-server.rst:510 #: ../../configuration/service/dns.rst:8 -#: ../../configuration/service/dns.rst:214 +#: ../../configuration/service/dns.rst:227 #: ../../configuration/service/https.rst:14 #: ../../configuration/service/ipoe-server.rst:28 #: ../../configuration/service/lldp.rst:36 -#: ../../configuration/service/mdns.rst:18 +#: ../../configuration/service/mdns.rst:19 #: ../../configuration/service/ntp.rst:40 #: ../../configuration/service/pppoe-server.rst:17 #: ../../configuration/service/salt-minion.rst:25 @@ -3131,28 +3130,31 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/system/login.rst:241 #: ../../configuration/system/login.rst:310 #: ../../configuration/system/sflow.rst:12 +#: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 #: ../../configuration/vpn/dmvpn.rst:182 #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:65 #: ../../configuration/vrf/index.rst:16 #: ../../configuration/vrf/index.rst:253 -#: ../../configuration/vrf/index.rst:286 -#: ../../configuration/vrf/index.rst:434 +#: ../../configuration/vrf/index.rst:288 +#: ../../configuration/vrf/index.rst:436 msgid "Configuration" msgstr "Configuration" +#: ../../configuration/firewall/flowtables.rst:100 #: ../../configuration/protocols/babel.rst:188 -#: ../../configuration/protocols/ospf.rst:1314 +#: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 #: ../../configuration/system/login.rst:279 -#: ../../configuration/system/login.rst:348 +#: ../../configuration/system/login.rst:350 msgid "Configuration Example" msgstr "Configuration Example" -#: ../../configuration/nat/nat44.rst:313 +#: ../../configuration/nat/nat44.rst:325 +#: ../../configuration/nat/nat64.rst:38 #: ../../configuration/nat/nat66.rst:109 msgid "Configuration Examples" msgstr "Configuration Examples" @@ -3165,6 +3167,10 @@ msgstr "Configuration Guide" msgid "Configuration Options" msgstr "Configuration Options" +#: ../../configuration/firewall/global-options.rst:17 +msgid "Configuration commands covered in this section:" +msgstr "Configuration commands covered in this section:" + #: ../../configuration/vpn/ipsec.rst:284 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" @@ -3173,7 +3179,11 @@ msgstr "Configuration commands for the private and public key will be displayed msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" -#: ../../configuration/vrf/index.rst:428 +#: ../../configuration/firewall/bridge.rst:323 +msgid "Configuration example:" +msgstr "Configuration example:" + +#: ../../configuration/vrf/index.rst:430 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters." @@ -3181,11 +3191,11 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes msgid "Configuration of :ref:`routing-static`" msgstr "Configuration of :ref:`routing-static`" -#: ../../configuration/service/dhcp-server.rst:430 +#: ../../configuration/service/dhcp-server.rst:371 msgid "Configuration of a DHCP failover pair" msgstr "Configuration of a DHCP failover pair" -#: ../../configuration/vrf/index.rst:436 +#: ../../configuration/vrf/index.rst:438 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." @@ -3198,11 +3208,11 @@ msgstr "Configure" msgid "Configure BFD" msgstr "Configure BFD" -#: ../../configuration/service/dns.rst:245 +#: ../../configuration/service/dns.rst:258 msgid "Configure DNS `<record>` which should be updated. This can be set multiple times." msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times." -#: ../../configuration/service/dns.rst:240 +#: ../../configuration/service/dns.rst:253 msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." @@ -3224,59 +3234,42 @@ msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled, msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets." -#: ../../configuration/vpn/sstp.rst:203 +#: ../../configuration/vpn/sstp.rst:214 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configure RADIUS `<server>` and its required port for authentication requests." -#: ../../configuration/vpn/sstp.rst:207 +#: ../../configuration/vpn/sstp.rst:218 msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server." msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server." -#: ../../configuration/nat/nat44.rst:210 +#: ../../configuration/nat/nat44.rst:222 msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1." msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1." #: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 -#: ../../_include/interface-mtu.txt:4 msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." -#: ../../configuration/system/login.rst:373 +#: ../../configuration/system/login.rst:375 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configure `<message>` which is shown after user has logged in to the system." -#: ../../configuration/system/login.rst:368 +#: ../../configuration/system/login.rst:370 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." -#: ../../configuration/service/dns.rst:328 +#: ../../configuration/service/dns.rst:341 msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`." msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`." -#: ../../configuration/service/dns.rst:321 +#: ../../configuration/service/dns.rst:334 msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update." msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update." +#: ../../configuration/system/updates.rst:17 +msgid "Configure a URL that contains information about images." +msgstr "Configure a URL that contains information about images." + #: ../../configuration/system/flow-accounting.rst:158 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." @@ -3311,7 +3304,7 @@ msgstr "Configure agent IP address associated with this interface." msgid "Configure aggregation delay timer interval." msgstr "Configure aggregation delay timer interval." -#: ../../configuration/vpn/openconnect.rst:278 +#: ../../configuration/vpn/openconnect.rst:285 msgid "Configure an accounting server and enable accounting with:" msgstr "Configure an accounting server and enable accounting with:" @@ -3323,10 +3316,18 @@ msgstr "Configure and enable collection of flow information for the interface id msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`." +#: ../../configuration/system/updates.rst:12 +msgid "Configure auto-checking for new images" +msgstr "Configure auto-checking for new images" + #: ../../configuration/loadbalancing/reverse-proxy.rst:114 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Configure backend `<name>` mode TCP or HTTP" +#: ../../configuration/nat/nat66.rst:148 +msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" +msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" + #: ../../configuration/service/console-server.rst:49 msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured." msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured." @@ -3339,75 +3340,16 @@ msgstr "Configure either seven or eight data bits. This defaults to eight data b msgid "Configure individual bridge port `<priority>`." msgstr "Configure individual bridge port `<priority>`." -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 #: ../../configuration/interfaces/pppoe.rst:223 #: ../../configuration/interfaces/pppoe.rst:269 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 #: ../../configuration/interfaces/sstp-client.rst:95 #: ../../_include/interface-ip.txt:59 #: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 -#: ../../_include/interface-ip.txt:59 -#: ../../_include/interface-ipv6.txt:48 msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface." msgstr "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface." #: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address.txt:3 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address.txt:3 #: ../../_include/interface-address.txt:3 -#: ../../_include/interface-address.txt:3 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address.txt:3 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address.txt:3 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 -#: ../../_include/interface-address-with-dhcp.txt:5 msgid "Configure interface `<interface>` with one or more interface addresses." msgstr "Configure interface `<interface>` with one or more interface addresses." @@ -3439,7 +3381,7 @@ msgstr "Configure one or more attributes to the given NTP server." msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`." msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`." -#: ../../configuration/service/dns.rst:251 +#: ../../configuration/service/dns.rst:264 msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds." msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds." @@ -3452,14 +3394,10 @@ msgid "Configure physical interface speed setting." msgstr "Configure physical interface speed setting." #: ../../_include/interface-mirror.txt:16 -#: ../../_include/interface-mirror.txt:16 -#: ../../_include/interface-mirror.txt:16 msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`" msgstr "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`" #: ../../_include/interface-mirror.txt:28 -#: ../../_include/interface-mirror.txt:28 -#: ../../_include/interface-mirror.txt:28 msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`" msgstr "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`" @@ -3491,7 +3429,7 @@ msgstr "Configure service `<name>` mode TCP or HTTP" msgid "Configure service `<name>` to use the backend <name>" msgstr "Configure service `<name>` to use the backend <name>" -#: ../../configuration/system/login.rst:392 +#: ../../configuration/system/login.rst:394 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure session timeout after which the user will be logged out." @@ -3499,7 +3437,15 @@ msgstr "Configure session timeout after which the user will be logged out." msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." -#: ../../configuration/service/dns.rst:234 +#: ../../configuration/nat/nat66.rst:182 +msgid "Configure the A-side router for NPTv6 using the prefixes above:" +msgstr "Configure the A-side router for NPTv6 using the prefixes above:" + +#: ../../configuration/nat/nat66.rst:204 +msgid "Configure the B-side router for NPTv6 using the prefixes above:" +msgstr "Configure the B-side router for NPTv6 using the prefixes above:" + +#: ../../configuration/service/dns.rst:247 msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." @@ -3524,26 +3470,13 @@ msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." #: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 -#: ../../_include/interface-mac.txt:4 msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`." msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`." +#: ../../configuration/protocols/pim.rst:180 +msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups." +msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups." + #: ../../configuration/vrf/index.rst:28 msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Configured routing table `<id>` is used by VRF `<name>`." @@ -3556,7 +3489,7 @@ msgstr "Configured value" msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." -#: ../../configuration/vpn/openconnect.rst:272 +#: ../../configuration/vpn/openconnect.rst:279 msgid "Configuring RADIUS accounting" msgstr "Configuring RADIUS accounting" @@ -3569,11 +3502,15 @@ msgstr "Configuring a listen-address is essential for the service to work." msgid "Connect/Disconnect" msgstr "Connect/Disconnect" -#: ../../configuration/vpn/sstp.rst:144 +#: ../../configuration/vpn/sstp.rst:155 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." #: ../../configuration/protocols/rpki.rst:129 +msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." +msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." + +#: ../../configuration/protocols/rpki.rst:129 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3585,10 +3522,18 @@ msgstr "Conntrack" msgid "Conntrack Sync" msgstr "Conntrack Sync" -#: ../../configuration/service/conntrack-sync.rst:None +#: ../../configuration/service/conntrack-sync.rst:-1 msgid "Conntrack Sync Example" msgstr "Conntrack Sync Example" +#: ../../configuration/system/conntrack.rst:178 +msgid "Conntrack ignore rules" +msgstr "Conntrack ignore rules" + +#: ../../configuration/system/conntrack.rst:204 +msgid "Conntrack log" +msgstr "Conntrack log" + #: ../../configuration/system/syslog.rst:21 msgid "Console" msgstr "Console" @@ -3605,6 +3550,10 @@ msgstr "Constrain the memory available to the container." msgid "Container" msgstr "Container" +#: ../../configuration/system/conntrack.rst:65 +msgid "Contrack Timeouts" +msgstr "Contrack Timeouts" + #: ../../configuration/nat/nat66.rst:98 msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`" msgstr "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`" @@ -3629,11 +3578,11 @@ msgstr "Creat community-list policy identified by name <text>." msgid "Creat extcommunity-list policy identified by name <text>." msgstr "Creat extcommunity-list policy identified by name <text>." -#: ../../configuration/service/dhcp-server.rst:118 +#: ../../configuration/service/dhcp-server.rst:104 msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`." msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`." -#: ../../configuration/service/dhcp-server.rst:124 +#: ../../configuration/service/dhcp-server.rst:110 msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`." msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`." @@ -3657,16 +3606,11 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using msgid "Create a load balancing rule, it can be a number between 1 and 9999:" msgstr "Create a load balancing rule, it can be a number between 1 and 9999:" -#: ../../configuration/service/dhcp-server.rst:218 +#: ../../configuration/service/dhcp-server.rst:183 msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`." msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`." #: ../../_include/interface-vlan-8021q.txt:26 -#: ../../_include/interface-vlan-8021q.txt:26 -#: ../../_include/interface-vlan-8021q.txt:26 -#: ../../_include/interface-vlan-8021q.txt:26 -#: ../../_include/interface-vlan-8021q.txt:26 -#: ../../_include/interface-vlan-8021q.txt:26 msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." @@ -3714,6 +3658,22 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho msgid "Create as-path-policy identified by name <text>." msgstr "Create as-path-policy identified by name <text>." +#: ../../configuration/firewall/flowtables.rst:64 +msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." +msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." + +#: ../../configuration/firewall/flowtables.rst:95 +msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." +msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." + +#: ../../configuration/firewall/flowtables.rst:90 +msgid "Create firewall rule in forward chain, and set action to ``offload``." +msgstr "Create firewall rule in forward chain, and set action to ``offload``." + +#: ../../configuration/firewall/flowtables.rst:61 +msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." +msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." + #: ../../configuration/policy/large-community-list.rst:17 msgid "Create large-community-list policy identified by name <text>." msgstr "Create large-community-list policy identified by name <text>." @@ -3726,7 +3686,7 @@ msgstr "Create named `<alias>` for the configured static mapping for `<hostname> msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF." msgstr "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF." -#: ../../configuration/service/dns.rst:221 +#: ../../configuration/service/dns.rst:234 msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." @@ -3750,10 +3710,18 @@ msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broa msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Creating a bridge interface is very simple. In this example, we will have:" +#: ../../configuration/firewall/flowtables.rst:67 +msgid "Creating a flow table:" +msgstr "Creating a flow table:" + #: ../../configuration/trafficpolicy/index.rst:335 msgid "Creating a traffic policy" msgstr "Creating a traffic policy" +#: ../../configuration/firewall/flowtables.rst:85 +msgid "Creating rules for using flow tables:" +msgstr "Creating rules for using flow tables:" + #: ../../configuration/system/syslog.rst:178 msgid "Critical" msgstr "Critical" @@ -3794,15 +3762,27 @@ msgstr "Currently dynamic routing is supported for the following protocols:" msgid "Custom File" msgstr "Custom File" +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:65 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." + +#: ../../configuration/firewall/ipv6.rst:65 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." + #: ../../configuration/highavailability/index.rst:373 msgid "Custom health-check script allows checking real-server availability" msgstr "Custom health-check script allows checking real-server availability" -#: ../../configuration/system/conntrack.rst:167 +#: ../../configuration/system/conntrack.rst:180 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Customized ignore rules, based on a packet and flow selector." @@ -3822,20 +3802,19 @@ msgstr "DHCP Relay" msgid "DHCP Server" msgstr "DHCP Server" -#: ../../configuration/service/dhcp-server.rst:384 +#: ../../configuration/service/dhcp-server.rst:351 msgid "DHCP failover parameters" msgstr "DHCP failover parameters" -#: ../../configuration/service/dhcp-server.rst:374 +#: ../../configuration/service/dhcp-server.rst:341 msgid "DHCP lease range" msgstr "DHCP lease range" -#: ../../configuration/service/dhcp-server.rst:436 +#: ../../configuration/service/dhcp-server.rst:377 msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`" msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`" #: ../../configuration/service/dhcp-relay.rst:96 -#: ../../configuration/service/dhcp-relay.rst:96 msgid "DHCP relay example" msgstr "DHCP relay example" @@ -3843,20 +3822,19 @@ msgstr "DHCP relay example" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." -#: ../../configuration/service/dhcp-server.rst:654 +#: ../../configuration/service/dhcp-server.rst:584 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." -#: ../../configuration/service/dhcp-relay.rst:182 -#: ../../configuration/service/dhcp-relay.rst:182 +#: ../../configuration/service/dhcp-relay.rst:184 msgid "DHCPv6 relay example" msgstr "DHCPv6 relay example" -#: ../../configuration/service/dhcp-relay.rst:174 +#: ../../configuration/service/dhcp-relay.rst:176 msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``" msgstr "DHCPv6 requests are received by the router on `listening interface` ``eth1``" -#: ../../configuration/nat/nat44.rst:735 +#: ../../configuration/nat/nat44.rst:757 msgid "DH Group 14" msgstr "DH Group 14" @@ -3884,11 +3862,11 @@ msgstr "DNAT" msgid "DNAT66" msgstr "DNAT66" -#: ../../configuration/nat/nat44.rst:494 +#: ../../configuration/nat/nat44.rst:514 msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall." msgstr "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall." -#: ../../configuration/nat/nat44.rst:268 +#: ../../configuration/nat/nat44.rst:280 msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10" msgstr "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10" @@ -3909,11 +3887,11 @@ msgstr "DNS name servers" msgid "DNS search list to advertise" msgstr "DNS search list to advertise" -#: ../../configuration/service/dhcp-server.rst:294 +#: ../../configuration/service/dhcp-server.rst:261 msgid "DNS server IPv4 address" msgstr "DNS server IPv4 address" -#: ../../configuration/service/dhcp-server.rst:661 +#: ../../configuration/service/dhcp-server.rst:591 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS server is located at ``2001:db8::ffff``" @@ -3925,8 +3903,8 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/general.rst:714 -#: ../../configuration/firewall/general-legacy.rst:480 +#: ../../configuration/firewall/ipv4.rst:444 +#: ../../configuration/firewall/ipv6.rst:451 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." @@ -3943,28 +3921,13 @@ msgid "Default" msgstr "Default" #: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 -#: ../../_include/interface-ipv6.txt:94 msgid "Default: 1" msgstr "Default: 1" +#: ../../configuration/service/https.rst:42 +msgid "Default: 443" +msgstr "Default: 443" + #: ../../configuration/protocols/failover.rst:58 msgid "Default 1." msgstr "Default 1." @@ -3977,11 +3940,11 @@ msgstr "Default Gateway/Route" msgid "Default Router Preference" msgstr "Default Router Preference" -#: ../../configuration/vpn/sstp.rst:190 +#: ../../configuration/vpn/sstp.rst:201 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." -#: ../../configuration/service/dhcp-server.rst:433 +#: ../../configuration/service/dhcp-server.rst:374 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Default gateway and DNS server is at `192.0.2.254`" @@ -3998,25 +3961,6 @@ msgid "Default is ``icmp``." msgstr "Default is ``icmp``." #: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 -#: ../../_include/interface-disable-link-detect.txt:7 msgid "Default is to detects physical link state changes." msgstr "Default is to detects physical link state changes." @@ -4044,36 +3988,31 @@ msgstr "Define Conection Timeouts" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." -#: ../../configuration/firewall/general.rst:225 -#: ../../configuration/firewall/general-legacy.rst:201 +#: ../../configuration/firewall/groups.rst:52 msgid "Define a IPv4 or IPv6 Network group." msgstr "Define a IPv4 or IPv6 Network group." -#: ../../configuration/firewall/general.rst:201 -#: ../../configuration/firewall/general-legacy.rst:177 +#: ../../configuration/firewall/groups.rst:28 msgid "Define a IPv4 or a IPv6 address group" msgstr "Define a IPv4 or a IPv6 address group" -#: ../../configuration/firewall/zone.rst:59 +#: ../../configuration/firewall/zone.rst:78 msgid "Define a Zone" msgstr "Define a Zone" -#: ../../configuration/nat/nat44.rst:246 +#: ../../configuration/nat/nat44.rst:258 msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" -#: ../../configuration/firewall/general.rst:306 -#: ../../configuration/firewall/general-legacy.rst:261 +#: ../../configuration/firewall/groups.rst:133 msgid "Define a domain group." msgstr "Define a domain group." -#: ../../configuration/firewall/general.rst:288 -#: ../../configuration/firewall/general-legacy.rst:246 +#: ../../configuration/firewall/groups.rst:115 msgid "Define a mac group." msgstr "Define a mac group." -#: ../../configuration/firewall/general.rst:268 -#: ../../configuration/firewall/general-legacy.rst:226 +#: ../../configuration/firewall/groups.rst:95 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" @@ -4081,119 +4020,51 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." -#: ../../configuration/firewall/general.rst:245 +#: ../../configuration/firewall/groups.rst:72 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." #: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 -#: ../../_include/interface-ip.txt:85 msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." #: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 -#: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." #: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 -#: ../../_include/interface-ip.txt:121 msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:" msgstr "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:" #: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 -#: ../../_include/interface-ip.txt:101 msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface." msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface." -#: ../../configuration/firewall/general.rst:476 -#: ../../configuration/firewall/general-legacy.rst:361 +#: ../../configuration/firewall/flowtables.rst:71 +msgid "Define interfaces to be used in the flowtable." +msgstr "Define interfaces to be used in the flowtable." + +#: ../../configuration/firewall/bridge.rst:187 +#: ../../configuration/firewall/ipv4.rst:252 +#: ../../configuration/firewall/ipv6.rst:252 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." -#: ../../configuration/firewall/general.rst:450 -#: ../../configuration/firewall/general-legacy.rst:347 +#: ../../configuration/firewall/bridge.rst:173 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Define log-level. Only applicable if rule log is enable." -#: ../../configuration/firewall/general.rst:463 -#: ../../configuration/firewall/general-legacy.rst:354 +#: ../../configuration/firewall/bridge.rst:180 +#: ../../configuration/firewall/ipv4.rst:241 +#: ../../configuration/firewall/ipv6.rst:241 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Define log group to send message to. Only applicable if rule log is enable." -#: ../../configuration/firewall/general.rst:490 -#: ../../configuration/firewall/general-legacy.rst:369 +#: ../../configuration/firewall/bridge.rst:195 +#: ../../configuration/firewall/ipv4.rst:264 +#: ../../configuration/firewall/ipv6.rst:264 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." @@ -4201,15 +4072,19 @@ msgstr "Define number of packets to queue inside the kernel before sending them msgid "Define the time interval to update the local cache" msgstr "Define the time interval to update the local cache" -#: ../../configuration/firewall/zone.rst:70 +#: ../../configuration/firewall/zone.rst:89 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." +#: ../../configuration/firewall/flowtables.rst:80 +msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." +msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." + #: ../../configuration/protocols/rpki.rst:114 msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used." msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used." -#: ../../configuration/protocols/igmp.rst:202 +#: ../../configuration/protocols/igmp-proxy.rst:30 msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted." msgstr "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted." @@ -4233,7 +4108,7 @@ msgstr "Defines next-hop distance for this route, routes with smaller administra msgid "Defines protocols for checking ARP, ICMP, TCP" msgstr "Defines protocols for checking ARP, ICMP, TCP" -#: ../../configuration/vpn/sstp.rst:167 +#: ../../configuration/vpn/sstp.rst:178 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." @@ -4245,7 +4120,7 @@ msgstr "Defines the specified device as a system console. Available console devi msgid "Defining Peers" msgstr "Defining Peers" -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:579 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Delegate prefixes from the range indicated by the start and stop qualifier." @@ -4282,7 +4157,6 @@ msgid "Depending on the location, not all of these channels may be available for msgstr "Depending on the location, not all of these channels may be available for use!" #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/service/router-advert.rst:1 #: ../../configuration/system/syslog.rst:107 #: ../../configuration/system/syslog.rst:167 #: ../../configuration/trafficpolicy/index.rst:262 @@ -4297,11 +4171,11 @@ msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets msgid "Despite the fact that AD is a superset of LDAP" msgstr "Despite the fact that AD is a superset of LDAP" -#: ../../configuration/nat/nat44.rst:261 +#: ../../configuration/nat/nat44.rst:273 msgid "Destination Address" msgstr "Destination Address" -#: ../../configuration/nat/nat44.rst:492 +#: ../../configuration/nat/nat44.rst:512 msgid "Destination NAT" msgstr "Destination NAT" @@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r msgstr "Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6." #: ../../configuration/nat/nat44.rst:71 +#: ../../configuration/nat/nat64.rst:21 #: ../../configuration/nat/nat66.rst:18 msgid "Different NAT Types" msgstr "Different NAT Types" @@ -4350,7 +4225,8 @@ msgstr "Disable a BFD peer" msgid "Disable a container." msgstr "Disable a container." -#: ../../configuration/firewall/general.rst:1283 +#: ../../configuration/firewall/ipv4.rst:930 +#: ../../configuration/firewall/ipv6.rst:939 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4363,29 +4239,6 @@ msgid "Disable dhcpv6-relay service." msgstr "Disable dhcpv6-relay service." #: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 -#: ../../_include/interface-disable.txt:4 msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state." msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state." @@ -4397,6 +4250,10 @@ msgstr "Disable immediate session reset if peer's connected link goes down." msgid "Disable password based authentication. Login via SSH keys only. This hardens security!" msgstr "Disable password based authentication. Login via SSH keys only. This hardens security!" +#: ../../configuration/protocols/pim.rst:167 +msgid "Disable sending and receiving PIM control packets on the interface." +msgstr "Disable sending and receiving PIM control packets on the interface." + #: ../../configuration/service/ssh.rst:64 msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible." msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible." @@ -4413,7 +4270,7 @@ msgstr "Disable this IPv4 static route entry." msgid "Disable this IPv6 static route entry." msgstr "Disable this IPv6 static route entry." -#: ../../configuration/protocols/igmp.rst:228 +#: ../../configuration/protocols/igmp-proxy.rst:56 msgid "Disable this service." msgstr "Disable this service." @@ -4437,7 +4294,7 @@ msgstr "Disables interface-based IPv4 static route." msgid "Disables interface-based IPv6 static route." msgstr "Disables interface-based IPv6 static route." -#: ../../configuration/protocols/igmp.rst:215 +#: ../../configuration/protocols/igmp-proxy.rst:43 msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream." msgstr "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream." @@ -4534,25 +4391,6 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." #: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 -#: ../../_include/interface-ipv6.txt:37 msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." @@ -4565,25 +4403,6 @@ msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP se msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses." #: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 -#: ../../_include/interface-ip.txt:162 msgid "Does not need to be used together with proxy_arp." msgstr "Does not need to be used together with proxy_arp." @@ -4591,8 +4410,7 @@ msgstr "Does not need to be used together with proxy_arp." msgid "Domain" msgstr "Domain" -#: ../../configuration/firewall/general.rst:300 -#: ../../configuration/firewall/general-legacy.rst:255 +#: ../../configuration/firewall/groups.rst:127 msgid "Domain Groups" msgstr "Domain Groups" @@ -4600,7 +4418,7 @@ msgstr "Domain Groups" msgid "Domain Name" msgstr "Domain Name" -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:50 msgid "Domain name(s) for which to obtain certificate" msgstr "Domain name(s) for which to obtain certificate" @@ -4608,6 +4426,10 @@ msgstr "Domain name(s) for which to obtain certificate" msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters." msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters." +#: ../../configuration/pki/index.rst:259 +msgid "Domain names to apply, multiple domain-names can be specified." +msgstr "Domain names to apply, multiple domain-names can be specified." + #: ../../configuration/system/name-server.rst:13 #: ../../configuration/system/name-server.rst:45 msgid "Domain search order" @@ -4617,15 +4439,15 @@ msgstr "Domain search order" msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!" msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!" -#: ../../configuration/protocols/bgp.rst:1171 +#: ../../configuration/protocols/bgp.rst:1172 msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" -#: ../../configuration/protocols/bgp.rst:1125 +#: ../../configuration/protocols/bgp.rst:1126 msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**" -#: ../../configuration/vpn/site2site_ipsec.rst:295 +#: ../../configuration/vpn/site2site_ipsec.rst:299 msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links." msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links." @@ -4657,7 +4479,7 @@ msgstr "Drop rate" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" -#: ../../configuration/service/pppoe-server.rst:380 +#: ../../configuration/service/pppoe-server.rst:367 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" @@ -4665,7 +4487,7 @@ msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgid "Dummy" msgstr "Dummy" -#: ../../configuration/nat/nat44.rst:692 +#: ../../configuration/nat/nat44.rst:716 msgid "Dummy interface" msgstr "Dummy interface" @@ -4677,11 +4499,15 @@ msgstr "Dummy interfaces can be used as interfaces that always stay up (in the s msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." +#: ../../configuration/pki/index.rst:285 +msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" +msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" + #: ../../configuration/service/ssh.rst:113 msgid "Dynamic-protection" msgstr "Dynamic-protection" -#: ../../configuration/service/dns.rst:199 +#: ../../configuration/service/dns.rst:212 msgid "Dynamic DNS" msgstr "Dynamic DNS" @@ -4689,7 +4515,7 @@ msgstr "Dynamic DNS" msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." -#: ../../configuration/nat/nat44.rst:731 +#: ../../configuration/nat/nat44.rst:753 msgid "ESP Phase:" msgstr "ESP Phase:" @@ -4757,10 +4583,14 @@ msgstr "Each site-to-site peer has the next options:" msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:54 msgid "Email address to associate with certificate" msgstr "Email address to associate with certificate" +#: ../../configuration/pki/index.rst:265 +msgid "Email used for registration and recovery contact." +msgstr "Email used for registration and recovery contact." + #: ../../configuration/trafficpolicy/index.rst:300 msgid "Embedding one policy into another one" msgstr "Embedding one policy into another one" @@ -4809,6 +4639,10 @@ msgstr "Enable DHCP failover configuration for this address pool." msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" +#: ../../configuration/system/frr.rst:24 +msgid "Enable ICMP Router Discovery Protocol support" +msgstr "Enable ICMP Router Discovery Protocol support" + #: ../../configuration/interfaces/bridge.rst:81 msgid "Enable IGMP and MLD querier." msgstr "Enable IGMP and MLD querier." @@ -4817,23 +4651,23 @@ msgstr "Enable IGMP and MLD querier." msgid "Enable IGMP and MLD snooping." msgstr "Enable IGMP and MLD snooping." -#: ../../configuration/service/dhcp-server.rst:304 +#: ../../configuration/service/dhcp-server.rst:271 msgid "Enable IP forwarding on client" msgstr "Enable IP forwarding on client" -#: ../../configuration/protocols/isis.rst:311 +#: ../../configuration/protocols/isis.rst:339 msgid "Enable IS-IS" msgstr "Enable IS-IS" -#: ../../configuration/protocols/isis.rst:427 +#: ../../configuration/protocols/isis.rst:455 msgid "Enable IS-IS and IGP-LDP synchronization" msgstr "Enable IS-IS and IGP-LDP synchronization" -#: ../../configuration/protocols/isis.rst:386 +#: ../../configuration/protocols/isis.rst:414 msgid "Enable IS-IS and redistribute routes not natively in IS-IS" msgstr "Enable IS-IS and redistribute routes not natively in IS-IS" -#: ../../configuration/protocols/isis.rst:465 +#: ../../configuration/protocols/isis.rst:493 #: ../../configuration/protocols/segment-routing.rst:193 msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Enable IS-IS with Segment Routing (Experimental)" @@ -4883,6 +4717,10 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k msgid "Enable SNMP queries of the LLDP database" msgstr "Enable SNMP queries of the LLDP database" +#: ../../configuration/system/frr.rst:28 +msgid "Enable SNMP support for an individual routing daemon." +msgstr "Enable SNMP support for an individual routing daemon." + #: ../../configuration/interfaces/bridge.rst:197 #: ../../configuration/interfaces/bridge.rst:232 msgid "Enable STP" @@ -4900,6 +4738,14 @@ msgstr "Enable VHT TXOP Power Save Mode" msgid "Enable VLAN-Aware Bridge" msgstr "Enable VLAN-Aware Bridge" +#: ../../configuration/system/frr.rst:13 +msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support" +msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support" + +#: ../../configuration/service/https.rst:46 +msgid "Enable automatic redirect from http to https." +msgstr "Enable automatic redirect from http to https." + #: ../../configuration/vpn/dmvpn.rst:132 msgid "Enable creation of shortcut routes." msgstr "Enable creation of shortcut routes." @@ -4916,18 +4762,22 @@ msgstr "Enable given legacy protocol on this LLDP instance. Legacy protocols inc msgid "Enable layer 7 HTTP health check" msgstr "Enable layer 7 HTTP health check" -#: ../../configuration/firewall/general.rst:177 -#: ../../configuration/firewall/general-legacy.rst:126 +#: ../../configuration/firewall/bridge.rst:157 +#: ../../configuration/firewall/ipv4.rst:206 +#: ../../configuration/firewall/ipv6.rst:206 +msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." + +#: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" -#: ../../configuration/firewall/general.rst:169 -#: ../../configuration/firewall/general-legacy.rst:119 +#: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" -#: ../../configuration/firewall/general.rst:426 -#: ../../configuration/firewall/general-legacy.rst:340 +#: ../../configuration/firewall/ipv4.rst:173 +#: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Enable or disable logging for the matched packet." @@ -4935,28 +4785,9 @@ msgstr "Enable or disable logging for the matched packet." msgid "Enable ospf on an interface and set associated area." msgstr "Enable ospf on an interface and set associated area." -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 #: ../../configuration/interfaces/pppoe.rst:228 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 #: ../../configuration/interfaces/sstp-client.rst:100 #: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 -#: ../../_include/interface-ip.txt:177 msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." @@ -5002,18 +4833,22 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." -#: ../../configuration/vrf/index.rst:459 +#: ../../configuration/vrf/index.rst:461 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." -#: ../../configuration/vpn/sstp.rst:266 +#: ../../configuration/vpn/sstp.rst:277 msgid "Enables bandwidth shaping via RADIUS." msgstr "Enables bandwidth shaping via RADIUS." -#: ../../configuration/vrf/index.rst:481 +#: ../../configuration/vrf/index.rst:483 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Enables import or export of routes between the current unicast VRF and VPN." +#: ../../configuration/interfaces/vxlan.rst:72 +msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Enables the echo transmission mode" @@ -5022,7 +4857,7 @@ msgstr "Enables the echo transmission mode" msgid "Enabling Advertisments" msgstr "Enabling Advertisments" -#: ../../configuration/interfaces/openvpn.rst:627 +#: ../../configuration/interfaces/openvpn.rst:679 msgid "Enabling OpenVPN DCO" msgstr "Enabling OpenVPN DCO" @@ -5030,11 +4865,11 @@ msgstr "Enabling OpenVPN DCO" msgid "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22." msgstr "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22." -#: ../../configuration/protocols/igmp.rst:224 +#: ../../configuration/protocols/igmp-proxy.rst:52 msgid "Enabling this function increases the risk of bandwidth saturation." msgstr "Enabling this function increases the risk of bandwidth saturation." -#: ../../configuration/service/https.rst:37 +#: ../../configuration/service/https.rst:73 msgid "Enforce strict path checking" msgstr "Enforce strict path checking" @@ -5051,25 +4886,6 @@ msgid "Enterprise installations usually ship a kind of directory service which i msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." #: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 -#: ../../_include/interface-ip.txt:172 msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)" @@ -5090,15 +4906,6 @@ msgid "Ethernet" msgstr "Ethernet" #: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 -#: ../../_include/interface-disable-flow-control.txt:4 msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion." msgstr "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion." @@ -5130,7 +4937,7 @@ msgstr "Event handler script" msgid "Event handler that monitors the state of interface eth0." msgstr "Event handler that monitors the state of interface eth0." -#: ../../configuration/nat/nat44.rst:221 +#: ../../configuration/nat/nat44.rst:233 msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced." msgstr "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced." @@ -5162,441 +4969,90 @@ msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." +#: ../../configuration/firewall/bridge.rst:321 #: ../../configuration/highavailability/index.rst:397 #: ../../configuration/interfaces/bonding.rst:291 #: ../../configuration/interfaces/l2tpv3.rst:86 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 -#: ../../configuration/interfaces/vxlan.rst:166 +#: ../../configuration/interfaces/vxlan.rst:187 #: ../../configuration/interfaces/wwan.rst:294 #: ../../configuration/protocols/failover.rst:63 -#: ../../configuration/protocols/igmp.rst:35 -#: ../../configuration/protocols/igmp.rst:233 +#: ../../configuration/protocols/igmp-proxy.rst:61 +#: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:156 #: ../../configuration/service/broadcast-relay.rst:55 #: ../../configuration/service/conntrack-sync.rst:186 #: ../../configuration/service/dhcp-relay.rst:85 -#: ../../configuration/service/dhcp-relay.rst:172 -#: ../../configuration/service/dhcp-server.rst:421 -#: ../../configuration/service/dns.rst:147 -#: ../../configuration/service/dns.rst:263 +#: ../../configuration/service/dhcp-relay.rst:174 +#: ../../configuration/service/dhcp-server.rst:362 +#: ../../configuration/service/dns.rst:160 +#: ../../configuration/service/dns.rst:276 #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ipoe-server.rst:150 -#: ../../configuration/service/mdns.rst:34 +#: ../../configuration/service/mdns.rst:50 #: ../../configuration/service/monitoring.rst:134 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:395 +#: ../../configuration/system/login.rst:397 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 +#: ../../configuration/system/updates.rst:21 #: ../../configuration/trafficpolicy/index.rst:530 #: ../../configuration/trafficpolicy/index.rst:1122 #: ../../configuration/vpn/dmvpn.rst:161 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vpn/sstp.rst:275 +#: ../../configuration/vpn/sstp.rst:286 #: ../../configuration/vrf/index.rst:99 #: ../../configuration/vrf/index.rst:232 msgid "Example" msgstr "Example" -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/service/pppoe-server.rst:131 msgid "Example, from radius-server send command for disconnect client with username test" msgstr "Example, from radius-server send command for disconnect client with username test" -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address.txt:9 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-eapol.txt:18 -#: ../../_include/interface-eapol.txt:33 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address.txt:9 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-address.txt:9 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-address.txt:9 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-vrf.txt:9 #: ../../configuration/interfaces/pppoe.rst:127 #: ../../configuration/interfaces/pppoe.rst:140 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-vrf.txt:9 #: ../../configuration/interfaces/sstp-client.rst:49 #: ../../configuration/interfaces/sstp-client.rst:62 -#: ../../_include/interface-address.txt:9 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 +#: ../../configuration/nat/nat44.rst:170 +#: ../../configuration/nat/nat44.rst:185 +#: ../../configuration/nat/nat44.rst:199 +#: ../../configuration/nat/nat44.rst:220 +#: ../../configuration/nat/nat44.rst:256 +#: ../../configuration/nat/nat44.rst:278 +#: ../../configuration/nat/nat44.rst:425 +#: ../../configuration/nat/nat66.rst:78 +#: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/protocols/static.rst:174 +#: ../../configuration/service/dns.rst:363 +#: ../../configuration/service/monitoring.rst:69 +#: ../../configuration/service/monitoring.rst:98 +#: ../../configuration/service/ssh.rst:165 +#: ../../configuration/service/ssh.rst:200 +#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/vpn/l2tp.rst:41 +#: ../../configuration/vpn/site2site_ipsec.rst:162 +#: ../../configuration/vpn/site2site_ipsec.rst:273 #: ../../_include/interface-address-with-dhcp.txt:22 +#: ../../_include/interface-address.txt:9 #: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 #: ../../_include/interface-dhcp-options.txt:10 #: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-address.txt:9 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 +#: ../../_include/interface-dhcp-options.txt:39 +#: ../../_include/interface-dhcp-options.txt:51 +#: ../../_include/interface-dhcp-options.txt:62 +#: ../../_include/interface-dhcp-options.txt:77 +#: ../../_include/interface-dhcp-options.txt:91 #: ../../_include/interface-disable-flow-control.txt:19 #: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-per-client-thread.txt:10 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 #: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-flow-control.txt:19 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-per-client-thread.txt:10 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mac.txt:7 -#: ../../_include/interface-mtu.txt:7 +#: ../../_include/interface-eapol.txt:18 +#: ../../_include/interface-eapol.txt:33 #: ../../_include/interface-ip.txt:27 #: ../../_include/interface-ip.txt:50 #: ../../_include/interface-ip.txt:144 @@ -5606,120 +5062,22 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../_include/interface-ipv6.txt:51 #: ../../_include/interface-ipv6.txt:83 #: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 #: ../../_include/interface-mac.txt:7 #: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 -#: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../_include/interface-address-with-dhcp.txt:22 -#: ../../_include/interface-description.txt:7 -#: ../../_include/interface-disable.txt:7 -#: ../../_include/interface-disable-link-detect.txt:9 -#: ../../_include/interface-mtu.txt:7 -#: ../../_include/interface-ip.txt:27 -#: ../../_include/interface-ip.txt:50 -#: ../../_include/interface-ip.txt:144 -#: ../../_include/interface-ipv6.txt:15 -#: ../../_include/interface-ipv6.txt:28 -#: ../../_include/interface-ipv6.txt:39 -#: ../../_include/interface-ipv6.txt:51 -#: ../../_include/interface-ipv6.txt:83 -#: ../../_include/interface-ipv6.txt:96 +#: ../../_include/interface-per-client-thread.txt:10 #: ../../_include/interface-vrf.txt:9 -#: ../../_include/interface-dhcp-options.txt:10 -#: ../../_include/interface-dhcp-options.txt:22 -#: ../../_include/interface-dhcp-options.txt:34 -#: ../../_include/interface-dhcp-options.txt:46 -#: ../../_include/interface-dhcp-options.txt:57 -#: ../../_include/interface-dhcp-options.txt:72 -#: ../../configuration/nat/nat44.rst:153 -#: ../../configuration/nat/nat44.rst:163 -#: ../../configuration/nat/nat44.rst:173 -#: ../../configuration/nat/nat44.rst:187 -#: ../../configuration/nat/nat44.rst:208 -#: ../../configuration/nat/nat44.rst:244 -#: ../../configuration/nat/nat44.rst:266 -#: ../../configuration/nat/nat44.rst:411 -#: ../../configuration/nat/nat66.rst:78 -#: ../../configuration/nat/nat66.rst:96 -#: ../../configuration/protocols/static.rst:174 -#: ../../configuration/service/dns.rst:350 -#: ../../configuration/service/monitoring.rst:69 -#: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 -#: ../../configuration/vpn/l2tp.rst:41 -#: ../../configuration/vpn/site2site_ipsec.rst:158 -#: ../../configuration/vpn/site2site_ipsec.rst:269 msgid "Example:" msgstr "Example:" #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." -#: ../../configuration/nat/nat44.rst:357 +#: ../../configuration/nat/nat44.rst:371 msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended." msgstr "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended." #: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54 msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface." msgstr "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface." @@ -5769,24 +5127,24 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ` msgid "Example Configuration" msgstr "Example Configuration" -#: ../../configuration/service/dns.rst:365 +#: ../../configuration/service/dns.rst:378 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" -#: ../../configuration/nat/nat44.rst:666 +#: ../../configuration/nat/nat44.rst:690 msgid "Example Network" msgstr "Example Network" -#: ../../configuration/firewall/general.rst:1495 -#: ../../configuration/firewall/general-legacy.rst:979 +#: ../../configuration/firewall/ipv4.rst:1130 +#: ../../configuration/firewall/ipv6.rst:1153 msgid "Example Partial Config" msgstr "Example Partial Config" -#: ../../configuration/protocols/ospf.rst:1346 +#: ../../configuration/protocols/ospf.rst:1348 msgid "Example configuration for WireGuard interfaces:" msgstr "Example configuration for WireGuard interfaces:" -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/pppoe-server.rst:147 msgid "Example for changing rate-limit via RADIUS CoA." msgstr "Example for changing rate-limit via RADIUS CoA." @@ -5794,28 +5152,31 @@ msgstr "Example for changing rate-limit via RADIUS CoA." msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):" msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):" -#: ../../configuration/nat/nat44.rst:280 +#: ../../configuration/nat/nat44.rst:292 msgid "Example of redirection:" msgstr "Example of redirection:" -#: ../../configuration/firewall/general.rst:1278 +#: ../../configuration/firewall/ipv4.rst:925 +#: ../../configuration/firewall/ipv6.rst:934 msgid "Example synproxy" msgstr "Example synproxy" +#: ../../configuration/firewall/groups.rst:145 #: ../../configuration/interfaces/bridge.rst:187 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:187 #: ../../configuration/policy/index.rst:46 -#: ../../configuration/protocols/bgp.rst:1095 -#: ../../configuration/protocols/isis.rst:308 +#: ../../configuration/protocols/bgp.rst:1096 +#: ../../configuration/protocols/isis.rst:336 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:356 +#: ../../configuration/service/pppoe-server.rst:343 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Examples" -#: ../../configuration/vpn/site2site_ipsec.rst:153 +#: ../../configuration/nat/nat44.rst:154 +#: ../../configuration/vpn/site2site_ipsec.rst:157 msgid "Examples:" msgstr "Examples:" @@ -5847,11 +5208,15 @@ msgstr "Exit policy on match: go to rule <1-65535>" msgid "Expedited forwarding (EF)" msgstr "Expedited forwarding (EF)" +#: ../../configuration/firewall/flowtables.rst:140 +msgid "Explanation" +msgstr "Explanation" + #: ../../configuration/service/salt-minion.rst:33 msgid "Explicitly declare ID for this minion to use (default: hostname)" msgstr "Explicitly declare ID for this minion to use (default: hostname)" -#: ../../configuration/service/dhcp-relay.rst:176 +#: ../../configuration/service/dhcp-relay.rst:178 msgid "External DHCPv6 server is at 2001:db8::4" msgstr "External DHCPv6 server is at 2001:db8::4" @@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." +#: ../../configuration/system/frr.rst:5 +msgid "FRR" +msgstr "FRR" + #: ../../configuration/protocols/ospf.rst:213 msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution." msgstr "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution." -#: ../../configuration/interfaces/vxlan.rst:138 +#: ../../configuration/interfaces/vxlan.rst:159 msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." @@ -5905,8 +5274,8 @@ msgstr "Facility Code" #: ../../configuration/loadbalancing/wan.rst:218 #: ../../configuration/protocols/failover.rst:3 -#: ../../configuration/service/dhcp-server.rst:171 -#: ../../configuration/service/dhcp-server.rst:428 +#: ../../configuration/service/dhcp-server.rst:136 +#: ../../configuration/service/dhcp-server.rst:369 msgid "Failover" msgstr "Failover" @@ -5942,15 +5311,15 @@ msgstr "Features of the Current Implementation" msgid "Field" msgstr "Field" -#: ../../configuration/service/dns.rst:228 +#: ../../configuration/service/dns.rst:241 msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." -#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/service/pppoe-server.rst:228 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" -#: ../../configuration/service/pppoe-server.rst:167 +#: ../../configuration/service/pppoe-server.rst:154 msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request." msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request." @@ -5982,6 +5351,14 @@ msgstr "Firewall" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Firewall - IPv4 Rules" +msgstr "Firewall - IPv4 Rules" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Firewall - IPv6 Rules" +msgstr "Firewall - IPv6 Rules" + #: ../../configuration/firewall/general.rst:7 msgid "Firewall Configuration" msgstr "Firewall Configuration" @@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/general.rst:495 +#: ../../configuration/firewall/bridge.rst:199 +#: ../../configuration/firewall/ipv4.rst:268 +#: ../../configuration/firewall/ipv6.rst:268 msgid "Firewall Description" msgstr "Firewall Description" @@ -5999,7 +5378,9 @@ msgstr "Firewall Description" msgid "Firewall Exceptions" msgstr "Firewall Exceptions" -#: ../../configuration/firewall/general.rst:410 +#: ../../configuration/firewall/bridge.rst:149 +#: ../../configuration/firewall/ipv4.rst:196 +#: ../../configuration/firewall/ipv6.rst:196 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6007,6 +5388,14 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/groups.rst:7 +msgid "Firewall groups" +msgstr "Firewall groups" + +#: ../../configuration/firewall/groups.rst:13 +msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group." +msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group." + #: ../../configuration/firewall/general.rst:186 msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group." msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group." @@ -6023,10 +5412,14 @@ msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." -#: ../../configuration/nat/nat44.rst:620 +#: ../../configuration/nat/nat44.rst:644 msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules." msgstr "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules." +#: ../../configuration/nat/nat44.rst:572 +msgid "Firewall rules for Destination NAT" +msgstr "Firewall rules for Destination NAT" + #: ../../configuration/interfaces/wwan.rst:321 msgid "Firmware Update" msgstr "Firmware Update" @@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured." msgstr "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured." -#: ../../configuration/nat/nat44.rst:635 +#: ../../configuration/nat/nat44.rst:659 msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation." msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation." @@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu msgid "First steps" msgstr "First steps" -#: ../../configuration/vpn/openconnect.rst:171 +#: ../../configuration/vpn/openconnect.rst:178 msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "First the OTP keys must be generated and sent to the user and to the configuration:" @@ -6103,10 +5496,30 @@ msgstr "Flow and packet-based balancing" msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." +#: ../../configuration/firewall/flowtables.rst:57 +msgid "Flowtable Configuration" +msgstr "Flowtable Configuration" + +#: ../../configuration/firewall/flowtables.rst:7 +msgid "Flowtables Firewall Configuration" +msgstr "Flowtables Firewall Configuration" + +#: ../../configuration/firewall/flowtables.rst:32 +msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." +#: ../../configuration/service/ssh.rst:236 +msgid "Follow the SSH dynamic-protection log." +msgstr "Follow the SSH dynamic-protection log." + +#: ../../configuration/service/ssh.rst:228 +msgid "Follow the SSH server log." +msgstr "Follow the SSH server log." + #: ../../configuration/vpn/openconnect.rst:102 msgid "Follow the instructions to generate CA cert (in configuration mode):" msgstr "Follow the instructions to generate CA cert (in configuration mode):" @@ -6115,6 +5528,10 @@ msgstr "Follow the instructions to generate CA cert (in configuration mode):" msgid "Follow the instructions to generate server cert (in configuration mode):" msgstr "Follow the instructions to generate server cert (in configuration mode):" +#: ../../configuration/service/mdns.rst:91 +msgid "Follow the logs for mDNS repeater service." +msgstr "Follow the logs for mDNS repeater service." + #: ../../configuration/interfaces/openvpn.rst:258 msgid "For Encryption:" msgstr "For Encryption:" @@ -6131,11 +5548,11 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." -#: ../../configuration/service/pppoe-server.rst:201 +#: ../../configuration/service/pppoe-server.rst:188 msgid "For Local Users" msgstr "For Local Users" -#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:223 msgid "For RADIUS users" msgstr "For RADIUS users" @@ -6147,11 +5564,11 @@ msgstr "For USB port information please refor to: :ref:`hardware_usb`." msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created." msgstr "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created." -#: ../../configuration/nat/nat44.rst:263 +#: ../../configuration/nat/nat44.rst:275 msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command." msgstr "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command." -#: ../../configuration/nat/nat44.rst:228 +#: ../../configuration/nat/nat44.rst:240 msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." @@ -6163,7 +5580,7 @@ msgstr "For a headstart you can use the below example on how to build a bond,por msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." -#: ../../configuration/nat/nat44.rst:248 +#: ../../configuration/nat/nat44.rst:260 msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation" msgstr "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation" @@ -6187,7 +5604,9 @@ msgstr "For example:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" -#: ../../configuration/firewall/general.rst:320 +#: ../../configuration/firewall/bridge.rst:58 +#: ../../configuration/firewall/ipv4.rst:74 +#: ../../configuration/firewall/ipv6.rst:74 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." @@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_." msgstr "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:299 msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." -#: ../../configuration/interfaces/vxlan.rst:131 +#: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." @@ -6235,7 +5654,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead msgid "For outbound updates the order of preference is:" msgstr "For outbound updates the order of preference is:" -#: ../../configuration/firewall/general.rst:497 +#: ../../configuration/firewall/bridge.rst:201 +msgid "For reference, a description can be defined for every defined custom chain." +msgstr "For reference, a description can be defined for every defined custom chain." + +#: ../../configuration/firewall/ipv4.rst:270 +#: ../../configuration/firewall/ipv6.rst:270 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6279,10 +5703,28 @@ msgstr "For the sake of demonstration, `example #1 in the official documentation msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" +#: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" +msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" + +#: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." + +#: ../../configuration/firewall/ipv4.rst:46 +#: ../../configuration/firewall/ipv6.rst:46 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" +#: ../../configuration/firewall/ipv4.rst:36 +#: ../../configuration/firewall/ipv6.rst:36 +msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + #: ../../configuration/firewall/general.rst:62 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" @@ -6315,6 +5757,14 @@ msgstr "From :rfc:`1930`:" msgid "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature." msgstr "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature." +#: ../../configuration/firewall/bridge.rst:21 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:31 +msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + #: ../../configuration/highavailability/index.rst:380 msgid "Fwmark" msgstr "Fwmark" @@ -6369,6 +5819,10 @@ msgstr "General" msgid "General Configuration" msgstr "General Configuration" +#: ../../configuration/firewall/bridge.rst:291 +msgid "General commands for firewall configuration, counter and statiscits:" +msgstr "General commands for firewall configuration, counter and statiscits:" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Generate Keypair" @@ -6424,6 +5878,10 @@ msgstr "Get an overview over the encryption counters." msgid "Get detailed information about LLDP neighbors." msgstr "Get detailed information about LLDP neighbors." +#: ../../configuration/nat/nat66.rst:160 +msgid "Get the DHCPv6-PD prefixes from both routers:" +msgstr "Get the DHCPv6-PD prefixes from both routers:" + #: ../../configuration/protocols/rpki.rst:39 msgid "Getting started" msgstr "Getting started" @@ -6444,6 +5902,10 @@ msgstr "Gloabal" msgid "Global Options" msgstr "Global Options" +#: ../../configuration/firewall/global-options.rst:7 +msgid "Global Options Firewall Configuration" +msgstr "Global Options Firewall Configuration" + #: ../../configuration/highavailability/index.rst:224 msgid "Global options" msgstr "Global options" @@ -6465,7 +5927,6 @@ msgstr "Graceful Restart" msgid "Gratuitous ARP" msgstr "Gratuitous ARP" -#: ../../configuration/firewall/general.rst:184 #: ../../configuration/firewall/general-legacy.rst:153 msgid "Groups" msgstr "Groups" @@ -6482,7 +5943,11 @@ msgstr "HQ's router requires the following steps to generate crypto materials fo msgid "HTTP-API" msgstr "HTTP-API" -#: ../../configuration/service/dns.rst:304 +#: ../../configuration/service/https.rst:5 +msgid "HTTP API" +msgstr "HTTP API" + +#: ../../configuration/service/dns.rst:317 msgid "HTTP based services" msgstr "HTTP based services" @@ -6499,11 +5964,11 @@ msgstr "HTTP client" msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" -#: ../../configuration/nat/nat44.rst:398 +#: ../../configuration/nat/nat44.rst:412 msgid "Hairpin NAT/NAT Reflection" msgstr "Hairpin NAT/NAT Reflection" -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:573 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." @@ -6511,7 +5976,7 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe msgid "Handling and monitoring" msgstr "Handling and monitoring" -#: ../../configuration/nat/nat44.rst:389 +#: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." @@ -6527,15 +5992,15 @@ msgstr "Health check scripts" msgid "Health checks" msgstr "Health checks" -#: ../../configuration/nat/nat44.rst:602 +#: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" -#: ../../configuration/nat/nat44.rst:668 +#: ../../configuration/nat/nat44.rst:692 msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site." msgstr "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site." -#: ../../configuration/protocols/isis.rst:357 +#: ../../configuration/protocols/isis.rst:385 msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "Here's the IP routes that are populated. Just the loopback:" @@ -6563,37 +6028,22 @@ msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." -#: ../../configuration/protocols/isis.rst:523 +#: ../../configuration/firewall/groups.rst:150 +msgid "Here is an example were multiple groups are created:" +msgstr "Here is an example were multiple groups are created:" + +#: ../../configuration/protocols/isis.rst:551 #: ../../configuration/protocols/ospf.rst:1036 #: ../../configuration/protocols/segment-routing.rst:251 #: ../../configuration/protocols/segment-routing.rst:330 msgid "Here is the routing tables showing the MPLS segment routing label operations:" msgstr "Here is the routing tables showing the MPLS segment routing label operations:" -#: ../../configuration/nat/nat44.rst:633 +#: ../../configuration/nat/nat44.rst:657 msgid "Here we provide two examples on how to apply NAT Load Balance." msgstr "Here we provide two examples on how to apply NAT Load Balance." #: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 -#: ../../_include/interface-ip.txt:170 msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation" @@ -6624,7 +6074,7 @@ msgstr "Host Information" msgid "Host name" msgstr "Host name" -#: ../../configuration/service/dhcp-server.rst:698 +#: ../../configuration/service/dhcp-server.rst:630 msgid "Host specific mapping shall be named ``client1``" msgstr "Host specific mapping shall be named ``client1``" @@ -6677,17 +6127,10 @@ msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in msgstr "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network." #: ../../_include/interface-vlan-8021ad.txt:3 -#: ../../_include/interface-vlan-8021ad.txt:3 -#: ../../_include/interface-vlan-8021ad.txt:3 msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)." msgstr "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)." #: ../../_include/interface-vlan-8021q.txt:1 -#: ../../_include/interface-vlan-8021q.txt:1 -#: ../../_include/interface-vlan-8021q.txt:1 -#: ../../_include/interface-vlan-8021q.txt:1 -#: ../../_include/interface-vlan-8021q.txt:1 -#: ../../_include/interface-vlan-8021q.txt:1 msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol." msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol." @@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard tha msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation." msgstr "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation." -#: ../../configuration/protocols/igmp.rst:179 +#: ../../configuration/protocols/pim.rst:176 +msgid "IGMP - Internet Group Management Protocol)" +msgstr "IGMP - Internet Group Management Protocol)" + +#: ../../configuration/protocols/igmp-proxy.rst:7 msgid "IGMP Proxy" msgstr "IGMP Proxy" -#: ../../configuration/nat/nat44.rst:726 +#: ../../configuration/nat/nat44.rst:748 msgid "IKE Phase:" msgstr "IKE Phase:" @@ -6711,11 +6158,11 @@ msgstr "IKE (Internet Key Exchange) Attributes" msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" -#: ../../configuration/vpn/site2site_ipsec.rst:156 +#: ../../configuration/vpn/site2site_ipsec.rst:160 msgid "IKEv1" msgstr "IKEv1" -#: ../../configuration/vpn/site2site_ipsec.rst:267 +#: ../../configuration/vpn/site2site_ipsec.rst:271 msgid "IKEv2" msgstr "IKEv2" @@ -6739,11 +6186,11 @@ msgstr "IPIP6" msgid "IPSec:" msgstr "IPSec:" -#: ../../configuration/nat/nat44.rst:722 +#: ../../configuration/nat/nat44.rst:744 msgid "IPSec IKE and ESP" msgstr "IPSec IKE and ESP" -#: ../../configuration/nat/nat44.rst:687 +#: ../../configuration/nat/nat44.rst:711 msgid "IPSec IKE and ESP Groups;" msgstr "IPSec IKE and ESP Groups;" @@ -6751,19 +6198,19 @@ msgstr "IPSec IKE and ESP Groups;" msgid "IPSec IKEv2 Remote Access VPN" msgstr "IPSec IKEv2 Remote Access VPN" -#: ../../configuration/vpn/site2site_ipsec.rst:281 +#: ../../configuration/vpn/site2site_ipsec.rst:285 msgid "IPSec IKEv2 site2site VPN" msgstr "IPSec IKEv2 site2site VPN" -#: ../../configuration/vpn/site2site_ipsec.rst:281 +#: ../../configuration/vpn/site2site_ipsec.rst:285 msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)" msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)" -#: ../../configuration/nat/nat44.rst:758 +#: ../../configuration/nat/nat44.rst:780 msgid "IPSec VPN Tunnels" msgstr "IPSec VPN Tunnels" -#: ../../configuration/nat/nat44.rst:688 +#: ../../configuration/nat/nat44.rst:712 msgid "IPSec VPN tunnels." msgstr "IPSec VPN tunnels." @@ -6771,7 +6218,7 @@ msgstr "IPSec VPN tunnels." msgid "IP address" msgstr "IP address" -#: ../../configuration/service/dhcp-server.rst:237 +#: ../../configuration/service/dhcp-server.rst:202 msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" @@ -6780,19 +6227,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named msgid "IP address ``192.168.2.1/24``" msgstr "IP address ``192.168.2.1/24``" -#: ../../configuration/service/dhcp-server.rst:319 +#: ../../configuration/service/dhcp-server.rst:286 msgid "IP address for DHCP server identifier" msgstr "IP address for DHCP server identifier" -#: ../../configuration/service/dhcp-server.rst:309 +#: ../../configuration/service/dhcp-server.rst:276 msgid "IP address of NTP server" msgstr "IP address of NTP server" -#: ../../configuration/service/dhcp-server.rst:349 +#: ../../configuration/service/dhcp-server.rst:316 msgid "IP address of POP3 server" msgstr "IP address of POP3 server" -#: ../../configuration/service/dhcp-server.rst:344 +#: ../../configuration/service/dhcp-server.rst:311 msgid "IP address of SMTP server" msgstr "IP address of SMTP server" @@ -6808,7 +6255,7 @@ msgstr "IP address of route to match, based on prefix-list." msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." -#: ../../configuration/service/dhcp-server.rst:379 +#: ../../configuration/service/dhcp-server.rst:346 msgid "IP address to exclude from DHCP lease range" msgstr "IP address to exclude from DHCP lease range" @@ -6884,19 +6331,23 @@ msgstr "IPsec" msgid "IPsec policy matching GRE" msgstr "IPsec policy matching GRE" -#: ../../configuration/service/pppoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:346 msgid "IPv4" msgstr "IPv4" -#: ../../configuration/interfaces/vxlan.rst:85 +#: ../../configuration/interfaces/vxlan.rst:106 msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." -#: ../../configuration/service/dhcp-server.rst:324 +#: ../../configuration/firewall/ipv4.rst:7 +msgid "IPv4 Firewall Configuration" +msgstr "IPv4 Firewall Configuration" + +#: ../../configuration/service/dhcp-server.rst:291 msgid "IPv4 address of next bootstrap server" msgstr "IPv4 address of next bootstrap server" -#: ../../configuration/service/dhcp-server.rst:284 +#: ../../configuration/service/dhcp-server.rst:251 msgid "IPv4 address of router on the client's subnet" msgstr "IPv4 address of router on the client's subnet" @@ -6904,7 +6355,7 @@ msgstr "IPv4 address of router on the client's subnet" msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 or IPv6 source address of NetFlow packets" -#: ../../configuration/protocols/bgp.rst:1098 +#: ../../configuration/protocols/bgp.rst:1099 msgid "IPv4 peering" msgstr "IPv4 peering" @@ -6925,7 +6376,7 @@ msgid "IPv4 server" msgstr "IPv4 server" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/pppoe-server.rst:280 +#: ../../configuration/service/pppoe-server.rst:267 #: ../../configuration/system/ipv6.rst:3 msgid "IPv6" msgstr "IPv6" @@ -6942,11 +6393,15 @@ msgstr "IPv6 DHCPv6-PD Example" msgid "IPv6 DNS addresses are optional." msgstr "IPv6 DNS addresses are optional." +#: ../../configuration/firewall/ipv6.rst:7 +msgid "IPv6 Firewall Configuration" +msgstr "IPv6 Firewall Configuration" + #: ../../configuration/protocols/pim6.rst:5 msgid "IPv6 Multicast" msgstr "IPv6 Multicast" -#: ../../configuration/service/pppoe-server.rst:295 +#: ../../configuration/service/pppoe-server.rst:282 msgid "IPv6 Prefix Delegation" msgstr "IPv6 Prefix Delegation" @@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC and IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:696 +#: ../../configuration/service/dhcp-server.rst:628 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped" @@ -6978,11 +6433,11 @@ msgstr "IPv6 address of route to match, based on IPv6 prefix-list." msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.." -#: ../../configuration/service/pppoe-server.rst:283 +#: ../../configuration/service/pppoe-server.rst:270 msgid "IPv6 client's prefix assignment" msgstr "IPv6 client's prefix assignment" -#: ../../configuration/protocols/bgp.rst:1143 +#: ../../configuration/protocols/bgp.rst:1144 msgid "IPv6 peering" msgstr "IPv6 peering" @@ -6990,7 +6445,7 @@ msgstr "IPv6 peering" msgid "IPv6 prefix." msgstr "IPv6 prefix." -#: ../../configuration/service/dhcp-server.rst:697 +#: ../../configuration/service/dhcp-server.rst:629 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" @@ -7002,7 +6457,7 @@ msgstr "IPv6 relay" msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static." msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static." -#: ../../configuration/service/dhcp-server.rst:578 +#: ../../configuration/service/dhcp-server.rst:502 msgid "IPv6 server" msgstr "IPv6 server" @@ -7022,11 +6477,11 @@ msgstr "IS-IS Global Configuration" msgid "IS-IS SR Configuration" msgstr "IS-IS SR Configuration" -#: ../../configuration/service/dhcp-server.rst:266 +#: ../../configuration/service/dhcp-server.rst:233 msgid "ISC-DHCP Option name" msgstr "ISC-DHCP Option name" -#: ../../configuration/vpn/openconnect.rst:226 +#: ../../configuration/vpn/openconnect.rst:233 msgid "Identity Based Configuration" msgstr "Identity Based Configuration" @@ -7043,10 +6498,17 @@ msgid "If CA is present, this certificate will be included in generated CRLs" msgstr "If CA is present, this certificate will be included in generated CRLs" #: ../../_include/interface-per-client-thread.txt:8 -#: ../../_include/interface-per-client-thread.txt:8 msgid "If CLI option is not specified, this feature is disabled." msgstr "If CLI option is not specified, this feature is disabled." +#: ../../configuration/protocols/pim.rst:35 +msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used." +msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used." + +#: ../../configuration/protocols/pim.rst:42 +msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down." +msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down." + #: ../../configuration/protocols/bgp.rst:225 msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side." msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side." @@ -7072,7 +6534,9 @@ msgstr "If a response is heard, the lease is abandoned, and the server does not msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." -#: ../../configuration/firewall/general.rst:329 +#: ../../configuration/firewall/bridge.rst:67 +#: ../../configuration/firewall/ipv4.rst:83 +#: ../../configuration/firewall/ipv6.rst:83 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." @@ -7088,72 +6552,19 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918 msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 -#: ../../_include/interface-ip.txt:72 +#: ../../configuration/protocols/pim.rst:106 +msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." +msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." + #: ../../_include/interface-ip.txt:72 msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded." msgstr "If configured, incoming IP directed broadcast packets on this interface will be forwarded." #: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 -#: ../../_include/interface-ip.txt:124 msgid "If configured, reply only if the target IP address is local address configured on the incoming interface." msgstr "If configured, reply only if the target IP address is local address configured on the incoming interface." #: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 -#: ../../_include/interface-ip.txt:106 msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2." msgstr "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2." @@ -7161,7 +6572,7 @@ msgstr "If configured, try to avoid local addresses that are not in the target's msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." -#: ../../configuration/nat/nat44.rst:542 +#: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." @@ -7169,7 +6580,15 @@ msgstr "If forwarding traffic to a different port than it is arriving on, you ma msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." -#: ../../configuration/protocols/igmp.rst:221 +#: ../../configuration/firewall/index.rst:82 +msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:" +msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:" + +#: ../../configuration/firewall/index.rst:25 +msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + +#: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." @@ -7193,7 +6612,7 @@ msgstr "If multi-pathing is enabled, then check whether the routes not yet disti msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background." msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background." -#: ../../configuration/nat/nat44.rst:205 +#: ../../configuration/nat/nat44.rst:217 msgid "If no destination is specified the rule will match on any destination address and port." msgstr "If no destination is specified the rule will match on any destination address and port." @@ -7206,52 +6625,18 @@ msgid "If no option is specified, this defaults to `all`." msgstr "If no option is specified, this defaults to `all`." #: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 -#: ../../_include/interface-ip.txt:42 msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)." msgstr "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)." +#: ../../configuration/protocols/pim.rst:142 +msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface." +msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface." + #: ../../configuration/system/ip.rst:17 msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." #: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 -#: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." @@ -7260,25 +6645,6 @@ msgid "If suffix is omitted, minutes are implied." msgstr "If suffix is omitted, minutes are implied." #: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 -#: ../../_include/interface-ip.txt:91 msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off." msgstr "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off." @@ -7318,6 +6684,14 @@ msgstr "If the average queue size is lower than the **min-threshold**, an arrivi msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." +#: ../../configuration/firewall/index.rst:83 +msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" + +#: ../../configuration/firewall/index.rst:26 +msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" + #: ../../configuration/interfaces/bonding.rst:187 #: ../../configuration/interfaces/bonding.rst:216 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." @@ -7339,7 +6713,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." -#: ../../configuration/vpn/site2site_ipsec.rst:237 +#: ../../configuration/vpn/site2site_ipsec.rst:241 msgid "If there is SNAT rules on eth1, need to add exclude rule" msgstr "If there is SNAT rules on eth1, need to add exclude rule" @@ -7348,7 +6722,7 @@ msgstr "If there is SNAT rules on eth1, need to add exclude rule" msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:" msgstr "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:" -#: ../../configuration/service/dhcp-relay.rst:166 +#: ../../configuration/service/dhcp-relay.rst:168 msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use." msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use." @@ -7356,53 +6730,15 @@ msgstr "If this is set the relay agent will insert the interface ID. This option msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." -#: ../../configuration/vpn/sstp.rst:172 +#: ../../configuration/vpn/sstp.rst:183 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." #: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 -#: ../../_include/interface-ip.txt:75 msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded." msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded." #: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 -#: ../../_include/interface-ip.txt:127 msgid "If this option is unset (default), reply for any local target IP address, configured on any interface." msgstr "If this option is unset (default), reply for any local target IP address, configured on any interface." @@ -7422,7 +6758,7 @@ msgstr "If unset, incoming connections to the RADIUS server will use the nearest msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." -#: ../../configuration/nat/nat44.rst:788 +#: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "If you've completed all the above steps you no doubt want to see if it's all working." @@ -7473,6 +6809,10 @@ msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceilin msgid "If you enable this, you will probably want to set diversity-factor and channel below." msgstr "If you enable this, you will probably want to set diversity-factor and channel below." +#: ../../configuration/protocols/pim.rst:54 +msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." +msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." + #: ../../configuration/interfaces/bonding.rst:312 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." @@ -7493,6 +6833,10 @@ msgstr "If you have a lot of interfaces, and/or a lot of subnets, then enabling msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic." msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic." +#: ../../configuration/protocols/pim.rst:171 +msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." +msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." + #: ../../configuration/system/flow-accounting.rst:65 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" @@ -7541,7 +6885,7 @@ msgstr "Ignore VRRP main interface faults" msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License" msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License" -#: ../../configuration/vpn/site2site_ipsec.rst:275 +#: ../../configuration/vpn/site2site_ipsec.rst:279 msgid "Imagine the following topology" msgstr "Imagine the following topology" @@ -7574,35 +6918,14 @@ msgid "In VyOS, a class is identified by a number you can choose when configurin msgstr "In VyOS, a class is identified by a number you can choose when configuring it." #: ../../_include/interface-vlan-8021ad.txt:22 -#: ../../_include/interface-vlan-8021ad.txt:22 -#: ../../_include/interface-vlan-8021ad.txt:22 msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used." msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used." #: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 -#: ../../_include/interface-ip.txt:166 msgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "In :rfc:`3069` it is called VLAN Aggregation" -#: ../../configuration/firewall/zone.rst:41 +#: ../../configuration/firewall/zone.rst:60 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." @@ -7611,8 +6934,6 @@ msgid "In a minimal configuration, the following must be provided:" msgstr "In a minimal configuration, the following must be provided:" #: ../../_include/interface-vlan-8021ad.txt:16 -#: ../../_include/interface-vlan-8021ad.txt:16 -#: ../../_include/interface-vlan-8021ad.txt:16 msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)." msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)." @@ -7632,15 +6953,9 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server." -#: ../../configuration/pki/pki_cli_import_help.txt:1 -#: ../../configuration/pki/pki_cli_import_help.txt:1 -#: ../../configuration/pki/pki_cli_import_help.txt:1 -#: ../../configuration/pki/pki_cli_import_help.txt:1 -#: ../../configuration/pki/pki_cli_import_help.txt:1 -#: ../../configuration/pki/pki_cli_import_help.txt:1 -#: ../../configuration/pki/pki_cli_import_help.txt:1 #: ../../configuration/pki/index.rst:144 #: ../../configuration/pki/index.rst:159 +#: ../../configuration/pki/pki_cli_import_help.txt:1 msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode." msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode." @@ -7656,8 +6971,7 @@ msgstr "In addition you will specifiy the IP address or FQDN for the client wher msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." -#: ../../configuration/firewall/general.rst:194 -#: ../../configuration/firewall/general-legacy.rst:170 +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "In an **address group** a single IP address or IP address ranges are defined." @@ -7681,6 +6995,10 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" +#: ../../configuration/firewall/bridge.rst:70 +msgid "In firewall bridge rules, the action can be:" +msgstr "In firewall bridge rules, the action can be:" + #: ../../configuration/protocols/ospf.rst:339 msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." @@ -7693,7 +7011,7 @@ msgstr "In large deployments it is not reasonable to configure each user individ msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." -#: ../../configuration/service/dhcp-server.rst:196 +#: ../../configuration/service/dhcp-server.rst:161 msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly." msgstr "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly." @@ -7721,42 +7039,35 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:623 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." +#: ../../configuration/interfaces/vxlan.rst:82 +msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." +msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." + #: ../../configuration/trafficpolicy/index.rst:402 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." +#: ../../configuration/protocols/pim.rst:87 +msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." -#: ../../configuration/nat/nat44.rst:382 +#: ../../configuration/firewall/flowtables.rst:59 +msgid "In order to use flowtables, the minimal configuration needed includes:" +msgstr "In order to use flowtables, the minimal configuration needed includes:" + +#: ../../configuration/nat/nat44.rst:396 msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection." msgstr "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection." #: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 -#: ../../_include/interface-ip.txt:47 msgid "In other words it allows control of which cards (usually 1) will respond to an arp request." msgstr "In other words it allows control of which cards (usually 1) will respond to an arp request." @@ -7764,7 +7075,7 @@ msgstr "In other words it allows control of which cards (usually 1) will respond msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration." msgstr "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration." -#: ../../configuration/nat/nat44.rst:507 +#: ../../configuration/nat/nat44.rst:527 msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" @@ -7812,15 +7123,15 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." -#: ../../configuration/service/pppoe-server.rst:272 +#: ../../configuration/service/pppoe-server.rst:259 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." -#: ../../configuration/nat/nat44.rst:321 +#: ../../configuration/nat/nat44.rst:333 msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" -#: ../../configuration/system/login.rst:397 +#: ../../configuration/system/login.rst:399 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." @@ -7832,7 +7143,7 @@ msgstr "In the following example, the IPs for the remote clients are defined in msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:" msgstr "In the following example, when VLAN9 transitions, VLAN20 will also transition:" -#: ../../configuration/protocols/igmp.rst:37 +#: ../../configuration/protocols/pim.rst:219 msgid "In the following example we can see a basic multicast setup:" msgstr "In the following example we can see a basic multicast setup:" @@ -7856,11 +7167,11 @@ msgstr "In this command tree, all hardware acceleration options will be handled. msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" -#: ../../configuration/nat/nat44.rst:344 +#: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." -#: ../../configuration/nat/nat44.rst:498 +#: ../../configuration/nat/nat44.rst:518 msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "In this example, we will be using the example Quick Start configuration above as a starting point." @@ -7880,10 +7191,38 @@ msgstr "In this example we will use the most complicated case: a setup where eac msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default." msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default." -#: ../../configuration/service/dns.rst:152 +#: ../../configuration/service/dns.rst:165 msgid "In this scenario:" msgstr "In this scenario:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:25 +msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:289 +msgid "In this section you can find all useful firewall op-mode commands." +msgstr "In this section you can find all useful firewall op-mode commands." + #: ../../configuration/service/webproxy.rst:95 msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers." msgstr "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers." @@ -7896,7 +7235,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." -#: ../../configuration/firewall/zone.rst:24 +#: ../../configuration/firewall/zone.rst:43 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -7916,11 +7255,11 @@ msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octet msgid "Indication" msgstr "Indication" -#: ../../configuration/service/dhcp-server.rst:84 +#: ../../configuration/service/dhcp-server.rst:64 msgid "Individual Client Subnet" msgstr "Individual Client Subnet" -#: ../../configuration/service/dhcp-server.rst:54 +#: ../../configuration/service/dhcp-server.rst:49 msgid "Inform client that the DNS server can be found at `<address>`." msgstr "Inform client that the DNS server can be found at `<address>`." @@ -7940,53 +7279,19 @@ msgstr "Informational messages" msgid "Input from `eth0` network interface" msgstr "Input from `eth0` network interface" +#: ../../configuration/firewall/bridge.rst:390 +msgid "Inspect logs:" +msgstr "Inspect logs:" + #: ../../configuration/vpn/pptp.rst:32 msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Install the client software via apt and execute pptpsetup to generate the configuration." -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 #: ../../configuration/interfaces/sstp-client.rst:90 #: ../../_include/interface-ip.txt:15 #: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 -#: ../../_include/interface-ip.txt:15 -#: ../../_include/interface-ipv6.txt:71 msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value." msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value." @@ -7995,21 +7300,6 @@ msgid "Instead of password only authentication, 2FA password authentication + OT msgstr "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:" #: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 -#: ../../_include/interface-dhcp-options.txt:19 msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value." msgstr "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value." @@ -8035,7 +7325,7 @@ msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 1 msgid "Interface Configuration" msgstr "Interface Configuration" -#: ../../configuration/firewall/general.rst:239 +#: ../../configuration/firewall/groups.rst:66 msgid "Interface Groups" msgstr "Interface Groups" @@ -8043,7 +7333,7 @@ msgstr "Interface Groups" msgid "Interface Routes" msgstr "Interface Routes" -#: ../../configuration/protocols/igmp.rst:235 +#: ../../configuration/protocols/igmp-proxy.rst:63 msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy." msgstr "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy." @@ -8059,11 +7349,16 @@ msgstr "Interface for DHCP Relay Agent to forward requests out." msgid "Interface for DHCP Relay Agent to listen for requests." msgstr "Interface for DHCP Relay Agent to listen for requests." +#: ../../configuration/protocols/pim.rst:133 +#: ../../configuration/protocols/pim.rst:186 +msgid "Interface specific commands" +msgstr "Interface specific commands" + #: ../../configuration/service/conntrack-sync.rst:71 msgid "Interface to use for syncing conntrack entries." msgstr "Interface to use for syncing conntrack entries." -#: ../../configuration/interfaces/vxlan.rst:93 +#: ../../configuration/interfaces/vxlan.rst:114 msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface." msgstr "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface." @@ -8133,6 +7428,10 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" +#: ../../configuration/firewall/flowtables.rst:167 +msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" +msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" + #: ../../configuration/system/option.rst:111 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." @@ -8150,7 +7449,7 @@ msgstr "It generates the keypair, which includes the public and private parts. T msgid "It helps to support as HELPER only for planned restarts." msgstr "It helps to support as HELPER only for planned restarts." -#: ../../configuration/firewall/zone.rst:87 +#: ../../configuration/firewall/zone.rst:106 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" @@ -8158,7 +7457,7 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "It is compatible with Cisco (R) AnyConnect (R) clients." -#: ../../configuration/service/dhcp-server.rst:660 +#: ../../configuration/service/dhcp-server.rst:590 msgid "It is connected to ``eth1``" msgstr "It is connected to ``eth1``" @@ -8170,11 +7469,15 @@ msgstr "It is highly recommended to use SSH key authentication. By default there msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration." msgstr "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration." +#: ../../configuration/nat/nat44.rst:574 +msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." +msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." + #: ../../configuration/nat/nat44.rst:549 msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." -#: ../../configuration/vrf/index.rst:503 +#: ../../configuration/vrf/index.rst:505 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." @@ -8190,7 +7493,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." -#: ../../configuration/vrf/index.rst:494 +#: ../../configuration/vrf/index.rst:496 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8211,22 +7514,6 @@ msgid "It uses a stochastic model to classify incoming packets into different fl msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." #: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30 msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." @@ -8258,11 +7545,11 @@ msgstr "Key Generation" msgid "Key Management" msgstr "Key Management" -#: ../../configuration/vpn/site2site_ipsec.rst:374 +#: ../../configuration/vpn/site2site_ipsec.rst:383 msgid "Key Parameters:" msgstr "Key Parameters:" -#: ../../configuration/firewall/zone.rst:31 +#: ../../configuration/firewall/zone.rst:50 msgid "Key Points:" msgstr "Key Points:" @@ -8319,7 +7606,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`." msgid "L2TPv3 options" msgstr "L2TPv3 options" -#: ../../configuration/vrf/index.rst:397 +#: ../../configuration/vrf/index.rst:399 msgid "L3VPN VRFs" msgstr "L3VPN VRFs" @@ -8360,19 +7647,19 @@ msgstr "Label Distribution Protocol" msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." -#: ../../configuration/service/dhcp-server.rst:663 +#: ../../configuration/service/dhcp-server.rst:593 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Lease time will be left at the default value which is 24 hours" -#: ../../configuration/service/dhcp-server.rst:369 +#: ../../configuration/service/dhcp-server.rst:336 msgid "Lease timeout in seconds (default: 86400)" msgstr "Lease timeout in seconds (default: 86400)" -#: ../../configuration/firewall/index.rst:47 +#: ../../configuration/firewall/index.rst:167 msgid "Legacy Firewall" msgstr "Legacy Firewall" -#: ../../configuration/interfaces/vxlan.rst:112 +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." @@ -8404,7 +7691,7 @@ msgstr "Level 4 balancing" msgid "Lifetime associated with the default router in units of seconds" msgstr "Lifetime associated with the default router in units of seconds" -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:63 msgid "Lifetime in days; default is 365" msgstr "Lifetime in days; default is 365" @@ -8436,7 +7723,7 @@ msgstr "Limiter" msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:381 msgid "Limits" msgstr "Limits" @@ -8452,7 +7739,7 @@ msgstr "Link MTU value placed in RAs, exluded in RAs if unset" msgid "Link aggregation" msgstr "Link aggregation" -#: ../../configuration/nat/nat44.rst:372 +#: ../../configuration/nat/nat44.rst:386 msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)." msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)." @@ -8480,7 +7767,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" -#: ../../configuration/policy/route-map.rst:360 +#: ../../configuration/policy/route-map.rst:362 msgid "List of well-known communities" msgstr "List of well-known communities" @@ -8504,15 +7791,15 @@ msgstr "Load-balancing algorithms to be used for distributind requests among the msgid "Load-balancing schedule algorithm:" msgstr "Load-balancing schedule algorithm:" -#: ../../configuration/nat/nat44.rst:632 +#: ../../configuration/nat/nat44.rst:656 msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:256 +#: ../../configuration/service/pppoe-server.rst:243 msgid "Load Balancing" msgstr "Load Balancing" -#: ../../configuration/system/login.rst:420 +#: ../../configuration/system/login.rst:422 msgid "Load the container image in op-mode." msgstr "Load the container image in op-mode." @@ -8529,7 +7816,7 @@ msgstr "Local Configuration:" msgid "Local Configuration - Annotated:" msgstr "Local Configuration - Annotated:" -#: ../../configuration/service/dhcp-server.rst:178 +#: ../../configuration/service/dhcp-server.rst:143 msgid "Local IP `<address>` used when communicating to the failover peer." msgstr "Local IP `<address>` used when communicating to the failover peer." @@ -8609,7 +7896,7 @@ msgstr "Log syslog messages to file specified via `<filename>`, for an explanati msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/conntrack.rst:187 +#: ../../configuration/system/conntrack.rst:224 msgid "Log the connection tracking events per protocol." msgstr "Log the connection tracking events per protocol." @@ -8617,7 +7904,9 @@ msgstr "Log the connection tracking events per protocol." msgid "Logging" msgstr "Logging" -#: ../../configuration/firewall/general.rst:412 +#: ../../configuration/firewall/bridge.rst:151 +#: ../../configuration/firewall/ipv4.rst:198 +#: ../../configuration/firewall/ipv6.rst:198 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." @@ -8629,14 +7918,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact, msgid "Login/User Management" msgstr "Login/User Management" -#: ../../configuration/system/login.rst:361 +#: ../../configuration/system/login.rst:363 msgid "Login Banner" msgstr "Login Banner" -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:383 msgid "Login limits" msgstr "Login limits" +#: ../../configuration/protocols/isis.rst:306 +msgid "Loop Free Alternate (LFA)" +msgstr "Loop Free Alternate (LFA)" + #: ../../configuration/interfaces/loopback.rst:7 msgid "Loopback" msgstr "Loopback" @@ -8660,8 +7953,7 @@ msgstr "MAC/PHY information" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - Pseudo Ethernet" -#: ../../configuration/firewall/general.rst:282 -#: ../../configuration/firewall/general-legacy.rst:240 +#: ../../configuration/firewall/groups.rst:109 msgid "MAC Groups" msgstr "MAC Groups" @@ -8701,52 +7993,14 @@ msgstr "MPLS" msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)." msgstr "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)." -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 #: ../../configuration/interfaces/pppoe.rst:215 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 #: ../../configuration/interfaces/sstp-client.rst:87 #: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 -#: ../../_include/interface-ip.txt:12 msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU." msgstr "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU." -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 #: ../../configuration/interfaces/pppoe.rst:261 #: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 -#: ../../_include/interface-ipv6.txt:68 msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU." msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU." @@ -8758,11 +8012,19 @@ msgstr "MTU" msgid "Mail system" msgstr "Mail system" +#: ../../configuration/firewall/index.rst:20 +msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:" +msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:" + +#: ../../configuration/firewall/index.rst:91 +msgid "Main structure VyOS firewall cli is shown next:" +msgstr "Main structure VyOS firewall cli is shown next:" + #: ../../configuration/firewall/general.rst:20 msgid "Main structure is shown next:" msgstr "Main structure is shown next:" -#: ../../configuration/service/pppoe-server.rst:308 +#: ../../configuration/service/pppoe-server.rst:295 msgid "Maintenance mode" msgstr "Maintenance mode" @@ -8786,11 +8048,15 @@ msgstr "Mandatory Settings" msgid "Manual Neighbor Configuration" msgstr "Manual Neighbor Configuration" -#: ../../configuration/interfaces/vxlan.rst:150 +#: ../../configuration/pki/index.rst:336 +msgid "Manually trigger certificate renewal. This will be done twice a day." +msgstr "Manually trigger certificate renewal. This will be done twice a day." + +#: ../../configuration/interfaces/vxlan.rst:171 msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/vpn/sstp.rst:212 +#: ../../configuration/vpn/sstp.rst:223 msgid "Mark RADIUS server as offline for this given `<time>` in seconds." msgstr "Mark RADIUS server as offline for this given `<time>` in seconds." @@ -8810,7 +8076,8 @@ msgstr "Match BGP large communities." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/general.rst:710 +#: ../../configuration/firewall/ipv4.rst:440 +#: ../../configuration/firewall/ipv6.rst:447 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -8822,18 +8089,18 @@ msgstr "Match RPKI validation result." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/general.rst:1091 -#: ../../configuration/firewall/general-legacy.rst:671 +#: ../../configuration/firewall/ipv4.rst:773 +#: ../../configuration/firewall/ipv6.rst:783 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/general.rst:1158 -#: ../../configuration/firewall/general-legacy.rst:709 +#: ../../configuration/firewall/ipv4.rst:831 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match against the state of a packet." msgstr "Match against the state of a packet." -#: ../../configuration/firewall/general.rst:924 -#: ../../configuration/firewall/general-legacy.rst:590 +#: ../../configuration/firewall/ipv4.rst:620 +#: ../../configuration/firewall/ipv6.rst:630 msgid "Match based on dscp value." msgstr "Match based on dscp value." @@ -8841,18 +8108,28 @@ msgstr "Match based on dscp value." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/general.rst:937 -#: ../../configuration/firewall/general-legacy.rst:597 +#: ../../configuration/firewall/ipv4.rst:631 +#: ../../configuration/firewall/ipv6.rst:641 msgid "Match based on fragment criteria." msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/general.rst:956 -#: ../../configuration/firewall/general-legacy.rst:604 +#: ../../configuration/firewall/ipv4.rst:642 +msgid "Match based on icmp code and type." +msgstr "Match based on icmp code and type." + +#: ../../configuration/firewall/ipv4.rst:653 +msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:663 +msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:652 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Match based on icmp|icmpv6 code and type." -#: ../../configuration/firewall/general.rst:975 #: ../../configuration/firewall/general-legacy.rst:610 msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." @@ -8869,8 +8146,20 @@ msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. Fo msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:1013 -#: ../../configuration/firewall/general-legacy.rst:630 +#: ../../configuration/firewall/bridge.rst:239 +#: ../../configuration/firewall/ipv4.rst:663 +#: ../../configuration/firewall/ipv6.rst:673 +msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" + +#: ../../configuration/firewall/bridge.rst:248 +#: ../../configuration/firewall/ipv4.rst:674 +#: ../../configuration/firewall/ipv6.rst:684 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:707 +#: ../../configuration/firewall/ipv6.rst:717 msgid "Match based on ipsec criteria." msgstr "Match based on ipsec criteria." @@ -8878,53 +8167,77 @@ msgstr "Match based on ipsec criteria." msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:1064 -#: ../../configuration/firewall/general-legacy.rst:656 +#: ../../configuration/firewall/bridge.rst:256 +#: ../../configuration/firewall/ipv4.rst:684 +#: ../../configuration/firewall/ipv6.rst:694 +msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" + +#: ../../configuration/firewall/bridge.rst:265 +#: ../../configuration/firewall/ipv4.rst:695 +#: ../../configuration/firewall/ipv6.rst:705 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:750 +#: ../../configuration/firewall/ipv6.rst:760 #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/general.rst:1078 -#: ../../configuration/firewall/general-legacy.rst:664 +#: ../../configuration/firewall/ipv4.rst:762 +#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/general.rst:1039 -#: ../../configuration/firewall/general-legacy.rst:644 +#: ../../configuration/firewall/ipv4.rst:729 +#: ../../configuration/firewall/ipv6.rst:739 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/general.rst:1026 -#: ../../configuration/firewall/general-legacy.rst:637 +#: ../../configuration/firewall/ipv4.rst:718 +#: ../../configuration/firewall/ipv6.rst:728 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Match based on the maximum number of packets to allow in excess of rate." -#: ../../configuration/firewall/general.rst:1124 -#: ../../configuration/firewall/general-legacy.rst:689 +#: ../../configuration/firewall/bridge.rst:273 +msgid "Match based on vlan ID. Range is also supported." +msgstr "Match based on vlan ID. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:280 +msgid "Match based on vlan priority(pcp). Range is also supported." +msgstr "Match based on vlan priority(pcp). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:801 +#: ../../configuration/firewall/ipv6.rst:810 msgid "Match bases on recently seen sources." msgstr "Match bases on recently seen sources." -#: ../../configuration/firewall/general.rst:562 -#: ../../configuration/firewall/general-legacy.rst:394 +#: ../../configuration/firewall/ipv4.rst:325 +#: ../../configuration/firewall/ipv6.rst:325 msgid "Match criteria based on connection mark." msgstr "Match criteria based on connection mark." -#: ../../configuration/firewall/general.rst:549 -#: ../../configuration/firewall/general-legacy.rst:387 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "Match criteria based on nat connection status." msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/general.rst:586 +#: ../../configuration/firewall/ipv4.rst:345 +#: ../../configuration/firewall/ipv6.rst:345 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +#: ../../configuration/firewall/bridge.rst:232 +msgid "Match criteria based on source and/or destination mac-address." +msgstr "Match criteria based on source and/or destination mac-address." + #: ../../configuration/loadbalancing/reverse-proxy.rst:58 msgid "Match domain name" msgstr "Match domain name" -#: ../../configuration/firewall/general.rst:1234 -#: ../../configuration/firewall/general-legacy.rst:732 +#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -8937,19 +8250,19 @@ msgstr "Match local preference." msgid "Match route metric." msgstr "Match route metric." -#: ../../configuration/firewall/general.rst:1222 -#: ../../configuration/firewall/general-legacy.rst:726 +#: ../../configuration/firewall/ipv4.rst:885 #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/general.rst:1259 -#: ../../configuration/firewall/general-legacy.rst:742 +#: ../../configuration/firewall/ipv4.rst:906 +#: ../../configuration/firewall/ipv6.rst:915 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." -#: ../../configuration/firewall/general.rst:534 -#: ../../configuration/firewall/general-legacy.rst:378 +#: ../../configuration/firewall/bridge.rst:219 +#: ../../configuration/firewall/ipv4.rst:301 +#: ../../configuration/firewall/ipv6.rst:301 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Matching criteria" @@ -8966,7 +8279,7 @@ msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets" msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." -#: ../../configuration/vpn/sstp.rst:148 +#: ../../configuration/vpn/sstp.rst:159 msgid "Maximum number of IPv4 nameservers" msgstr "Maximum number of IPv4 nameservers" @@ -8978,7 +8291,11 @@ msgstr "Maximum number of authenticator processes to spawn. If you start too few msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." -#: ../../configuration/vpn/sstp.rst:239 +#: ../../configuration/service/dns.rst:148 +msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." +msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." + +#: ../../configuration/vpn/sstp.rst:250 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries" @@ -9010,6 +8327,26 @@ msgstr "Metris version, the default is ``2``" msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Min and max intervals between unsolicited multicast RAs" +#: ../../configuration/firewall/flowtables.rst:106 +msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." +msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." + +#: ../../configuration/protocols/pim.rst:49 +msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds." +msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds." + +#: ../../configuration/protocols/pim.rst:59 +msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." +msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." + +#: ../../configuration/protocols/pim.rst:98 +msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent." +msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent." + +#: ../../configuration/protocols/pim.rst:82 +msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel." +msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel." + #: ../../configuration/interfaces/wireless.rst:22 msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, the system passively monitors any kind of wireless traffic" @@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN msgid "Mount a volume into the container" msgstr "Mount a volume into the container" -#: ../../configuration/service/dhcp-server.rst:268 +#: ../../configuration/service/dhcp-server.rst:235 msgid "Multi" msgstr "Multi" @@ -9046,16 +8383,15 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." -#: ../../configuration/service/dhcp-server.rst:392 +#: ../../configuration/service/dhcp-server.rst:359 msgid "Multi: can be specified multiple times." msgstr "Multi: can be specified multiple times." -#: ../../configuration/interfaces/vxlan.rst:89 -#: ../../configuration/protocols/igmp.rst:7 +#: ../../configuration/interfaces/vxlan.rst:110 msgid "Multicast" msgstr "Multicast" -#: ../../configuration/interfaces/vxlan.rst:209 +#: ../../configuration/interfaces/vxlan.rst:230 msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from." msgstr "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from." @@ -9063,11 +8399,15 @@ msgstr "Multicast-routing is required for the leaves to forward traffic between msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs." msgstr "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs." -#: ../../configuration/interfaces/vxlan.rst:105 +#: ../../configuration/service/mdns.rst:8 +msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs." +msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs." + +#: ../../configuration/interfaces/vxlan.rst:126 msgid "Multicast VXLAN" msgstr "Multicast VXLAN" -#: ../../configuration/interfaces/vxlan.rst:99 +#: ../../configuration/interfaces/vxlan.rst:120 msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." @@ -9075,7 +8415,7 @@ msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built msgid "Multicast group to use for syncing conntrack entries." msgstr "Multicast group to use for syncing conntrack entries." -#: ../../configuration/protocols/igmp.rst:26 +#: ../../configuration/protocols/pim.rst:22 msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected." msgstr "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected." @@ -9083,8 +8423,8 @@ msgstr "Multicast receivers will talk IGMP to their local router, so, besides ha msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected." msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected." -#: ../../configuration/service/dhcp-server.rst:59 -#: ../../configuration/service/dhcp-server.rst:106 +#: ../../configuration/service/dhcp-server.rst:54 +#: ../../configuration/service/dhcp-server.rst:92 msgid "Multiple DNS servers can be defined." msgstr "Multiple DNS servers can be defined." @@ -9096,7 +8436,7 @@ msgstr "Multiple RPKI caching instances can be supplied and they need a preferen msgid "Multiple Uplinks" msgstr "Multiple Uplinks" -#: ../../configuration/interfaces/vxlan.rst:144 +#: ../../configuration/interfaces/vxlan.rst:165 msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." @@ -9108,7 +8448,7 @@ msgstr "Multiple aliases can pe specified per host-name." msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:122 +#: ../../configuration/system/conntrack.rst:150 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" @@ -9125,12 +8465,12 @@ msgstr "Multiple networks/client IP addresses can be configured." msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." -#: ../../configuration/service/dns.rst:361 +#: ../../configuration/service/dns.rst:374 msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/general.rst:770 -#: ../../configuration/firewall/general-legacy.rst:515 +#: ../../configuration/firewall/ipv4.rst:494 +#: ../../configuration/firewall/ipv6.rst:500 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" @@ -9147,18 +8487,18 @@ msgstr "Multiple users can connect to the same serial device but only one is all msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6." msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6." -#: ../../configuration/service/dhcp-server.rst:274 -#: ../../configuration/service/dhcp-server.rst:280 -#: ../../configuration/service/dhcp-server.rst:285 -#: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/service/dhcp-server.rst:330 -#: ../../configuration/service/dhcp-server.rst:335 -#: ../../configuration/service/dhcp-server.rst:340 -#: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/service/dhcp-server.rst:365 -#: ../../configuration/service/dhcp-server.rst:370 +#: ../../configuration/service/dhcp-server.rst:241 +#: ../../configuration/service/dhcp-server.rst:247 +#: ../../configuration/service/dhcp-server.rst:252 +#: ../../configuration/service/dhcp-server.rst:272 +#: ../../configuration/service/dhcp-server.rst:287 +#: ../../configuration/service/dhcp-server.rst:292 +#: ../../configuration/service/dhcp-server.rst:297 +#: ../../configuration/service/dhcp-server.rst:302 +#: ../../configuration/service/dhcp-server.rst:307 +#: ../../configuration/service/dhcp-server.rst:327 +#: ../../configuration/service/dhcp-server.rst:332 +#: ../../configuration/service/dhcp-server.rst:337 msgid "N" msgstr "N" @@ -9175,19 +8515,31 @@ msgstr "NAT, Routing, Firewall Interaction" msgid "NAT44" msgstr "NAT44" +#: ../../configuration/nat/nat64.rst:5 +msgid "NAT64" +msgstr "NAT64" + +#: ../../configuration/nat/nat64.rst:62 +msgid "NAT64 client configuration:" +msgstr "NAT64 client configuration:" + +#: ../../configuration/nat/nat64.rst:44 +msgid "NAT64 server configuration:" +msgstr "NAT64 server configuration:" + #: ../../configuration/nat/nat66.rst:5 msgid "NAT66(NPTv6)" msgstr "NAT66(NPTv6)" -#: ../../configuration/nat/nat44.rst:706 +#: ../../configuration/nat/nat44.rst:730 msgid "NAT Configuration" msgstr "NAT Configuration" -#: ../../configuration/nat/nat44.rst:287 +#: ../../configuration/nat/nat44.rst:299 msgid "NAT Load Balance" msgstr "NAT Load Balance" -#: ../../configuration/nat/nat44.rst:293 +#: ../../configuration/nat/nat44.rst:305 msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly." msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly." @@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it msgid "NAT Ruleset" msgstr "NAT Ruleset" -#: ../../configuration/nat/nat44.rst:686 +#: ../../configuration/nat/nat44.rst:710 msgid "NAT (specifically, Source NAT);" msgstr "NAT (specifically, Source NAT);" -#: ../../configuration/nat/nat44.rst:624 +#: ../../configuration/nat/nat44.rst:648 msgid "NAT before VPN" msgstr "NAT before VPN" -#: ../../configuration/nat/nat44.rst:677 -#: ../../configuration/nat/nat44.rst:677 +#: ../../configuration/nat/nat44.rst:701 msgid "NAT before VPN Topology" msgstr "NAT before VPN Topology" @@ -9236,7 +8587,7 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i msgid "Name Server" msgstr "Name Server" -#: ../../configuration/service/dhcp-server.rst:389 +#: ../../configuration/service/dhcp-server.rst:356 msgid "Name of static mapping" msgstr "Name of static mapping" @@ -9244,11 +8595,11 @@ msgstr "Name of static mapping" msgid "Name of the single table Only if set group-metrics single-table." msgstr "Name of the single table Only if set group-metrics single-table." -#: ../../configuration/service/dhcp-server.rst:329 +#: ../../configuration/service/dhcp-server.rst:296 msgid "Name or IPv4 address of TFTP server" msgstr "Name or IPv4 address of TFTP server" -#: ../../configuration/service/dhcp-server.rst:314 +#: ../../configuration/service/dhcp-server.rst:281 msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS over TCP/IP name server" @@ -9276,7 +8627,7 @@ msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the msgid "NetFlow v5 example:" msgstr "NetFlow v5 example:" -#: ../../configuration/firewall/index.rst:16 +#: ../../configuration/firewall/index.rst:13 msgid "Netfilter based" msgstr "Netfilter based" @@ -9302,8 +8653,7 @@ msgstr "Network Control" msgid "Network Emulator" msgstr "Network Emulator" -#: ../../configuration/firewall/general.rst:215 -#: ../../configuration/firewall/general-legacy.rst:191 +#: ../../configuration/firewall/groups.rst:42 msgid "Network Groups" msgstr "Network Groups" @@ -9315,7 +8665,7 @@ msgstr "Network ID (SSID) ``Enterprise-TEST``" msgid "Network ID (SSID) ``TEST``" msgstr "Network ID (SSID) ``TEST``" -#: ../../configuration/protocols/igmp.rst:None +#: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" @@ -9339,7 +8689,7 @@ msgstr "New user will use SHA/AES for authentication and privacy" msgid "Next-hop interface for the route" msgstr "Next-hop interface for the route" -#: ../../configuration/vpn/openconnect.rst:205 +#: ../../configuration/vpn/openconnect.rst:212 msgid "Next it is necessary to configure 2FA for OpenConnect:" msgstr "Next it is necessary to configure 2FA for OpenConnect:" @@ -9428,7 +8778,7 @@ msgstr "Now we add the option to the scope, adapt to your setup" msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." -#: ../../configuration/vpn/openconnect.rst:212 +#: ../../configuration/vpn/openconnect.rst:219 msgid "Now when connecting the user will first be asked for the password and then the OTP key." msgstr "Now when connecting the user will first be asked for the password and then the OTP key." @@ -9480,7 +8830,7 @@ msgstr "OTP-key generation" msgid "Offloading" msgstr "Offloading" -#: ../../configuration/service/dhcp-server.rst:278 +#: ../../configuration/service/dhcp-server.rst:245 msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" @@ -9555,6 +8905,10 @@ msgstr "On the initiator, we need to set the remote-id option so that it can ide msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id." msgstr "On the initiator, we set the peer address to its public address, but on the responder we only set the id." +#: ../../configuration/protocols/pim.rst:120 +msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command." +msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command." + #: ../../configuration/vpn/rsa-keys.rst:57 msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." @@ -9564,25 +8918,6 @@ msgid "Once a class has a filter configured, you will also have to define what y msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." #: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 -#: ../../_include/interface-ip.txt:21 msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols." msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols." @@ -9606,6 +8941,10 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." +#: ../../configuration/firewall/flowtables.rst:38 +msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" +msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" + #: ../../configuration/service/pppoe-server.rst:63 msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." @@ -9614,11 +8953,11 @@ msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-addres msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." -#: ../../configuration/service/pppoe-server.rst:224 +#: ../../configuration/service/pppoe-server.rst:211 msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." -#: ../../configuration/vpn/openconnect.rst:250 +#: ../../configuration/vpn/openconnect.rst:257 msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded." msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded." @@ -9626,7 +8965,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." -#: ../../configuration/vpn/sstp.rst:295 +#: ../../configuration/vpn/sstp.rst:307 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." @@ -9651,11 +8990,6 @@ msgid "One of the uses of Fair Queue might be the mitigation of Denial of Servic msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." #: ../../_include/interface-vlan-8021q.txt:32 -#: ../../_include/interface-vlan-8021q.txt:32 -#: ../../_include/interface-vlan-8021q.txt:32 -#: ../../_include/interface-vlan-8021q.txt:32 -#: ../../_include/interface-vlan-8021q.txt:32 -#: ../../_include/interface-vlan-8021q.txt:32 msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs." msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs." @@ -9663,8 +8997,12 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs." msgid "Only VRRP is supported. Required option." msgstr "Only VRRP is supported. Required option." -#: ../../configuration/firewall/general.rst:731 -#: ../../configuration/firewall/general-legacy.rst:490 +#: ../../configuration/service/https.rst:18 +msgid "Only allow certain IP addresses or prefixes to access the https webserver." +msgstr "Only allow certain IP addresses or prefixes to access the https webserver." + +#: ../../configuration/firewall/ipv4.rst:459 +#: ../../configuration/firewall/ipv6.rst:466 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Only in the source criteria, you can specify a mac-address." @@ -9672,22 +9010,7 @@ msgstr "Only in the source criteria, you can specify a mac-address." msgid "Only one SRGB and default SPF Algorithm is supported" msgstr "Only one SRGB and default SPF Algorithm is supported" -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 -#: ../../_include/interface-dhcp-options.txt:43 +#: ../../_include/interface-dhcp-options.txt:48 msgid "Only request an address from the DHCP server but do not request a default gateway." msgstr "Only request an address from the DHCP server but do not request a default gateway." @@ -9703,6 +9026,10 @@ msgstr "Only request an address from the SSTP server but do not install any defa msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference." msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference." +#: ../../configuration/interfaces/vxlan.rst:96 +msgid "Only works with a VXLAN device with external flag set." +msgstr "Only works with a VXLAN device with external flag set." + #: ../../configuration/highavailability/index.rst:457 msgid "Op-mode check virtual-server status" msgstr "Op-mode check virtual-server status" @@ -9715,15 +9042,15 @@ msgstr "OpenConnect" msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." -#: ../../configuration/vpn/openconnect.rst:274 +#: ../../configuration/vpn/openconnect.rst:281 msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on." msgstr "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on." -#: ../../configuration/vpn/openconnect.rst:267 +#: ../../configuration/vpn/openconnect.rst:274 msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly." msgstr "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly." -#: ../../configuration/vpn/openconnect.rst:228 +#: ../../configuration/vpn/openconnect.rst:235 msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." @@ -9778,27 +9105,34 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/virtual-ethernet.rst:55 #: ../../configuration/interfaces/wireless.rst:416 #: ../../configuration/interfaces/wwan.rst:79 -#: ../../configuration/pki/index.rst:252 -#: ../../configuration/protocols/igmp.rst:245 +#: ../../configuration/pki/index.rst:290 +#: ../../configuration/protocols/igmp-proxy.rst:73 #: ../../configuration/protocols/static.rst:183 #: ../../configuration/service/conntrack-sync.rst:103 #: ../../configuration/service/console-server.rst:76 #: ../../configuration/service/dhcp-relay.rst:124 -#: ../../configuration/service/dhcp-relay.rst:199 -#: ../../configuration/service/dns.rst:182 +#: ../../configuration/service/dhcp-relay.rst:201 +#: ../../configuration/service/dns.rst:195 #: ../../configuration/service/lldp.rst:71 +#: ../../configuration/service/mdns.rst:79 #: ../../configuration/service/ssh.rst:145 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 #: ../../configuration/system/flow-accounting.rst:175 #: ../../configuration/vrf/index.rst:111 -#: ../../configuration/vrf/index.rst:321 -#: ../../configuration/vrf/index.rst:501 +#: ../../configuration/vrf/index.rst:323 +#: ../../configuration/vrf/index.rst:503 msgid "Operation" msgstr "Operation" -#: ../../configuration/firewall/general.rst:1307 -#: ../../configuration/firewall/general-legacy.rst:778 +#: ../../configuration/firewall/groups.rst:186 +#: ../../configuration/firewall/zone.rst:128 +msgid "Operation-mode" +msgstr "Operation-mode" + +#: ../../configuration/firewall/bridge.rst:284 +#: ../../configuration/firewall/ipv4.rst:954 +#: ../../configuration/firewall/ipv6.rst:962 msgid "Operation-mode Firewall" msgstr "Operation-mode Firewall" @@ -9806,8 +9140,8 @@ msgstr "Operation-mode Firewall" msgid "Operation Commands" msgstr "Operation Commands" -#: ../../configuration/service/dhcp-server.rst:512 -#: ../../configuration/service/dhcp-server.rst:732 +#: ../../configuration/service/dhcp-server.rst:412 +#: ../../configuration/service/dhcp-server.rst:664 #: ../../configuration/system/acceleration.rst:42 msgid "Operation Mode" msgstr "Operation Mode" @@ -9825,7 +9159,7 @@ msgstr "Operational Commands" #: ../../configuration/protocols/bgp.rst:950 #: ../../configuration/protocols/mpls.rst:218 #: ../../configuration/protocols/ospf.rst:609 -#: ../../configuration/protocols/ospf.rst:1266 +#: ../../configuration/protocols/ospf.rst:1268 #: ../../configuration/protocols/rip.rst:193 msgid "Operational Mode Commands" msgstr "Operational Mode Commands" @@ -9843,11 +9177,11 @@ msgstr "Option" msgid "Option 43 for UniFI" msgstr "Option 43 for UniFI" -#: ../../configuration/service/dhcp-server.rst:267 +#: ../../configuration/service/dhcp-server.rst:234 msgid "Option description" msgstr "Option description" -#: ../../configuration/service/dhcp-server.rst:265 +#: ../../configuration/service/dhcp-server.rst:232 msgid "Option number" msgstr "Option number" @@ -9886,15 +9220,19 @@ msgstr "Optional/default settings" msgid "Optional Configuration" msgstr "Optional Configuration" +#: ../../configuration/protocols/pim.rst:123 +msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." +msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." + #: ../../configuration/container/index.rst:47 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." #: ../../configuration/interfaces/openvpn.rst:631 #: ../../configuration/service/dhcp-relay.rst:53 -#: ../../configuration/service/dhcp-relay.rst:158 -#: ../../configuration/service/dhcp-server.rst:257 -#: ../../configuration/vpn/sstp.rst:219 +#: ../../configuration/service/dhcp-relay.rst:160 +#: ../../configuration/service/dhcp-server.rst:224 +#: ../../configuration/vpn/sstp.rst:230 msgid "Options" msgstr "Options" @@ -9918,11 +9256,11 @@ msgstr "Or **binary** prefixes." msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:238 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." -#: ../../configuration/nat/nat44.rst:512 +#: ../../configuration/nat/nat44.rst:532 msgid "Our configuration commands would be:" msgstr "Our configuration commands would be:" @@ -9962,9 +9300,14 @@ msgstr "Over UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host." -#: ../../configuration/firewall/general.rst:11 -#: ../../configuration/firewall/general-legacy.rst:15 +#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/firewall/flowtables.rst:13 +#: ../../configuration/firewall/global-options.rst:11 +#: ../../configuration/firewall/ipv4.rst:11 +#: ../../configuration/firewall/ipv6.rst:11 +#: ../../configuration/firewall/zone.rst:11 #: ../../configuration/nat/nat44.rst:68 +#: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 msgid "Overview" msgstr "Overview" @@ -9973,8 +9316,8 @@ msgstr "Overview" msgid "Overview and basic concepts" msgstr "Overview and basic concepts" -#: ../../configuration/firewall/general.rst:1461 -#: ../../configuration/firewall/general-legacy.rst:908 +#: ../../configuration/firewall/groups.rst:190 +#: ../../configuration/firewall/ipv6.rst:1117 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "Overview of defined groups. You see the type, the members, and where the group is used." @@ -9994,14 +9337,22 @@ msgstr "PC2 is in VRF ``blue`` which is the development department" msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." -#: ../../configuration/interfaces/vxlan.rst:109 +#: ../../configuration/interfaces/vxlan.rst:130 msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain." msgstr "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain." -#: ../../configuration/interfaces/vxlan.rst:120 +#: ../../configuration/interfaces/vxlan.rst:141 msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3." msgstr "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3." +#: ../../configuration/protocols/pim.rst:31 +msgid "PIM-SM - PIM Sparse Mode" +msgstr "PIM-SM - PIM Sparse Mode" + +#: ../../configuration/protocols/pim6.rst:5 +msgid "PIM6 - Protocol Independent Multicast for IPv6" +msgstr "PIM6 - Protocol Independent Multicast for IPv6" + #: ../../configuration/protocols/igmp.rst:16 msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." msgstr "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." @@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) must be configured in every interfa msgid "PIM and IGMP" msgstr "PIM and IGMP" +#: ../../configuration/protocols/pim.rst:7 +msgid "PIM – Protocol Independent Multicast" +msgstr "PIM – Protocol Independent Multicast" + #: ../../configuration/protocols/pim6.rst:9 msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." @@ -10022,7 +9377,7 @@ msgstr "PKI" msgid "PPDU" msgstr "PPDU" -#: ../../configuration/vpn/sstp.rst:163 +#: ../../configuration/vpn/sstp.rst:174 msgid "PPP Settings" msgstr "PPP Settings" @@ -10054,11 +9409,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs." msgstr "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs." -#: ../../configuration/vpn/sstp.rst:155 +#: ../../configuration/vpn/sstp.rst:166 msgid "Path to `<file>` pointing to the certificate authority certificate." msgstr "Path to `<file>` pointing to the certificate authority certificate." -#: ../../configuration/vpn/sstp.rst:159 +#: ../../configuration/vpn/sstp.rst:170 msgid "Path to `<file>` pointing to the servers certificate (public portion)." msgstr "Path to `<file>` pointing to the servers certificate (public portion)." @@ -10102,7 +9457,7 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." -#: ../../configuration/service/pppoe-server.rst:336 +#: ../../configuration/service/pppoe-server.rst:323 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." @@ -10127,29 +9482,6 @@ msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` wi msgstr "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted." #: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 -#: ../../_include/interface-vrf.txt:4 msgid "Place interface in given VRF instance." msgstr "Place interface in given VRF instance." @@ -10157,6 +9489,14 @@ msgstr "Place interface in given VRF instance." msgid "Play an audible beep to the system speaker when system is ready." msgstr "Play an audible beep to the system speaker when system is ready." +#: ../../configuration/firewall/index.rst:137 +msgid "Please, refer to appropiate section for more information about firewall configuration:" +msgstr "Please, refer to appropiate section for more information about firewall configuration:" + +#: ../../configuration/firewall/index.rst:138 +msgid "Please, refer to appropriate section for more information about firewall configuration:" +msgstr "Please, refer to appropriate section for more information about firewall configuration:" + #: ../../configuration/service/ipoe-server.rst:23 msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective." msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective." @@ -10173,24 +9513,11 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options." msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options." -#: ../../configuration/service/dhcp-server.rst:423 +#: ../../configuration/service/dhcp-server.rst:364 msgid "Please see the :ref:`dhcp-dns-quick-start` configuration." msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration." #: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 -#: ../../_include/need_improvement.txt:13 msgid "Please take a look at the Contributing Guide for our :ref:`documentation`." msgstr "Please take a look at the Contributing Guide for our :ref:`documentation`." @@ -10230,12 +9557,11 @@ msgstr "Policy Sections" msgid "Policy for checking targets" msgstr "Policy for checking targets" -#: ../../configuration/system/conntrack.rst:152 +#: ../../configuration/system/conntrack.rst:57 msgid "Policy to track previously established connections." msgstr "Policy to track previously established connections." -#: ../../configuration/firewall/general.rst:257 -#: ../../configuration/firewall/general-legacy.rst:215 +#: ../../configuration/firewall/groups.rst:84 msgid "Port Groups" msgstr "Port Groups" @@ -10245,7 +9571,7 @@ msgstr "Port Groups" msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" -#: ../../configuration/vpn/sstp.rst:231 +#: ../../configuration/vpn/sstp.rst:242 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Port for Dynamic Authorization Extension server (DM/CoA)" @@ -10261,16 +9587,11 @@ msgstr "Port number used by connection, default is ``9273``" msgid "Port number used by connection." msgstr "Port number used by connection." -#: ../../configuration/service/https.rst:46 +#: ../../configuration/service/https.rst:37 msgid "Port to listen for HTTPS requests; default 443" msgstr "Port to listen for HTTPS requests; default 443" #: ../../_include/interface-vlan-8021q.txt:9 -#: ../../_include/interface-vlan-8021q.txt:9 -#: ../../_include/interface-vlan-8021q.txt:9 -#: ../../_include/interface-vlan-8021q.txt:9 -#: ../../_include/interface-vlan-8021q.txt:9 -#: ../../_include/interface-vlan-8021q.txt:9 msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." @@ -10335,7 +9656,7 @@ msgstr "Preference associated with the default router" msgid "Prefix Conversion" msgstr "Prefix Conversion" -#: ../../configuration/service/dhcp-server.rst:634 +#: ../../configuration/service/dhcp-server.rst:564 msgid "Prefix Delegation" msgstr "Prefix Delegation" @@ -10387,11 +9708,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's msgid "Principle of SNMP Communication" msgstr "Principle of SNMP Communication" -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:532 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination." -#: ../../configuration/vrf/index.rst:509 +#: ../../configuration/vrf/index.rst:511 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." @@ -10409,25 +9730,6 @@ msgid "Priority Queue, as other non-shaping policies, is only useful if your out msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." #: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 -#: ../../_include/interface-ip.txt:153 msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." @@ -10455,8 +9757,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." -#: ../../configuration/firewall/general.rst:212 -#: ../../configuration/firewall/general-legacy.rst:188 +#: ../../configuration/firewall/groups.rst:39 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Provide a IPv4 or IPv6 address group description" @@ -10464,39 +9765,43 @@ msgstr "Provide a IPv4 or IPv6 address group description" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Provide a IPv4 or IPv6 network group description." -#: ../../configuration/firewall/general.rst:515 -#: ../../configuration/firewall/general-legacy.rst:334 +#: ../../configuration/firewall/ipv4.rst:285 +#: ../../configuration/firewall/ipv6.rst:285 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Provide a description for each rule." -#: ../../configuration/firewall/general.rst:314 +#: ../../configuration/firewall/flowtables.rst:75 +msgid "Provide a description to the flow table." +msgstr "Provide a description to the flow table." + +#: ../../configuration/firewall/groups.rst:141 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/general.rst:297 +#: ../../configuration/firewall/groups.rst:124 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/general.rst:279 -#: ../../configuration/firewall/general-legacy.rst:237 +#: ../../configuration/firewall/groups.rst:106 msgid "Provide a port group description." msgstr "Provide a port group description." -#: ../../configuration/firewall/general-legacy.rst:281 #: ../../configuration/policy/route.rst:20 msgid "Provide a rule-set description." msgstr "Provide a rule-set description." -#: ../../configuration/firewall/general.rst:503 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:275 +#: ../../configuration/firewall/ipv6.rst:275 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/general.rst:236 +#: ../../configuration/firewall/groups.rst:63 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/general.rst:254 +#: ../../configuration/firewall/groups.rst:81 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10509,7 +9814,6 @@ msgid "Provides a backbone area coherence by virtual link establishment." msgstr "Provides a backbone area coherence by virtual link establishment." #: ../../_include/interface-per-client-thread.txt:4 -#: ../../_include/interface-per-client-thread.txt:4 msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down." msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down." @@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64" #: ../../configuration/system/login.rst:234 -#: ../../configuration/vpn/sstp.rst:196 +#: ../../configuration/vpn/sstp.rst:207 msgid "RADIUS" msgstr "RADIUS" @@ -10604,7 +9908,7 @@ msgstr "RADIUS authentication" msgid "RADIUS bandwidth shaping attribute" msgstr "RADIUS bandwidth shaping attribute" -#: ../../configuration/service/pppoe-server.rst:125 +#: ../../configuration/service/pppoe-server.rst:112 msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address." @@ -10624,7 +9928,7 @@ msgstr "RADIUS source address" msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." -#: ../../configuration/service/dhcp-server.rst:289 +#: ../../configuration/service/dhcp-server.rst:256 msgid "RFC 868 time server IPv4 address" msgstr "RFC 868 time server IPv4 address" @@ -10740,11 +10044,11 @@ msgstr "Recommended for larger installations." msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" -#: ../../configuration/nat/nat44.rst:417 +#: ../../configuration/nat/nat44.rst:431 msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`." msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`." -#: ../../configuration/nat/nat44.rst:413 +#: ../../configuration/nat/nat44.rst:427 msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." @@ -10755,7 +10059,7 @@ msgstr "Redirect URL to a new location" #: ../../configuration/protocols/babel.rst:154 #: ../../configuration/protocols/bgp.rst:557 #: ../../configuration/protocols/ospf.rst:564 -#: ../../configuration/protocols/ospf.rst:1249 +#: ../../configuration/protocols/ospf.rst:1251 #: ../../configuration/protocols/rip.rst:136 msgid "Redistribution Configuration" msgstr "Redistribution Configuration" @@ -10764,7 +10068,7 @@ msgstr "Redistribution Configuration" msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites." msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites." -#: ../../configuration/service/dns.rst:265 +#: ../../configuration/service/dns.rst:278 msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" @@ -10790,22 +10094,7 @@ msgstr "Regular expression to match against an AS path. For example \"64501 6450 msgid "Regular expression to match against an extended community list, where text could be:" msgstr "Regular expression to match against an extended community list, where text could be:" -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 -#: ../../_include/interface-dhcp-options.txt:66 +#: ../../_include/interface-dhcp-options.txt:71 msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." @@ -10858,7 +10147,7 @@ msgstr "Remote ``InfluxDB`` bucket name" msgid "Remote database name." msgstr "Remote database name." -#: ../../configuration/service/dhcp-server.rst:182 +#: ../../configuration/service/dhcp-server.rst:147 msgid "Remote peer IP `<address>` of the second DHCP server in this failover cluster." msgstr "Remote peer IP `<address>` of the second DHCP server in this failover cluster." @@ -10883,25 +10172,10 @@ msgid "Replay protection" msgstr "Replay protection" #: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 -#: ../../_include/interface-dhcpv6-options.txt:50 msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership." msgstr "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership." -#: ../../configuration/service/dhcp-relay.rst:175 +#: ../../configuration/service/dhcp-relay.rst:177 msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`" @@ -10917,11 +10191,12 @@ msgstr "Requirements" msgid "Requirements:" msgstr "Requirements:" -#: ../../configuration/firewall/general.rst:1279 +#: ../../configuration/firewall/ipv4.rst:926 +#: ../../configuration/firewall/ipv6.rst:935 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" -#: ../../configuration/protocols/bgp.rst:1063 +#: ../../configuration/protocols/bgp.rst:1064 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reset" @@ -10930,11 +10205,11 @@ msgstr "Reset" msgid "Reset OpenVPN" msgstr "Reset OpenVPN" -#: ../../configuration/system/ipv6.rst:176 +#: ../../configuration/system/ipv6.rst:150 msgid "Reset commands" msgstr "Reset commands" -#: ../../configuration/service/dns.rst:186 +#: ../../configuration/service/dns.rst:199 msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain." msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain." @@ -10946,7 +10221,7 @@ msgstr "Restart" msgid "Restart DHCP relay service" msgstr "Restart DHCP relay service" -#: ../../configuration/service/dhcp-relay.rst:203 +#: ../../configuration/service/dhcp-relay.rst:205 msgid "Restart DHCPv6 relay agent immediately." msgstr "Restart DHCPv6 relay agent immediately." @@ -10954,11 +10229,15 @@ msgstr "Restart DHCPv6 relay agent immediately." msgid "Restart a given container" msgstr "Restart a given container" -#: ../../configuration/service/dhcp-server.rst:528 +#: ../../configuration/service/mdns.rst:83 +msgid "Restart mDNS repeater service." +msgstr "Restart mDNS repeater service." + +#: ../../configuration/service/dhcp-server.rst:428 msgid "Restart the DHCP server" msgstr "Restart the DHCP server" -#: ../../configuration/protocols/igmp.rst:249 +#: ../../configuration/protocols/igmp-proxy.rst:77 msgid "Restart the IGMP proxy process." msgstr "Restart the IGMP proxy process." @@ -10966,7 +10245,7 @@ msgstr "Restart the IGMP proxy process." msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." -#: ../../configuration/service/dns.rst:191 +#: ../../configuration/service/dns.rst:204 msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." @@ -11012,7 +10291,7 @@ msgstr "Route Aggregation Configuration" msgid "Route Dampening" msgstr "Route Dampening" -#: ../../configuration/protocols/bgp.rst:1188 +#: ../../configuration/protocols/bgp.rst:1189 msgid "Route Filtering" msgstr "Route Filtering" @@ -11052,7 +10331,7 @@ msgstr "Route and Route6 Policy" msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold." msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold." -#: ../../configuration/protocols/bgp.rst:1190 +#: ../../configuration/protocols/bgp.rst:1191 msgid "Route filter can be applied using a route-map:" msgstr "Route filter can be applied using a route-map:" @@ -11084,11 +10363,11 @@ msgstr "Router Lifetime" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." -#: ../../configuration/vrf/index.rst:423 +#: ../../configuration/vrf/index.rst:425 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" -#: ../../configuration/protocols/isis.rst:413 +#: ../../configuration/protocols/isis.rst:441 msgid "Routes on Node 2:" msgstr "Routes on Node 2:" @@ -11120,13 +10399,13 @@ msgstr "Routing" msgid "Routing tables that will be used in this example are:" msgstr "Routing tables that will be used in this example are:" -#: ../../configuration/firewall/general-legacy.rst:270 #: ../../configuration/policy/route.rst:10 msgid "Rule-Sets" msgstr "Rule-Sets" -#: ../../configuration/firewall/general.rst:1310 -#: ../../configuration/firewall/general-legacy.rst:781 +#: ../../configuration/firewall/bridge.rst:287 +#: ../../configuration/firewall/ipv4.rst:957 +#: ../../configuration/firewall/ipv6.rst:965 msgid "Rule-set overview" msgstr "Rule-set overview" @@ -11138,6 +10417,10 @@ msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forw msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." +#: ../../configuration/firewall/flowtables.rst:151 +msgid "Rule 110 is hit, so connection is accepted." +msgstr "Rule 110 is hit, so connection is accepted." + #: ../../configuration/loadbalancing/reverse-proxy.rst:257 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." @@ -11146,7 +10429,9 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" -#: ../../configuration/firewall/general.rst:519 +#: ../../configuration/firewall/bridge.rst:208 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Rule Status" msgstr "Rule Status" @@ -11162,7 +10447,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`." msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`." -#: ../../configuration/service/dns.rst:378 +#: ../../configuration/service/dns.rst:391 msgid "Running Behind NAT" msgstr "Running Behind NAT" @@ -11170,6 +10455,10 @@ msgstr "Running Behind NAT" msgid "SNAT" msgstr "SNAT" +#: ../../configuration/nat/nat64.rst:26 +msgid "SNAT64" +msgstr "SNAT64" + #: ../../configuration/nat/nat66.rst:23 msgid "SNAT66" msgstr "SNAT66" @@ -11219,8 +10508,6 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used." #: ../../_include/interface-mirror.txt:1 -#: ../../_include/interface-mirror.txt:1 -#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." @@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" #: ../../configuration/vpn/openconnect.rst:24 -#: ../../configuration/vpn/sstp.rst:151 +#: ../../configuration/vpn/sstp.rst:162 msgid "SSL Certificates" msgstr "SSL Certificates" @@ -11306,7 +10593,7 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." -#: ../../configuration/interfaces/vxlan.rst:153 +#: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11326,11 +10613,11 @@ msgstr "Script execution" msgid "Scripting" msgstr "Scripting" -#: ../../configuration/nat/nat44.rst:652 +#: ../../configuration/nat/nat44.rst:676 msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:246 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)" @@ -11343,6 +10630,10 @@ msgstr "Security" msgid "Security/authentication messages" msgstr "Security/authentication messages" +#: ../../configuration/protocols/pim.rst:109 +msgid "See :rfc:`7761#section-4.1` for details." +msgstr "See :rfc:`7761#section-4.1` for details." + #: ../../configuration/system/ip.rst:52 msgid "See below the different parameters available for the IPv4 **show** command:" msgstr "See below the different parameters available for the IPv4 **show** command:" @@ -11371,11 +10662,15 @@ msgstr "Segment routing (SR) is used by the IGP protocols to interconnect networ msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR." msgstr "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR." +#: ../../configuration/service/https.rst:50 +msgid "Select TLS version used." +msgstr "Select TLS version used." + #: ../../configuration/interfaces/macsec.rst:34 msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory." -#: ../../configuration/vrf/index.rst:466 +#: ../../configuration/vrf/index.rst:468 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." #: ../../configuration/interfaces/openvpn.rst:325 -#: ../../configuration/vpn/sstp.rst:199 +#: ../../configuration/vpn/sstp.rst:210 msgid "Server" msgstr "Server" @@ -11432,7 +10727,7 @@ msgstr "Server Side" msgid "Server configuration" msgstr "Server configuration" -#: ../../configuration/service/https.rst:50 +#: ../../configuration/service/https.rst:41 msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Server names for virtual hosts it can be exact, wildcard or regex." @@ -11457,19 +10752,19 @@ msgstr "Set BGP community-list to exactly match." msgid "Set BGP local preference attribute." msgstr "Set BGP local preference attribute." -#: ../../configuration/policy/route-map.rst:334 +#: ../../configuration/policy/route-map.rst:336 msgid "Set BGP origin code." msgstr "Set BGP origin code." -#: ../../configuration/policy/route-map.rst:339 +#: ../../configuration/policy/route-map.rst:341 msgid "Set BGP originator ID attribute." msgstr "Set BGP originator ID attribute." -#: ../../configuration/policy/route-map.rst:357 +#: ../../configuration/policy/route-map.rst:359 msgid "Set BGP weight attribute" msgstr "Set BGP weight attribute" -#: ../../configuration/nat/nat44.rst:176 +#: ../../configuration/nat/nat44.rst:188 msgid "Set DNAT rule 20 to only NAT UDP packets" msgstr "Set DNAT rule 20 to only NAT UDP packets" @@ -11481,19 +10776,19 @@ msgstr "Set IPSec inbound match criterias, where:" msgid "Set IP fragment match, where:" msgstr "Set IP fragment match, where:" -#: ../../configuration/policy/route-map.rst:329 +#: ../../configuration/policy/route-map.rst:331 msgid "Set OSPF external metric-type." msgstr "Set OSPF external metric-type." -#: ../../configuration/nat/nat44.rst:175 +#: ../../configuration/nat/nat44.rst:187 msgid "Set SNAT rule 20 to only NAT TCP and UDP packets" msgstr "Set SNAT rule 20 to only NAT TCP and UDP packets" -#: ../../configuration/nat/nat44.rst:189 +#: ../../configuration/nat/nat44.rst:201 msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network" msgstr "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network" -#: ../../configuration/nat/nat44.rst:191 +#: ../../configuration/nat/nat44.rst:203 msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443" msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443" @@ -11501,11 +10796,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" -#: ../../configuration/firewall/general.rst:1271 +#: ../../configuration/firewall/ipv4.rst:918 +#: ../../configuration/firewall/ipv6.rst:927 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" -#: ../../configuration/service/dns.rst:267 +#: ../../configuration/service/dns.rst:280 msgid "Set TTL to 300 seconds" msgstr "Set TTL to 300 seconds" @@ -11517,51 +10813,31 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" -#: ../../configuration/system/conntrack.rst:114 +#: ../../configuration/system/conntrack.rst:113 +msgid "Set a destination and/or source address. Accepted input for ipv4:" +msgstr "Set a destination and/or source address. Accepted input for ipv4:" + +#: ../../configuration/system/conntrack.rst:142 msgid "Set a destination and/or source port. Accepted input:" msgstr "Set a destination and/or source port. Accepted input:" #: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 -#: ../../_include/interface-description.txt:4 msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:387 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Set a limit on the maximum number of concurrent logged-in users on the system." -#: ../../configuration/firewall/zone.rst:79 +#: ../../configuration/firewall/zone.rst:98 msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:18 +#: ../../configuration/service/https.rst:63 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." -#: ../../configuration/system/conntrack.rst:92 +#: ../../configuration/system/conntrack.rst:106 msgid "Set a rule description." msgstr "Set a rule description." @@ -11693,7 +10969,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa msgid "Set inbound interface to match." msgstr "Set inbound interface to match." -#: ../../configuration/firewall/zone.rst:65 +#: ../../configuration/firewall/zone.rst:84 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." @@ -11737,7 +11013,7 @@ msgstr "Set maximum `<size>` of DHCP packets including relay agent information. msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second." msgstr "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second." -#: ../../configuration/service/dhcp-relay.rst:162 +#: ../../configuration/service/dhcp-relay.rst:164 msgid "Set maximum hop count before packets are discarded, default: 10" msgstr "Set maximum hop count before packets are discarded, default: 10" @@ -11779,7 +11055,7 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)." msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)." -#: ../../configuration/policy/route-map.rst:348 +#: ../../configuration/policy/route-map.rst:350 msgid "Set prefixes to table." msgstr "Set prefixes to table." @@ -11820,7 +11096,7 @@ msgstr "Set some metric to routes learned from a particular neighbor." msgid "Set source-address to your local IP (LAN)." msgstr "Set source-address to your local IP (LAN)." -#: ../../configuration/policy/route-map.rst:344 +#: ../../configuration/policy/route-map.rst:346 msgid "Set source IP/IPv6 address for route." msgstr "Set source IP/IPv6 address for route." @@ -11829,7 +11105,7 @@ msgstr "Set source IP/IPv6 address for route." msgid "Set source address or prefix to match." msgstr "Set source address or prefix to match." -#: ../../configuration/policy/route-map.rst:352 +#: ../../configuration/policy/route-map.rst:354 msgid "Set tag value for routing protocol." msgstr "Set tag value for routing protocol." @@ -11850,8 +11126,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel." msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/firewall/general.rst:162 -#: ../../configuration/firewall/general-legacy.rst:112 +#: ../../configuration/firewall/global-options.rst:99 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:" @@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2." msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane." msgstr "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane." +#: ../../configuration/protocols/pim.rst:153 +msgid "Set the PIM hello and hold interval for a interface." +msgstr "Set the PIM hello and hold interval for a interface." + #: ../../configuration/protocols/segment-routing.rst:56 #: ../../configuration/protocols/segment-routing.rst:134 msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535." @@ -11896,6 +11175,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." +#: ../../configuration/protocols/pim.rst:147 +msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment." +msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment." + #: ../../configuration/interfaces/pppoe.rst:148 msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384." msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384." @@ -11920,22 +11203,7 @@ msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instan msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)." msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)." -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 -#: ../../_include/interface-dhcp-options.txt:55 +#: ../../_include/interface-dhcp-options.txt:60 msgid "Set the distance for the default gateway sent by the DHCP server." msgstr "Set the distance for the default gateway sent by the DHCP server." @@ -11951,15 +11219,15 @@ msgstr "Set the distance for the default gateway sent by the SSTP server." msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." -#: ../../configuration/firewall/general-legacy.rst:136 +#: ../../configuration/firewall/global-options.rst:127 msgid "Set the global setting for an established connection." msgstr "Set the global setting for an established connection." -#: ../../configuration/firewall/general-legacy.rst:142 +#: ../../configuration/firewall/global-options.rst:137 msgid "Set the global setting for invalid packets." msgstr "Set the global setting for invalid packets." -#: ../../configuration/firewall/general-legacy.rst:148 +#: ../../configuration/firewall/global-options.rst:147 msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." @@ -11975,7 +11243,7 @@ msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...25 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" -#: ../../configuration/system/conntrack.rst:147 +#: ../../configuration/system/conntrack.rst:52 msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." @@ -11995,7 +11263,7 @@ msgstr "Set the native VLAN ID flag of the interface. When a data packet without msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value" -#: ../../configuration/system/conntrack.rst:157 +#: ../../configuration/system/conntrack.rst:62 msgid "Set the number of TCP maximum retransmit attempts." msgstr "Set the number of TCP maximum retransmit attempts." @@ -12027,6 +11295,10 @@ msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the msgid "Set the restart behavior of the container." msgstr "Set the restart behavior of the container." +#: ../../configuration/policy/route-map.rst:323 +msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED." +msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED." + #: ../../configuration/policy/route.rst:269 msgid "Set the routing table to forward packet with." msgstr "Set the routing table to forward packet with." @@ -12043,11 +11315,11 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Set the source IP of forwarded packets, otherwise original senders address is used." -#: ../../configuration/system/conntrack.rst:83 +#: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Set the timeout in secounds for a protocol or state." -#: ../../configuration/system/conntrack.rst:141 +#: ../../configuration/system/conntrack.rst:175 msgid "Set the timeout in secounds for a protocol or state in a custom rule." msgstr "Set the timeout in secounds for a protocol or state in a custom rule." @@ -12056,7 +11328,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule." msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." -#: ../../configuration/firewall/general.rst:1275 +#: ../../configuration/firewall/ipv4.rst:922 +#: ../../configuration/firewall/ipv6.rst:931 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12068,7 +11341,7 @@ msgstr "Set window of concurrently valid codes." msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" -#: ../../configuration/interfaces/vxlan.rst:299 +#: ../../configuration/interfaces/vxlan.rst:320 msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested." msgstr "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested." @@ -12076,7 +11349,7 @@ msgstr "Sets the interface to listen for multicast packets on. Could be a loopba msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address." msgstr "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address." -#: ../../configuration/interfaces/vxlan.rst:306 +#: ../../configuration/interfaces/vxlan.rst:327 msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." @@ -12084,7 +11357,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates msgid "Setting VRRP group priority" msgstr "Setting VRRP group priority" -#: ../../configuration/service/dhcp-server.rst:264 +#: ../../configuration/service/dhcp-server.rst:231 msgid "Setting name" msgstr "Setting name" @@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:" msgid "Setting up tunnel:" msgstr "Setting up tunnel:" -#: ../../configuration/service/dhcp-server.rst:432 +#: ../../configuration/service/dhcp-server.rst:373 msgid "Setup DHCP failover for network 192.0.2.0/24" msgstr "Setup DHCP failover for network 192.0.2.0/24" @@ -12132,7 +11405,7 @@ msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." -#: ../../configuration/service/dns.rst:314 +#: ../../configuration/service/dns.rst:327 msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes." @@ -12172,7 +11445,7 @@ msgstr "Short GI capabilities for 20 and 40 MHz" msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." -#: ../../configuration/vrf/index.rst:486 +#: ../../configuration/vrf/index.rst:488 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." @@ -12181,16 +11454,17 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the msgid "Show" msgstr "Show" -#: ../../configuration/service/dhcp-server.rst:516 +#: ../../configuration/service/dhcp-server.rst:416 msgid "Show DHCP server daemon log file" msgstr "Show DHCP server daemon log file" -#: ../../configuration/service/dhcp-server.rst:736 +#: ../../configuration/service/dhcp-server.rst:668 msgid "Show DHCPv6 server daemon log file" msgstr "Show DHCPv6 server daemon log file" -#: ../../configuration/firewall/general.rst:1482 -#: ../../configuration/firewall/general-legacy.rst:965 +#: ../../configuration/firewall/bridge.rst:306 +#: ../../configuration/firewall/ipv4.rst:1115 +#: ../../configuration/firewall/ipv6.rst:1138 msgid "Show Firewall log" msgstr "Show Firewall log" @@ -12198,6 +11472,22 @@ msgstr "Show Firewall log" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Show LLDP neighbors connected via interface `<interface>`." +#: ../../configuration/service/ssh.rst:232 +msgid "Show SSH dynamic-protection log." +msgstr "Show SSH dynamic-protection log." + +#: ../../configuration/service/ssh.rst:224 +msgid "Show SSH server log." +msgstr "Show SSH server log." + +#: ../../configuration/service/ssh.rst:248 +msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." +msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." + +#: ../../configuration/service/ssh.rst:244 +msgid "Show SSH server public key fingerprints." +msgstr "Show SSH server public key fingerprints." + #: ../../configuration/loadbalancing/wan.rst:271 msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test" msgstr "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test" @@ -12242,15 +11532,15 @@ msgstr "Show WWAN module signal strength." msgid "Show a list available container networks" msgstr "Show a list available container networks" -#: ../../configuration/pki/index.rst:259 +#: ../../configuration/pki/index.rst:297 msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates." msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates." -#: ../../configuration/pki/index.rst:294 +#: ../../configuration/pki/index.rst:332 msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." -#: ../../configuration/pki/index.rst:277 +#: ../../configuration/pki/index.rst:315 msgid "Show a list of installed certificates" msgstr "Show a list of installed certificates" @@ -12356,44 +11646,52 @@ msgstr "Show info about the Wireguard service. It also shows the latest handshak msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" +#: ../../configuration/service/ssh.rst:240 +msgid "Show list of IPs currently blocked by SSH dynamic-protection." +msgstr "Show list of IPs currently blocked by SSH dynamic-protection." + +#: ../../configuration/service/mdns.rst:87 +msgid "Show logs for mDNS repeater service." +msgstr "Show logs for mDNS repeater service." + #: ../../configuration/container/index.rst:159 msgid "Show logs from a given container" msgstr "Show logs from a given container" -#: ../../configuration/service/dhcp-server.rst:520 +#: ../../configuration/service/dhcp-server.rst:420 msgid "Show logs from all DHCP client processes." msgstr "Show logs from all DHCP client processes." -#: ../../configuration/service/dhcp-server.rst:740 +#: ../../configuration/service/dhcp-server.rst:672 msgid "Show logs from all DHCPv6 client processes." msgstr "Show logs from all DHCPv6 client processes." -#: ../../configuration/service/dhcp-server.rst:524 +#: ../../configuration/service/dhcp-server.rst:424 msgid "Show logs from specific `interface` DHCP client process." msgstr "Show logs from specific `interface` DHCP client process." -#: ../../configuration/service/dhcp-server.rst:744 +#: ../../configuration/service/dhcp-server.rst:676 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Show logs from specific `interface` DHCPv6 client process." -#: ../../configuration/pki/index.rst:273 +#: ../../configuration/pki/index.rst:311 msgid "Show only information for specified Certificate Authority." msgstr "Show only information for specified Certificate Authority." -#: ../../configuration/pki/index.rst:290 +#: ../../configuration/pki/index.rst:328 msgid "Show only information for specified certificate." msgstr "Show only information for specified certificate." -#: ../../configuration/service/dhcp-server.rst:562 -#: ../../configuration/service/dhcp-server.rst:767 +#: ../../configuration/service/dhcp-server.rst:478 +#: ../../configuration/service/dhcp-server.rst:699 msgid "Show only leases in the specified pool." msgstr "Show only leases in the specified pool." -#: ../../configuration/service/dhcp-server.rst:776 +#: ../../configuration/service/dhcp-server.rst:708 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" -#: ../../configuration/service/dhcp-server.rst:571 +#: ../../configuration/service/dhcp-server.rst:496 msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)" msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)" @@ -12405,19 +11703,23 @@ msgstr "Show routing table entry for the default route." msgid "Show specific MACsec interface information" msgstr "Show specific MACsec interface information" -#: ../../configuration/vpn/site2site_ipsec.rst:217 +#: ../../configuration/vpn/site2site_ipsec.rst:221 msgid "Show status of new setup:" msgstr "Show status of new setup:" -#: ../../configuration/service/dhcp-server.rst:547 +#: ../../configuration/service/dhcp-server.rst:447 msgid "Show statuses of all active leases:" msgstr "Show statuses of all active leases:" -#: ../../configuration/service/dhcp-server.rst:532 +#: ../../configuration/service/dhcp-server.rst:465 +msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):" +msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):" + +#: ../../configuration/service/dhcp-server.rst:432 msgid "Show the DHCP server statistics:" msgstr "Show the DHCP server statistics:" -#: ../../configuration/service/dhcp-server.rst:543 +#: ../../configuration/service/dhcp-server.rst:443 msgid "Show the DHCP server statistics for the specified pool." msgstr "Show the DHCP server statistics for the specified pool." @@ -12437,11 +11739,22 @@ msgstr "Show the list of all active containers." msgid "Show the local container images." msgstr "Show the local container images." -#: ../../configuration/firewall/general.rst:1486 #: ../../configuration/firewall/general-legacy.rst:969 msgid "Show the logs of a specific Rule-Set." msgstr "Show the logs of a specific Rule-Set." +#: ../../configuration/firewall/bridge.rst:316 +msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." +msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." + +#: ../../configuration/firewall/ipv4.rst:1125 +msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." +msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." + +#: ../../configuration/firewall/ipv6.rst:1148 +msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." +msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." + #: ../../configuration/protocols/failover.rst:75 #: ../../configuration/protocols/failover.rst:101 msgid "Show the route" @@ -12455,7 +11768,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgid "Showing BFD monitored static routes" msgstr "Showing BFD monitored static routes" -#: ../../configuration/service/dhcp-server.rst:752 +#: ../../configuration/service/dhcp-server.rst:684 msgid "Shows status of all assigned leases:" msgstr "Shows status of all assigned leases:" @@ -12483,7 +11796,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" -#: ../../configuration/vpn/site2site_ipsec.rst:418 +#: ../../configuration/vpn/site2site_ipsec.rst:427 msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Similar combinations are applicable for the dead-peer-detection." @@ -12519,7 +11832,11 @@ msgstr "Since the RADIUS server would be a single point of failure, multiple RAD msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." -#: ../../configuration/interfaces/vxlan.rst:136 +#: ../../configuration/service/mdns.rst:14 +msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." +msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." + +#: ../../configuration/interfaces/vxlan.rst:157 msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" @@ -12540,6 +11857,10 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor msgid "Site to Site VPN" msgstr "Site to Site VPN" +#: ../../configuration/pki/index.rst:275 +msgid "Size of the RSA key." +msgstr "Size of the RSA key." + #: ../../configuration/interfaces/bonding.rst:47 msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below." msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below." @@ -12548,27 +11869,15 @@ msgstr "Slave selection for outgoing traffic is done according to the transmit h msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100." msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100." +#: ../../configuration/nat/nat44.rst:579 +msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:" +msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:" + #: ../../configuration/service/snmp.rst:245 msgid "SolarWinds" msgstr "SolarWinds" #: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10 msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation." msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation." @@ -12580,15 +11889,18 @@ msgstr "Some IT environments require the use of a proxy to connect to the Intern msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." -#: ../../configuration/nat/nat44.rst:626 +#: ../../configuration/nat/nat44.rst:650 msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." -#: ../../configuration/firewall/general.rst:86 #: ../../configuration/firewall/general-legacy.rst:38 msgid "Some firewall settings are global and have an affect on the whole system." msgstr "Some firewall settings are global and have an affect on the whole system." +#: ../../configuration/firewall/global-options.rst:13 +msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." +msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." + #: ../../configuration/trafficpolicy/index.rst:327 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." @@ -12621,15 +11933,15 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." -#: ../../configuration/service/dhcp-server.rst:771 +#: ../../configuration/service/dhcp-server.rst:703 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" -#: ../../configuration/service/dhcp-server.rst:566 +#: ../../configuration/service/dhcp-server.rst:491 msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)" msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)" -#: ../../configuration/nat/nat44.rst:226 +#: ../../configuration/nat/nat44.rst:238 msgid "Source Address" msgstr "Source Address" @@ -12637,7 +11949,7 @@ msgstr "Source Address" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." -#: ../../configuration/vpn/sstp.rst:257 +#: ../../configuration/vpn/sstp.rst:268 msgid "Source IPv4 address used in all RADIUS server queires." msgstr "Source IPv4 address used in all RADIUS server queires." @@ -12662,6 +11974,10 @@ msgid "Source protocol to match." msgstr "Source protocol to match." #: ../../configuration/vpn/ipsec.rst:225 +msgid "Source tunnel from dummy interface" +msgstr "Source tunnel from dummy interface" + +#: ../../configuration/vpn/ipsec.rst:225 msgid "Source tunnel from loopbacks" msgstr "Source tunnel from loopbacks" @@ -12685,15 +12001,15 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." -#: ../../configuration/vpn/sstp.rst:227 +#: ../../configuration/vpn/sstp.rst:238 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/vpn/sstp.rst:183 +#: ../../configuration/vpn/sstp.rst:194 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference." -#: ../../configuration/vrf/index.rst:475 +#: ../../configuration/vrf/index.rst:477 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." @@ -12705,6 +12021,10 @@ msgstr "Specifies an upstream network `<interface>` from which replies from `<se msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." +#: ../../configuration/interfaces/vxlan.rst:89 +msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." +msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." + #: ../../configuration/interfaces/bonding.rst:40 msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" @@ -12737,7 +12057,7 @@ msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algori msgid "Specifies the base DN under which the users are located." msgstr "Specifies the base DN under which the users are located." -#: ../../configuration/service/dhcp-server.rst:272 +#: ../../configuration/service/dhcp-server.rst:239 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." @@ -12774,31 +12094,35 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4 msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." -#: ../../configuration/vrf/index.rst:450 +#: ../../configuration/vrf/index.rst:452 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." -#: ../../configuration/vrf/index.rst:443 +#: ../../configuration/vrf/index.rst:445 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." -#: ../../configuration/vpn/sstp.rst:270 +#: ../../configuration/vpn/sstp.rst:281 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." -#: ../../configuration/vpn/sstp.rst:177 +#: ../../configuration/vpn/sstp.rst:188 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." -#: ../../configuration/interfaces/vxlan.rst:72 +#: ../../configuration/interfaces/vxlan.rst:77 msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used." msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used." +#: ../../configuration/interfaces/vxlan.rst:94 +msgid "Specifies whether the VXLAN device is capable of vni filtering." +msgstr "Specifies whether the VXLAN device is capable of vni filtering." + #: ../../configuration/protocols/ospf.rst:268 msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." -#: ../../configuration/vpn/sstp.rst:261 +#: ../../configuration/vpn/sstp.rst:272 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." @@ -12806,23 +12130,27 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined." msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined." -#: ../../configuration/firewall/general.rst:663 -#: ../../configuration/firewall/general-legacy.rst:455 +#: ../../configuration/firewall/ipv4.rst:401 +#: ../../configuration/firewall/ipv6.rst:408 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." -#: ../../configuration/service/dhcp-server.rst:620 +#: ../../configuration/service/dhcp-server.rst:550 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Specify a NIS+ server address for DHCPv6 clients." -#: ../../configuration/service/dhcp-server.rst:615 +#: ../../configuration/service/dhcp-server.rst:545 msgid "Specify a NIS server address for DHCPv6 clients." msgstr "Specify a NIS server address for DHCPv6 clients." -#: ../../configuration/service/dhcp-server.rst:625 +#: ../../configuration/service/dhcp-server.rst:555 msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients." msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients." +#: ../../configuration/protocols/pim.rst:129 +msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over." +msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over." + #: ../../configuration/system/task-scheduler.rst:33 msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed." @@ -12870,42 +12198,10 @@ msgid "Specify the LDAP server to connect to." msgstr "Specify the LDAP server to connect to." #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." #: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27 msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." @@ -12929,7 +12225,7 @@ msgstr "Specify the systems `<timezone>` as the Region/Location that best define msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:" msgstr "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:" -#: ../../configuration/service/dns.rst:256 +#: ../../configuration/service/dns.rst:269 msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." @@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed." msgid "Specify timeout interval for keepalive message in seconds." msgstr "Specify timeout interval for keepalive message in seconds." -#: ../../configuration/interfaces/vxlan.rst:170 +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." @@ -12953,7 +12249,11 @@ msgstr "Spoke" msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." -#: ../../configuration/nat/nat44.rst:791 +#: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/nat/nat44.rst:813 msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Start by checking for IPSec SAs (Security Associations) with:" @@ -12961,6 +12261,10 @@ msgstr "Start by checking for IPSec SAs (Security Associations) with:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/index.rst:8 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations." @@ -12981,7 +12285,7 @@ msgstr "Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functiona msgid "Static" msgstr "Static" -#: ../../configuration/service/dhcp-server.rst:224 +#: ../../configuration/service/dhcp-server.rst:189 msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used." msgstr "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used." @@ -13009,13 +12313,13 @@ msgstr "Static Routing or other dynamic routing protocols can be used over the v msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." -#: ../../configuration/service/dhcp-server.rst:209 -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:174 +#: ../../configuration/service/dhcp-server.rst:621 msgid "Static mappings" msgstr "Static mappings" -#: ../../configuration/service/dhcp-server.rst:557 -#: ../../configuration/service/dhcp-server.rst:762 +#: ../../configuration/service/dhcp-server.rst:460 +#: ../../configuration/service/dhcp-server.rst:694 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." @@ -13059,6 +12363,10 @@ msgstr "Supported Modules" msgid "Supported channel width set." msgstr "Supported channel width set." +#: ../../configuration/system/frr.rst:30 +msgid "Supported daemons:" +msgstr "Supported daemons:" + #: ../../configuration/service/router-advert.rst:11 msgid "Supported interface types:" msgstr "Supported interface types:" @@ -13096,15 +12404,18 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect msgid "Sync groups" msgstr "Sync groups" -#: ../../configuration/firewall/general.rst:1264 +#: ../../configuration/firewall/ipv4.rst:911 +#: ../../configuration/firewall/ipv6.rst:920 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/general.rst:1265 +#: ../../configuration/firewall/ipv4.rst:912 +#: ../../configuration/firewall/ipv6.rst:921 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/general.rst:1282 +#: ../../configuration/firewall/ipv4.rst:929 +#: ../../configuration/firewall/ipv6.rst:938 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13177,7 +12488,7 @@ msgstr "System is unusable - a panic condition" msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:416 +#: ../../configuration/system/login.rst:418 msgid "TACACS Example" msgstr "TACACS Example" @@ -13226,6 +12537,14 @@ msgstr "Telegraf output plugin prometheus-client_" msgid "Telegraf output plugin splunk_. HTTP Event Collector." msgstr "Telegraf output plugin splunk_. HTTP Event Collector." +#: ../../configuration/protocols/pim.rst:157 +msgid "Tell PIM that we would not like to use this interface to process bootstrap messages." +msgstr "Tell PIM that we would not like to use this interface to process bootstrap messages." + +#: ../../configuration/protocols/pim.rst:162 +msgid "Tell PIM that we would not like to use this interface to process unicast bootstrap messages." +msgstr "Tell PIM that we would not like to use this interface to process unicast bootstrap messages." + #: ../../configuration/service/router-advert.rst:1 msgid "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information" msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information" @@ -13234,7 +12553,7 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" -#: ../../configuration/vpn/sstp.rst:216 +#: ../../configuration/vpn/sstp.rst:227 msgid "Temporary disable this RADIUS server." msgstr "Temporary disable this RADIUS server." @@ -13266,15 +12585,19 @@ msgstr "Test disconnecting given connection-oriented interface. `<interface>` ca msgid "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example." msgstr "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example." -#: ../../configuration/vpn/sstp.rst:293 +#: ../../configuration/nat/nat64.rst:70 +msgid "Test from the IPv6 only client:" +msgstr "Test from the IPv6 only client:" + +#: ../../configuration/vpn/sstp.rst:305 msgid "Testing SSTP" msgstr "Testing SSTP" -#: ../../configuration/nat/nat44.rst:786 +#: ../../configuration/nat/nat44.rst:808 msgid "Testing and Validation" msgstr "Testing and Validation" -#: ../../configuration/interfaces/vxlan.rst:125 +#: ../../configuration/interfaces/vxlan.rst:146 msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." @@ -13282,7 +12605,7 @@ msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 wil msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." -#: ../../configuration/nat/nat44.rst:806 +#: ../../configuration/nat/nat44.rst:828 msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "That looks good - we defined 2 tunnels and they're both up and running." @@ -13290,7 +12613,7 @@ msgstr "That looks good - we defined 2 tunnels and they're both up and running." msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." -#: ../../configuration/nat/nat44.rst:724 +#: ../../configuration/nat/nat44.rst:746 msgid "The ASP has documented their IPSec requirements:" msgstr "The ASP has documented their IPSec requirements:" @@ -13307,21 +12630,6 @@ msgid "The CLNS address consists of the following parts:" msgstr "The CLNS address consists of the following parts:" #: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 -#: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." @@ -13341,7 +12649,7 @@ msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tr msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." -#: ../../configuration/nat/nat44.rst:505 +#: ../../configuration/nat/nat44.rst:525 msgid "The IP address of the internal system we wish to forward traffic to." msgstr "The IP address of the internal system we wish to forward traffic to." @@ -13365,7 +12673,7 @@ msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." -#: ../../configuration/vpn/openconnect.rst:287 +#: ../../configuration/vpn/openconnect.rst:294 msgid "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"." msgstr "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"." @@ -13393,18 +12701,22 @@ msgstr "The VXLAN specification was originally created by VMware, Arista Network msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server." msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server." -#: ../../configuration/service/dns.rst:160 +#: ../../configuration/service/dns.rst:173 msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64" msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64" -#: ../../configuration/service/dns.rst:158 +#: ../../configuration/service/dns.rst:171 msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6" msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6" -#: ../../configuration/service/dns.rst:162 +#: ../../configuration/service/dns.rst:175 msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server." msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server." +#: ../../configuration/pki/index.rst:254 +msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol." +msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol." + #: ../../configuration/container/index.rst:7 msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." @@ -13466,14 +12778,19 @@ msgstr "The ``source-address`` must be configured on one of VyOS interface. Best msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "The `show bridge` operational command can be used to display configured bridges:" -#: ../../configuration/vpn/openconnect.rst:246 +#: ../../configuration/vpn/openconnect.rst:253 msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." -#: ../../configuration/firewall/general.rst:332 +#: ../../configuration/firewall/ipv4.rst:86 +#: ../../configuration/firewall/ipv6.rst:86 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/pki/index.rst:271 +msgid "The address the server listens to during http-01 challenge" +msgstr "The address the server listens to during http-01 challenge" + #: ../../configuration/protocols/bgp.rst:775 msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology." msgstr "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology." @@ -13483,25 +12800,6 @@ msgid "The allocated address block is 100.64.0.0/10." msgstr "The allocated address block is 100.64.0.0/10." #: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 -#: ../../_include/interface-ipv6.txt:92 msgid "The amount of Duplicate Address Detection probes to send." msgstr "The amount of Duplicate Address Detection probes to send." @@ -13525,7 +12823,7 @@ msgstr "The bonding interface provides a method for aggregating multiple network msgid "The case of ingress shaping" msgstr "The case of ingress shaping" -#: ../../configuration/service/pppoe-server.rst:398 +#: ../../configuration/service/pppoe-server.rst:385 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use." @@ -13541,7 +12839,7 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." -#: ../../configuration/service/pppoe-server.rst:244 +#: ../../configuration/service/pppoe-server.rst:231 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working." @@ -13557,9 +12855,9 @@ msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote syst msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" -#: ../../configuration/service/dhcp-server.rst:244 -#: ../../configuration/service/dhcp-server.rst:670 -#: ../../configuration/service/dhcp-server.rst:712 +#: ../../configuration/service/dhcp-server.rst:210 +#: ../../configuration/service/dhcp-server.rst:601 +#: ../../configuration/service/dhcp-server.rst:644 msgid "The configuration will look as follows:" msgstr "The configuration will look as follows:" @@ -13579,7 +12877,7 @@ msgstr "The connection tracking expect table contains one entry for each expecte msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "The connection tracking table contains one entry for each connection being tracked by the system." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" @@ -13607,30 +12905,18 @@ msgstr "The default hostname used is `vyos`." msgid "The default is 1492." msgstr "The default is 1492." -#: ../../configuration/service/dhcp-server.rst:596 +#: ../../configuration/service/dhcp-server.rst:526 msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds." msgstr "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds." -#: ../../configuration/interfaces/vxlan.rst:336 +#: ../../configuration/interfaces/vxlan.rst:357 msgid "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``" msgstr "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``" -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 +#: ../../configuration/protocols/pim.rst:52 +msgid "The default time is 60 seconds." +msgstr "The default time is 60 seconds." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:15 msgid "The default value corresponds to 64." msgstr "The default value corresponds to 64." @@ -13643,7 +12929,15 @@ msgstr "The default value is 0. This will cause the carrier to be asserted (for msgid "The default value is 300 seconds." msgstr "The default value is 300 seconds." -#: ../../configuration/service/dhcp-server.rst:113 +#: ../../configuration/protocols/pim.rst:214 +msgid "The default value is 3." +msgstr "The default value is 3." + +#: ../../configuration/protocols/pim.rst:68 +msgid "The default value is 3 packets." +msgstr "The default value is 3 packets." + +#: ../../configuration/service/dhcp-server.rst:99 msgid "The default value is 86400 seconds which corresponds to one day." msgstr "The default value is 86400 seconds which corresponds to one day." @@ -13655,25 +12949,29 @@ msgstr "The default value is slow." msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "The default values for the minimum-threshold depend on IP precedence:" -#: ../../configuration/interfaces/vxlan.rst:313 +#: ../../configuration/interfaces/vxlan.rst:334 msgid "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command." msgstr "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command." -#: ../../configuration/service/dhcp-server.rst:200 +#: ../../configuration/interfaces/vxlan.rst:98 +msgid "The device can only receive packets with VNIs configured in the VNI filtering table." +msgstr "The device can only receive packets with VNIs configured in the VNI filtering table." + +#: ../../configuration/service/dhcp-server.rst:165 msgid "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties." msgstr "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties." -#: ../../configuration/service/dhcp-server.rst:36 -#: ../../configuration/service/dhcp-server.rst:138 +#: ../../configuration/service/dhcp-server.rst:31 +#: ../../configuration/service/dhcp-server.rst:124 msgid "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)." msgstr "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)." -#: ../../configuration/service/dhcp-server.rst:45 -#: ../../configuration/service/dhcp-server.rst:145 +#: ../../configuration/service/dhcp-server.rst:40 +#: ../../configuration/service/dhcp-server.rst:131 msgid "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)." msgstr "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)." -#: ../../configuration/nat/nat44.rst:694 +#: ../../configuration/nat/nat44.rst:718 msgid "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network." msgstr "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network." @@ -13689,11 +12987,11 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." -#: ../../configuration/service/pppoe-server.rst:382 +#: ../../configuration/service/pppoe-server.rst:369 msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "The example below covers a dual-stack configuration via pppoe-server." -#: ../../configuration/service/pppoe-server.rst:361 +#: ../../configuration/service/pppoe-server.rst:348 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." @@ -13705,7 +13003,7 @@ msgstr "The example configuration below will assign an IP to the client on the i msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." -#: ../../configuration/nat/nat44.rst:319 +#: ../../configuration/nat/nat44.rst:331 msgid "The external IP address to translate to" msgstr "The external IP address to translate to" @@ -13730,23 +13028,18 @@ msgid "The first and arguably cleaner option is to make your IPsec policy match msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." #: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 -#: ../../_include/interface-disable-flow-control.txt:8 msgid "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard." msgstr "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard." +#: ../../configuration/protocols/pim.rst:93 +msgid "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered." +msgstr "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered." + #: ../../configuration/vpn/dmvpn.rst:63 msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." -#: ../../configuration/vpn/sstp.rst:299 +#: ../../configuration/vpn/sstp.rst:311 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "The following PPP configuration tests MSCHAP-v2:" @@ -13810,6 +13103,10 @@ msgstr "The following example topology was built using EVE-NG." msgid "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:" msgstr "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:" +#: ../../configuration/nat/nat64.rst:40 +msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" @@ -13839,7 +13136,7 @@ msgid "The forwarding delay time is the time spent in each of the listening and msgstr "The forwarding delay time is the time spent in each of the listening and learning states before the Forwarding state is entered. This delay is so that when a new bridge comes onto a busy network it looks at some traffic before participating." #: ../../configuration/service/dhcp-relay.rst:98 -#: ../../configuration/service/dhcp-relay.rst:184 +#: ../../configuration/service/dhcp-relay.rst:186 msgid "The generated configuration will look like:" msgstr "The generated configuration will look like:" @@ -13871,7 +13168,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w msgid "The hostname or IP address of the master" msgstr "The hostname or IP address of the master" -#: ../../configuration/service/dhcp-server.rst:700 +#: ../../configuration/service/dhcp-server.rst:632 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." @@ -13880,12 +13177,10 @@ msgid "The individual spoke configurations only differ in the local IP address o msgstr "The individual spoke configurations only differ in the local IP address on the ``tun10`` interface. See the above diagram for the individual IP addresses." #: ../../_include/interface-vlan-8021ad.txt:25 -#: ../../_include/interface-vlan-8021ad.txt:25 -#: ../../_include/interface-vlan-8021ad.txt:25 msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." -#: ../../configuration/nat/nat44.rst:503 +#: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "The interface traffic will be coming in on;" @@ -13893,7 +13188,7 @@ msgstr "The interface traffic will be coming in on;" msgid "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added." msgstr "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added." -#: ../../configuration/nat/nat44.rst:317 +#: ../../configuration/nat/nat44.rst:329 msgid "The internal IP addresses we want to translate" msgstr "The internal IP addresses we want to translate" @@ -13937,6 +13232,14 @@ msgstr "The local site will have a subnet of 10.0.0.0/16." msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." +#: ../../configuration/firewall/index.rst:20 +msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" +msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" + +#: ../../configuration/firewall/index.rst:92 +msgid "The main structure VyOS firewall cli is shown next:" +msgstr "The main structure VyOS firewall cli is shown next:" + #: ../../configuration/interfaces/bonding.rst:271 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address." @@ -13961,7 +13264,7 @@ msgstr "The minimal echo receive transmission interval that this system is capab msgid "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release." msgstr "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release." -#: ../../configuration/interfaces/vxlan.rst:292 +#: ../../configuration/interfaces/vxlan.rst:313 msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." @@ -14010,12 +13313,10 @@ msgid "The optional parameter register specifies that Registration Request shoul msgstr "The optional parameter register specifies that Registration Request should be sent to this peer on startup." #: ../../_include/interface-vlan-8021ad.txt:10 -#: ../../_include/interface-vlan-8021ad.txt:10 -#: ../../_include/interface-vlan-8021ad.txt:10 msgid "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols." msgstr "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols." -#: ../../configuration/nat/nat44.rst:318 +#: ../../configuration/nat/nat44.rst:330 msgid "The outgoing interface to perform the translation on" msgstr "The outgoing interface to perform the translation on" @@ -14051,11 +13352,11 @@ msgstr "The prefix and ASN that originated it match a signed ROA. These are prob msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements." msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements." -#: ../../configuration/service/dhcp-server.rst:434 +#: ../../configuration/service/dhcp-server.rst:375 msgid "The primary DHCP server uses address `192.168.189.252`" msgstr "The primary DHCP server uses address `192.168.189.252`" -#: ../../configuration/service/dhcp-server.rst:193 +#: ../../configuration/service/dhcp-server.rst:158 msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "The primary and secondary statements determines whether the server is primary or secondary." @@ -14067,7 +13368,7 @@ msgstr "The primary option is only valid for active-backup, transmit-load-balanc msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections." msgstr "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections." -#: ../../configuration/service/dhcp-server.rst:609 +#: ../../configuration/service/dhcp-server.rst:539 msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" @@ -14075,7 +13376,7 @@ msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "The prompt is adjusted to reflect this change in both config and op-mode." -#: ../../configuration/nat/nat44.rst:504 +#: ../../configuration/nat/nat44.rst:524 msgid "The protocol and port we wish to forward;" msgstr "The protocol and port we wish to forward;" @@ -14124,7 +13425,7 @@ msgstr "The remote user will use the openconnect client to connect to the router msgid "The required config file may look like this:" msgstr "The required config file may look like this:" -#: ../../configuration/nat/nat44.rst:683 +#: ../../configuration/nat/nat44.rst:707 msgid "The required configuration can be broken down into 4 major pieces:" msgstr "The required configuration can be broken down into 4 major pieces:" @@ -14160,7 +13461,7 @@ msgstr "The router should discard DHCP packages already containing relay agent i msgid "The sFlow accounting based on hsflowd https://sflow.net/" msgstr "The sFlow accounting based on hsflowd https://sflow.net/" -#: ../../configuration/vpn/openconnect.rst:263 +#: ../../configuration/vpn/openconnect.rst:270 msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." @@ -14172,7 +13473,7 @@ msgstr "The scheme above doesn't work when one of the routers has a dynamic exte msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`." msgstr "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`." -#: ../../configuration/service/dhcp-server.rst:435 +#: ../../configuration/service/dhcp-server.rst:376 msgid "The secondary DHCP server uses address `192.168.189.253`" msgstr "The secondary DHCP server uses address `192.168.189.253`" @@ -14184,7 +13485,7 @@ msgstr "The security approach in SNMPv3 targets:" msgid "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``" msgstr "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``" -#: ../../configuration/interfaces/vxlan.rst:168 +#: ../../configuration/interfaces/vxlan.rst:189 msgid "The setup is this: Leaf2 - Spine1 - Leaf3" msgstr "The setup is this: Leaf2 - Spine1 - Leaf3" @@ -14197,11 +13498,6 @@ msgid "The speed (baudrate) of the console device. Supported values are:" msgstr "The speed (baudrate) of the console device. Supported values are:" #: ../../_include/interface-vlan-8021q.txt:16 -#: ../../_include/interface-vlan-8021q.txt:16 -#: ../../_include/interface-vlan-8021q.txt:16 -#: ../../_include/interface-vlan-8021q.txt:16 -#: ../../_include/interface-vlan-8021q.txt:16 -#: ../../_include/interface-vlan-8021q.txt:16 msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." @@ -14221,7 +13517,7 @@ msgstr "The table consists of following data:" msgid "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_." msgstr "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_." -#: ../../configuration/nat/nat44.rst:233 +#: ../../configuration/nat/nat44.rst:245 msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." @@ -14245,22 +13541,7 @@ msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for mult msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 -#: ../../_include/interface-dhcp-options.txt:31 +#: ../../_include/interface-dhcp-options.txt:36 msgid "The vendor-class-id option can be used to request a specific class of vendor options from the server." msgstr "The vendor-class-id option can be used to request a specific class of vendor options from the server." @@ -14276,7 +13557,7 @@ msgstr "The window size must be between 1 and 21." msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." -#: ../../configuration/nat/nat44.rst:597 +#: ../../configuration/nat/nat44.rst:621 msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE." msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE." @@ -14300,16 +13581,22 @@ msgstr "There's a variety of client GUI frontends for any platform" msgid "There are 3 default NTP server set. You are able to change them." msgstr "There are 3 default NTP server set. You are able to change them." -#: ../../configuration/firewall/general.rst:536 -#: ../../configuration/firewall/general-legacy.rst:380 +#: ../../configuration/firewall/ipv4.rst:269 +#: ../../configuration/firewall/ipv6.rst:269 msgid "There are a lot of matching criteria against which the package can be tested." msgstr "There are a lot of matching criteria against which the package can be tested." +#: ../../configuration/firewall/bridge.rst:221 +#: ../../configuration/firewall/ipv4.rst:303 +#: ../../configuration/firewall/ipv6.rst:303 +msgid "There are a lot of matching criteria against which the packet can be tested." +msgstr "There are a lot of matching criteria against which the packet can be tested." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." -#: ../../configuration/system/ipv6.rst:91 +#: ../../configuration/system/ipv6.rst:92 msgid "There are different parameters for getting prefix-list information:" msgstr "There are different parameters for getting prefix-list information:" @@ -14362,33 +13649,9 @@ msgid "There is also a GRE over IPv6 encapsulation available, it is called: ``ip msgstr "There is also a GRE over IPv6 encapsulation available, it is called: ``ip6gre``." #: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 -#: ../../_include/interface-vrf.txt:6 msgid "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information." msgstr "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information." -#: ../../configuration/protocols/igmp.rst:93 #: ../../configuration/protocols/pim6.rst:27 msgid "These are the commands for a basic setup." msgstr "These are the commands for a basic setup." @@ -14413,6 +13676,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u msgid "They can be **decimal** prefixes." msgstr "They can be **decimal** prefixes." +#: ../../configuration/firewall/flowtables.rst:102 +msgid "Things to be considred in this setup:" +msgstr "Things to be considred in this setup:" + #: ../../configuration/interfaces/l2tpv3.rst:54 msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." @@ -14438,6 +13705,10 @@ msgstr "This algorithm will place all traffic to a particular network peer on th msgid "This allows avoiding the timers defined in BGP and OSPF protocol to expires." msgstr "This allows avoiding the timers defined in BGP and OSPF protocol to expires." +#: ../../configuration/system/frr.rst:17 +msgid "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen." +msgstr "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen." + #: ../../configuration/service/dns.rst:41 msgid "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)." msgstr "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)." @@ -14503,7 +13774,7 @@ msgstr "This command allows to specify the distribution type for the network con msgid "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table." msgstr "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table." -#: ../../configuration/protocols/ospf.rst:1259 +#: ../../configuration/protocols/ospf.rst:1261 msgid "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static." msgstr "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static." @@ -14734,23 +14005,27 @@ msgstr "This command disables route reflection between route reflector clients. msgid "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3" msgstr "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3" -#: ../../configuration/protocols/bgp.rst:1008 +#: ../../configuration/protocols/isis.rst:318 +msgid "This command disables the load sharing across multiple LFA backups." +msgstr "This command disables the load sharing across multiple LFA backups." + +#: ../../configuration/protocols/bgp.rst:1009 msgid "This command displays BGP dampened routes." msgstr "This command displays BGP dampened routes." -#: ../../configuration/protocols/bgp.rst:1031 +#: ../../configuration/protocols/bgp.rst:1032 msgid "This command displays BGP received-routes that are accepted after filtering." msgstr "This command displays BGP received-routes that are accepted after filtering." -#: ../../configuration/protocols/bgp.rst:1021 +#: ../../configuration/protocols/bgp.rst:1022 msgid "This command displays BGP routes advertised to a neighbor." msgstr "This command displays BGP routes advertised to a neighbor." -#: ../../configuration/protocols/bgp.rst:1016 +#: ../../configuration/protocols/bgp.rst:1017 msgid "This command displays BGP routes allowed by the specified AS Path access list." msgstr "This command displays BGP routes allowed by the specified AS Path access list." -#: ../../configuration/protocols/bgp.rst:1025 +#: ../../configuration/protocols/bgp.rst:1026 msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled." msgstr "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled." @@ -14763,17 +14038,17 @@ msgid "This command displays RIP routes." msgstr "This command displays RIP routes." #: ../../configuration/protocols/ospf.rst:785 -#: ../../configuration/protocols/ospf.rst:1304 +#: ../../configuration/protocols/ospf.rst:1306 msgid "This command displays a database contents for a specific link advertisement type." msgstr "This command displays a database contents for a specific link advertisement type." #: ../../configuration/protocols/ospf.rst:752 -#: ../../configuration/protocols/ospf.rst:1299 +#: ../../configuration/protocols/ospf.rst:1301 msgid "This command displays a summary table with a database contents (LSA)." msgstr "This command displays a summary table with a database contents (LSA)." #: ../../configuration/protocols/ospf.rst:747 -#: ../../configuration/protocols/ospf.rst:1294 +#: ../../configuration/protocols/ospf.rst:1296 msgid "This command displays a table of paths to area boundary and autonomous system boundary routers." msgstr "This command displays a table of paths to area boundary and autonomous system boundary routers." @@ -14781,35 +14056,35 @@ msgstr "This command displays a table of paths to area boundary and autonomous s msgid "This command displays all entries in BGP routing table." msgstr "This command displays all entries in BGP routing table." -#: ../../configuration/protocols/bgp.rst:1035 +#: ../../configuration/protocols/bgp.rst:1036 msgid "This command displays dampened routes received from BGP neighbor." msgstr "This command displays dampened routes received from BGP neighbor." -#: ../../configuration/protocols/ospf.rst:1309 +#: ../../configuration/protocols/ospf.rst:1311 msgid "This command displays external information redistributed into OSPFv3" msgstr "This command displays external information redistributed into OSPFv3" -#: ../../configuration/protocols/bgp.rst:1039 +#: ../../configuration/protocols/bgp.rst:1040 msgid "This command displays information about BGP routes whose AS path matches the specified regular expression." msgstr "This command displays information about BGP routes whose AS path matches the specified regular expression." -#: ../../configuration/protocols/bgp.rst:1012 +#: ../../configuration/protocols/bgp.rst:1013 msgid "This command displays information about flapping BGP routes." msgstr "This command displays information about flapping BGP routes." -#: ../../configuration/protocols/bgp.rst:976 +#: ../../configuration/protocols/bgp.rst:977 msgid "This command displays information about the particular entry in the BGP routing table." msgstr "This command displays information about the particular entry in the BGP routing table." -#: ../../configuration/protocols/bgp.rst:1003 +#: ../../configuration/protocols/bgp.rst:1004 msgid "This command displays routes that are permitted by the BGP community list." msgstr "This command displays routes that are permitted by the BGP community list." -#: ../../configuration/protocols/bgp.rst:996 +#: ../../configuration/protocols/bgp.rst:997 msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise." msgstr "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise." -#: ../../configuration/protocols/bgp.rst:992 +#: ../../configuration/protocols/bgp.rst:993 msgid "This command displays routes with classless interdomain routing (CIDR)." msgstr "This command displays routes with classless interdomain routing (CIDR)." @@ -14817,11 +14092,11 @@ msgstr "This command displays routes with classless interdomain routing (CIDR)." msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given." msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given." -#: ../../configuration/protocols/ospf.rst:1283 +#: ../../configuration/protocols/ospf.rst:1285 msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise." msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise." -#: ../../configuration/protocols/ospf.rst:1289 +#: ../../configuration/protocols/ospf.rst:1291 msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation." msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation." @@ -14829,12 +14104,12 @@ msgstr "This command displays the OSPF routing table, as determined by the most msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown." msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown." -#: ../../configuration/protocols/ospf.rst:1279 +#: ../../configuration/protocols/ospf.rst:1281 msgid "This command displays the neighbor DR choice information." msgstr "This command displays the neighbor DR choice information." #: ../../configuration/protocols/ospf.rst:623 -#: ../../configuration/protocols/ospf.rst:1274 +#: ../../configuration/protocols/ospf.rst:1276 msgid "This command displays the neighbors information in a detailed form, not just a summary table." msgstr "This command displays the neighbors information in a detailed form, not just a summary table." @@ -14843,7 +14118,7 @@ msgid "This command displays the neighbors information in a detailed form for a msgstr "This command displays the neighbors information in a detailed form for a neighbor whose IP address is specified." #: ../../configuration/protocols/ospf.rst:613 -#: ../../configuration/protocols/ospf.rst:1270 +#: ../../configuration/protocols/ospf.rst:1272 msgid "This command displays the neighbors status." msgstr "This command displays the neighbors status." @@ -14851,7 +14126,7 @@ msgstr "This command displays the neighbors status." msgid "This command displays the neighbors status for a neighbor on the specified interface." msgstr "This command displays the neighbors status for a neighbor on the specified interface." -#: ../../configuration/protocols/bgp.rst:1044 +#: ../../configuration/protocols/bgp.rst:1045 msgid "This command displays the status of all BGP connections." msgstr "This command displays the status of all BGP connections." @@ -14863,6 +14138,10 @@ msgstr "This command enable/disables summarisation for the configured address ra msgid "This command enable logging neighbor up/down changes and reset reason." msgstr "This command enable logging neighbor up/down changes and reset reason." +#: ../../configuration/protocols/isis.rst:311 +msgid "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups." +msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups." + #: ../../configuration/protocols/isis.rst:70 msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." @@ -14946,6 +14225,10 @@ msgstr "This command is only allowed for eBGP peers." msgid "This command is only allowed for eBGP peers. It is not applicable for peer groups." msgstr "This command is only allowed for eBGP peers. It is not applicable for peer groups." +#: ../../configuration/protocols/pim.rst:70 +msgid "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing." +msgstr "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing." + #: ../../configuration/protocols/rip.rst:106 msgid "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`." msgstr "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`." @@ -15006,7 +14289,7 @@ msgstr "This command redistributes routing information from the given route sour msgid "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static." msgstr "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static." -#: ../../configuration/protocols/ospf.rst:1253 +#: ../../configuration/protocols/ospf.rst:1255 msgid "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static." msgstr "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static." @@ -15014,19 +14297,19 @@ msgstr "This command redistributes routing information from the given route sour msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers." msgstr "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers." -#: ../../configuration/protocols/bgp.rst:1067 +#: ../../configuration/protocols/bgp.rst:1068 msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." msgstr "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." -#: ../../configuration/protocols/bgp.rst:1087 +#: ../../configuration/protocols/bgp.rst:1088 msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." msgstr "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered." -#: ../../configuration/protocols/bgp.rst:1074 +#: ../../configuration/protocols/bgp.rst:1075 msgid "This command resets all BGP connections of given router." msgstr "This command resets all BGP connections of given router." -#: ../../configuration/protocols/bgp.rst:1083 +#: ../../configuration/protocols/bgp.rst:1084 msgid "This command resets all external BGP peers of given router." msgstr "This command resets all external BGP peers of given router." @@ -15431,56 +14714,18 @@ msgstr "This command summarizes intra area paths from specified area into one su msgid "This command to ensure not advertise the summary lsa for the matched external LSAs." msgstr "This command to ensure not advertise the summary lsa for the matched external LSAs." -#: ../../configuration/protocols/bgp.rst:1078 +#: ../../configuration/protocols/bgp.rst:1079 msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes." msgstr "This command uses to clear BGP route dampening information and to unsuppress suppressed routes." #: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 -#: ../../_include/interface-ipv6.txt:65 msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``" msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``" -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 #: ../../configuration/interfaces/pppoe.rst:212 #: ../../configuration/interfaces/pppoe.rst:258 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 #: ../../configuration/interfaces/sstp-client.rst:84 #: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 -#: ../../_include/interface-ip.txt:9 msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``" msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``" @@ -15494,6 +14739,10 @@ msgstr "This command will change the hold down value for IGP-LDP synchronization msgid "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events." msgstr "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events." +#: ../../configuration/protocols/isis.rst:324 +msgid "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first." +msgstr "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first." + #: ../../configuration/protocols/isis.rst:134 msgid "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt." msgstr "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt." @@ -15510,25 +14759,32 @@ msgstr "This command will generate a default-route in L1 database." msgid "This command will generate a default-route in L2 database." msgstr "This command will generate a default-route in L2 database." -#: ../../configuration/firewall/general.rst:1457 -#: ../../configuration/firewall/general-legacy.rst:904 +#: ../../configuration/firewall/ipv6.rst:1113 msgid "This command will give an overview of a rule in a single rule-set" msgstr "This command will give an overview of a rule in a single rule-set" +#: ../../configuration/firewall/ipv4.rst:1091 +msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." +msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." + #: ../../configuration/firewall/general-legacy.rst:940 msgid "This command will give an overview of a rule in a single rule-set." msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/general.rst:1435 -#: ../../configuration/firewall/general-legacy.rst:932 +#: ../../configuration/firewall/ipv4.rst:1072 +#: ../../configuration/firewall/ipv6.rst:1088 msgid "This command will give an overview of a single rule-set." msgstr "This command will give an overview of a single rule-set." +#: ../../configuration/protocols/isis.rst:330 +msgid "This command will limit LFA backup computation up to the specified prefix priority." +msgstr "This command will limit LFA backup computation up to the specified prefix priority." + #: ../../configuration/protocols/bgp.rst:268 msgid "This command would allow the dynamic update of capabilities over an established BGP session." msgstr "This command would allow the dynamic update of capabilities over an established BGP session." -#: ../../configuration/interfaces/vxlan.rst:272 +#: ../../configuration/interfaces/vxlan.rst:293 msgid "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised." msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised." @@ -15548,7 +14804,12 @@ msgstr "This configuration listen on port 80 and redirect incoming requests to H msgid "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table." msgstr "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table." -#: ../../configuration/service/dhcp-server.rst:78 +#: ../../configuration/service/dhcp-server.rst:76 +#: ../../configuration/service/dhcp-server.rst:520 +msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries." +msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries." + +#: ../../configuration/service/dhcp-server.rst:58 msgid "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents." msgstr "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents." @@ -15572,30 +14833,11 @@ msgstr "This defaults to 1812." msgid "This defaults to 2007." msgstr "This defaults to 2007." -#: ../../configuration/service/dns.rst:258 +#: ../../configuration/service/dns.rst:271 msgid "This defaults to 300 seconds." msgstr "This defaults to 300 seconds." #: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 -#: ../../_include/interface-ip.txt:25 msgid "This defaults to 30 seconds." msgstr "This defaults to 30 seconds." @@ -15611,6 +14853,14 @@ msgstr "This defaults to 5." msgid "This defaults to UDP" msgstr "This defaults to UDP" +#: ../../configuration/service/https.rst:52 +msgid "This defaults to both 1.2 and 1.3." +msgstr "This defaults to both 1.2 and 1.3." + +#: ../../configuration/pki/index.rst:283 +msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" +msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" + #: ../../configuration/interfaces/wireless.rst:101 msgid "This defaults to phy0." msgstr "This defaults to phy0." @@ -15635,7 +14885,7 @@ msgstr "This enables :rfc:`3137` support, where the OSPF process describes its t msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "This enables the greenfield option which sets the ``[GF]`` option" -#: ../../configuration/nat/nat44.rst:546 +#: ../../configuration/nat/nat44.rst:568 msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." @@ -15647,28 +14897,28 @@ msgstr "This example shows how to target an MSS clamp (in our example to 1360 by msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs." msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs." -#: ../../configuration/service/dns.rst:391 +#: ../../configuration/service/dns.rst:404 msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/general.rst:626 -#: ../../configuration/firewall/general-legacy.rst:431 +#: ../../configuration/firewall/ipv4.rst:376 +#: ../../configuration/firewall/ipv6.rst:378 msgid "This functions for both individual addresses and address groups." msgstr "This functions for both individual addresses and address groups." -#: ../../configuration/protocols/isis.rst:449 +#: ../../configuration/protocols/isis.rst:477 #: ../../configuration/protocols/ospf.rst:968 msgid "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:" msgstr "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:" -#: ../../configuration/protocols/isis.rst:501 +#: ../../configuration/protocols/isis.rst:529 #: ../../configuration/protocols/ospf.rst:1018 #: ../../configuration/protocols/segment-routing.rst:229 #: ../../configuration/protocols/segment-routing.rst:312 msgid "This gives us MPLS segment routing enabled and labels for far end loopbacks:" msgstr "This gives us MPLS segment routing enabled and labels for far end loopbacks:" -#: ../../configuration/protocols/isis.rst:339 +#: ../../configuration/protocols/isis.rst:367 msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "This gives us the following neighborships, Level 1 and Level 2:" @@ -15680,11 +14930,11 @@ msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolu msgid "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources." msgstr "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources." -#: ../../configuration/service/dhcp-server.rst:96 +#: ../../configuration/service/dhcp-server.rst:82 msgid "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`." msgstr "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`." -#: ../../configuration/service/dhcp-server.rst:103 +#: ../../configuration/service/dhcp-server.rst:89 msgid "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`." msgstr "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`." @@ -15696,6 +14946,11 @@ msgstr "This is a mandatory command. Sets regular expression to match against lo msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable." msgstr "This is a mandatory command. Sets the full path to the script. The script file must be executable." +#: ../../configuration/pki/index.rst:261 +#: ../../configuration/pki/index.rst:267 +msgid "This is a mandatory option" +msgstr "This is a mandatory option" + #: ../../configuration/protocols/rpki.rst:117 #: ../../configuration/protocols/rpki.rst:124 msgid "This is a mandatory setting." @@ -15726,29 +14981,10 @@ msgid "This is an optional command because the event handler will be automatical msgstr "This is an optional command because the event handler will be automatically created after any of the next commands." #: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 -#: ../../_include/interface-ip.txt:156 msgid "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing." msgstr "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing." -#: ../../configuration/protocols/igmp.rst:208 +#: ../../configuration/protocols/igmp-proxy.rst:36 msgid "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location." msgstr "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location." @@ -15777,13 +15013,13 @@ msgstr "This is the LAN extension use case. The eth0 port of the distant VPN pee msgid "This is the LCD model used in your system." msgstr "This is the LCD model used in your system." -#: ../../configuration/service/dhcp-server.rst:40 -#: ../../configuration/service/dhcp-server.rst:49 -#: ../../configuration/service/dhcp-server.rst:56 +#: ../../configuration/service/dhcp-server.rst:35 +#: ../../configuration/service/dhcp-server.rst:44 +#: ../../configuration/service/dhcp-server.rst:51 msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally." msgstr "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally." -#: ../../configuration/service/dhcp-server.rst:232 +#: ../../configuration/service/dhcp-server.rst:197 msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd." msgstr "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd." @@ -15795,7 +15031,7 @@ msgstr "This is the name of the physical interface used to connect to your LCD d msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" -#: ../../configuration/service/dhcp-server.rst:230 +#: ../../configuration/service/dhcp-server.rst:195 msgid "This is useful, for example, in combination with hostfile update." msgstr "This is useful, for example, in combination with hostfile update." @@ -15808,25 +15044,6 @@ msgid "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168. msgstr "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones." #: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 -#: ../../_include/interface-ipv6.txt:12 msgid "This method automatically disables IPv6 traffic forwarding on the interface in question." msgstr "This method automatically disables IPv6 traffic forwarding on the interface in question." @@ -15847,11 +15064,11 @@ msgstr "This mode provides load balancing and fault tolerance." msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." -#: ../../configuration/service/dhcp-server.rst:133 +#: ../../configuration/service/dhcp-server.rst:119 msgid "This option can be specified multiple times." msgstr "This option can be specified multiple times." -#: ../../configuration/protocols/igmp.rst:211 +#: ../../configuration/protocols/igmp-proxy.rst:39 msgid "This option can be supplied multiple times." msgstr "This option can be supplied multiple times." @@ -15863,7 +15080,15 @@ msgstr "This option is mandatory in Access-Point mode." msgid "This option is required when running a DMVPN spoke." msgstr "This option is required when running a DMVPN spoke." -#: ../../configuration/system/login.rst:388 +#: ../../_include/interface-dhcp-options.txt:86 +msgid "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor." +msgstr "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor." + +#: ../../_include/interface-dhcp-options.txt:31 +msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." +msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." + +#: ../../configuration/system/login.rst:390 msgid "This option must be used with ``timeout`` option." msgstr "This option must be used with ``timeout`` option." @@ -15876,6 +15101,10 @@ msgstr "This option only affects 802.3ad mode." msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." +#: ../../configuration/pki/index.rst:277 +msgid "This options defaults to 2048" +msgstr "This options defaults to 2048" + #: ../../configuration/protocols/ospf.rst:326 msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" @@ -15892,7 +15121,9 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." -#: ../../configuration/firewall/general.rst:360 +#: ../../configuration/firewall/bridge.rst:90 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." @@ -15905,7 +15136,7 @@ msgstr "This requires two files, one to create the device (XXX.netdev) and one t msgid "This results in the active configuration:" msgstr "This results in the active configuration:" -#: ../../configuration/service/dhcp-server.rst:88 +#: ../../configuration/service/dhcp-server.rst:68 msgid "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network." msgstr "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network." @@ -15918,19 +15149,6 @@ msgid "This section describes the system's host information and how to configure msgstr "This section describes the system's host information and how to configure them, it covers the following topics:" #: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 -#: ../../_include/need_improvement.txt:11 msgid "This section needs improvements, examples and explanations." msgstr "This section needs improvements, examples and explanations." @@ -15938,10 +15156,17 @@ msgstr "This section needs improvements, examples and explanations." msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed." -#: ../../configuration/firewall/general.rst:392 +#: ../../configuration/firewall/ipv4.rst:142 +#: ../../configuration/firewall/ipv6.rst:142 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." +#: ../../configuration/firewall/bridge.rst:132 +#: ../../configuration/firewall/ipv4.rst:179 +#: ../../configuration/firewall/ipv6.rst:179 +msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." +msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." + #: ../../configuration/interfaces/openvpn.rst:278 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." @@ -15958,13 +15183,11 @@ msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amou msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "This setting defaults to 1500 and is valid between 10 and 60000." -#: ../../configuration/firewall/general.rst:121 -#: ../../configuration/firewall/general-legacy.rst:73 +#: ../../configuration/firewall/global-options.rst:58 msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" -#: ../../configuration/firewall/general.rst:129 -#: ../../configuration/firewall/general-legacy.rst:81 +#: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" @@ -15973,21 +15196,6 @@ msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp- msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" #: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 -#: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." @@ -15995,30 +15203,11 @@ msgstr "This statement specifies dhcp6c to only exchange informational configura msgid "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400." msgstr "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400." -#: ../../configuration/nat/nat44.rst:409 +#: ../../configuration/nat/nat44.rst:423 msgid "This technique is commonly referred to as NAT Reflection or Hairpin NAT." msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT." #: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 -#: ../../_include/interface-ip.txt:164 msgid "This technology is known by different names:" msgstr "This technology is known by different names:" @@ -16026,7 +15215,7 @@ msgstr "This technology is known by different names:" msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." -#: ../../configuration/interfaces/vxlan.rst:173 +#: ../../configuration/interfaces/vxlan.rst:194 msgid "This topology was built using GNS3." msgstr "This topology was built using GNS3." @@ -16042,26 +15231,37 @@ msgstr "This will configure a static ARP entry always resolving `<address>` to ` msgid "This will match TCP traffic with source port 80." msgstr "This will match TCP traffic with source port 80." -#: ../../configuration/service/dns.rst:282 +#: ../../configuration/service/dns.rst:295 msgid "This will render the following ddclient_ configuration entry:" msgstr "This will render the following ddclient_ configuration entry:" -#: ../../configuration/firewall/general.rst:1314 -#: ../../configuration/firewall/general-legacy.rst:785 +#: ../../configuration/firewall/ipv6.rst:969 msgid "This will show you a basic firewall overview" msgstr "This will show you a basic firewall overview" +#: ../../configuration/firewall/ipv4.rst:961 +msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" + +#: ../../configuration/firewall/zone.rst:149 +msgid "This will show you a basic summary of a particular zone." +msgstr "This will show you a basic summary of a particular zone." + +#: ../../configuration/firewall/zone.rst:132 +msgid "This will show you a basic summary of zones configuration." +msgstr "This will show you a basic summary of zones configuration." + #: ../../configuration/firewall/general-legacy.rst:936 msgid "This will show you a rule-set statistic since the last boot." msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/general.rst:1479 -#: ../../configuration/firewall/general-legacy.rst:900 +#: ../../configuration/firewall/ipv4.rst:1112 +#: ../../configuration/firewall/ipv6.rst:1135 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/general.rst:1377 -#: ../../configuration/firewall/general-legacy.rst:851 +#: ../../configuration/firewall/ipv4.rst:1016 +#: ../../configuration/firewall/ipv6.rst:1032 msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" @@ -16069,7 +15269,7 @@ msgstr "This will show you a summary of rule-sets and groups" msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." -#: ../../configuration/nat/nat44.rst:566 +#: ../../configuration/nat/nat44.rst:590 msgid "This would generate the following configuration:" msgstr "This would generate the following configuration:" @@ -16105,8 +15305,8 @@ msgstr "Time in seconds that the prefix will remain valid (default: 30 days)" msgid "Time is in minutes and defaults to 60." msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/general.rst:1211 -#: ../../configuration/firewall/general-legacy.rst:722 +#: ../../configuration/firewall/ipv4.rst:874 +#: ../../configuration/firewall/ipv6.rst:883 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Time to match the defined rule." @@ -16115,11 +15315,11 @@ msgstr "Time to match the defined rule." msgid "Timeout in seconds between health target checks." msgstr "Timeout in seconds between health target checks." -#: ../../configuration/vpn/sstp.rst:223 +#: ../../configuration/vpn/sstp.rst:234 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" -#: ../../configuration/vpn/sstp.rst:243 +#: ../../configuration/vpn/sstp.rst:254 msgid "Timeout to wait response from server (seconds)" msgstr "Timeout to wait response from server (seconds)" @@ -16136,7 +15336,15 @@ msgstr "To activate the VLAN aware bridge, you must activate this setting to use msgid "To allow VPN-clients access via your external address, a NAT rule is required:" msgstr "To allow VPN-clients access via your external address, a NAT rule is required:" -#: ../../configuration/vpn/site2site_ipsec.rst:253 +#: ../../configuration/service/mdns.rst:68 +msgid "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:" +msgstr "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:" + +#: ../../configuration/service/mdns.rst:60 +msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:" +msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:" + +#: ../../configuration/vpn/site2site_ipsec.rst:257 msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)" msgstr "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)" @@ -16152,16 +15360,45 @@ msgstr "To auto update the blacklist files" msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition." msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition." +#: ../../configuration/service/pppoe-server.rst:59 +msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option." +msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option." + #: ../../configuration/firewall/general-legacy.rst:314 msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/general.rst:401 -#: ../../configuration/firewall/general-legacy.rst:295 +#: ../../configuration/firewall/bridge.rst:140 +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." -#: ../../configuration/firewall/general.rst:374 +#: ../../configuration/firewall/ipv4.rst:126 +#: ../../configuration/firewall/ipv6.rst:126 +msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." + +#: ../../configuration/firewall/bridge.rst:120 +#: ../../configuration/firewall/ipv4.rst:163 +#: ../../configuration/firewall/ipv6.rst:163 +msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." +msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." + +#: ../../configuration/firewall/bridge.rst:111 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." + +#: ../../configuration/firewall/bridge.rst:103 +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." + +#: ../../configuration/firewall/ipv4.rst:126 +#: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." msgstr "To be used only when action is set to jump. Use this command to specify jump target." @@ -16177,11 +15414,11 @@ msgstr "To bypass the proxy for every request that is directed to a specific des msgid "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe." msgstr "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe." -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:179 msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:79 +#: ../../configuration/firewall/index.rst:173 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -16209,7 +15446,7 @@ msgstr "To configure your LCD display you must first identify the used hardware, msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." -#: ../../configuration/system/login.rst:375 +#: ../../configuration/system/login.rst:377 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." @@ -16221,7 +15458,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports." msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" -#: ../../configuration/firewall/zone.rst:61 +#: ../../configuration/firewall/zone.rst:80 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "To define a zone setup either one with interfaces or a local zone." @@ -16233,7 +15470,7 @@ msgstr "To disable advertisements without deleting the configuration:" msgid "To display the configured OTP user key, use the command:" msgstr "To display the configured OTP user key, use the command:" -#: ../../configuration/vpn/openconnect.rst:219 +#: ../../configuration/vpn/openconnect.rst:226 msgid "To display the configured OTP user settings, use the command:" msgstr "To display the configured OTP user settings, use the command:" @@ -16254,7 +15491,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:23 +#: ../../configuration/service/https.rst:68 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -16262,6 +15499,14 @@ msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`mon msgid "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section." msgstr "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section." +#: ../../configuration/service/mdns.rst:23 +msgid "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section." +msgstr "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section." + +#: ../../configuration/vpn/openconnect.rst:168 +msgid "To enable the HTTP security headers in the configuration file, use the command:" +msgstr "To enable the HTTP security headers in the configuration file, use the command:" + #: ../../configuration/loadbalancing/wan.rst:115 msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" @@ -16282,7 +15527,7 @@ msgstr "To generate the CA, the server private key and certificates the followin msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." -#: ../../configuration/service/dhcp-server.rst:636 +#: ../../configuration/service/dhcp-server.rst:566 msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "To hand out individual prefixes to your clients the following configuration is used:" @@ -16290,7 +15535,7 @@ msgstr "To hand out individual prefixes to your clients the following configurat msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "To know more about scripting, check the :ref:`command-scripting` section." -#: ../../configuration/service/mdns.rst:36 +#: ../../configuration/service/mdns.rst:52 msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:" msgstr "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:" @@ -16304,34 +15549,18 @@ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip osp msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "To request a /56 prefix from your ISP use:" -#: ../../configuration/service/dhcp-server.rst:748 +#: ../../configuration/service/dhcp-server.rst:680 msgid "To restart the DHCPv6 server" msgstr "To restart the DHCPv6 server" -#: ../../configuration/nat/nat44.rst:315 +#: ../../configuration/nat/nat44.rst:327 msgid "To setup SNAT, we need to know:" msgstr "To setup SNAT, we need to know:" -#: ../../configuration/nat/nat44.rst:501 +#: ../../configuration/nat/nat44.rst:521 msgid "To setup a destination NAT rule we need to gather:" msgstr "To setup a destination NAT rule we need to gather:" @@ -16343,11 +15572,11 @@ msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used." msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used." -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/pppoe-server.rst:93 msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it." msgstr "To use a radius server, you need to switch to authentication mode RADIUS and then configure it." -#: ../../configuration/service/dns.rst:308 +#: ../../configuration/service/dns.rst:321 msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server." msgstr "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server." @@ -16355,15 +15584,15 @@ msgstr "To use such a service, one must define a login, password, one or multipl msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" -#: ../../configuration/service/https.rst:86 +#: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "To use this full configuration we asume a public accessible hostname." -#: ../../configuration/interfaces/vxlan.rst:175 +#: ../../configuration/interfaces/vxlan.rst:196 msgid "Topology:" msgstr "Topology:" -#: ../../configuration/interfaces/vxlan.rst:107 +#: ../../configuration/interfaces/vxlan.rst:128 msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" @@ -16379,7 +15608,7 @@ msgstr "Track option to track non VRRP interface states. VRRP changes status to msgid "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)." msgstr "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:175 msgid "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself." msgstr "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself." @@ -16399,7 +15628,7 @@ msgstr "Traffic Filters are used to control which packets will have the defined msgid "Traffic Policy" msgstr "Traffic Policy" -#: ../../configuration/firewall/zone.rst:37 +#: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member." @@ -16411,10 +15640,19 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)." -#: ../../configuration/firewall/general.rst:1281 +#: ../../configuration/protocols/pim.rst:18 +msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." +msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." + +#: ../../configuration/firewall/ipv4.rst:928 +#: ../../configuration/firewall/ipv6.rst:937 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" +#: ../../configuration/firewall/bridge.rst:34 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" + #: ../../configuration/highavailability/index.rst:322 msgid "Transition scripts" msgstr "Transition scripts" @@ -16427,11 +15665,11 @@ msgstr "Transition scripts can help you implement various fixups, such as starti msgid "Transparent Proxy" msgstr "Transparent Proxy" +#: ../../configuration/interfaces/openvpn.rst:701 #: ../../configuration/interfaces/tunnel.rst:227 msgid "Troubleshooting" msgstr "Troubleshooting" -#: ../../configuration/protocols/igmp.rst:119 #: ../../configuration/protocols/pim6.rst:41 msgid "Tuning commands" msgstr "Tuning commands" @@ -16448,6 +15686,10 @@ msgstr "Tunnel keys" msgid "Two environment variables are available:" msgstr "Two environment variables are available:" +#: ../../configuration/firewall/flowtables.rst:104 +msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" +msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" + #: ../../configuration/service/ssh.rst:188 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." @@ -16460,7 +15702,7 @@ msgstr "Two routers connected both via eth1 through an untrusted switch" msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." -#: ../../configuration/nat/nat44.rst:594 +#: ../../configuration/nat/nat44.rst:618 msgid "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**." msgstr "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**." @@ -16504,7 +15746,7 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" -#: ../../configuration/interfaces/vxlan.rst:81 +#: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -16512,7 +15754,7 @@ msgstr "Unicast" msgid "Unicast VRRP" msgstr "Unicast VRRP" -#: ../../configuration/interfaces/vxlan.rst:319 +#: ../../configuration/interfaces/vxlan.rst:340 msgid "Unicast VXLAN" msgstr "Unicast VXLAN" @@ -16540,11 +15782,15 @@ msgstr "Update" msgid "Update container image" msgstr "Update container image" -#: ../../configuration/firewall/general.rst:1540 -#: ../../configuration/firewall/general-legacy.rst:1050 +#: ../../configuration/firewall/ipv4.rst:1175 +#: ../../configuration/firewall/ipv6.rst:1191 msgid "Update geoip database" msgstr "Update geoip database" +#: ../../configuration/system/updates.rst:3 +msgid "Updates" +msgstr "Updates" + #: ../../configuration/protocols/rpki.rst:99 msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." @@ -16566,7 +15812,11 @@ msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in msgid "Use 802.11n protocol" msgstr "Use 802.11n protocol" -#: ../../configuration/service/dns.rst:352 +#: ../../configuration/service/https.rst:23 +msgid "Use CA certificate from PKI subsystem" +msgstr "Use CA certificate from PKI subsystem" + +#: ../../configuration/service/dns.rst:365 msgid "Use DynDNS as your preferred provider:" msgstr "Use DynDNS as your preferred provider:" @@ -16578,6 +15828,10 @@ msgstr "Use TLS but skip host validation" msgid "Use TLS encryption." msgstr "Use TLS encryption." +#: ../../configuration/service/https.rst:31 +msgid "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length." +msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length." + #: ../../configuration/vpn/sstp.rst:121 msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "Use `<subnet>` as the IP pool for all connecting clients." @@ -16594,67 +15848,52 @@ msgstr "Use `delete system conntrack modules` to deactive all modules." msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/general.rst:799 -#: ../../configuration/firewall/general-legacy.rst:531 +#: ../../configuration/firewall/ipv4.rst:515 +#: ../../configuration/firewall/ipv6.rst:525 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:874 -#: ../../configuration/firewall/general-legacy.rst:567 +#: ../../configuration/firewall/ipv4.rst:578 +#: ../../configuration/firewall/ipv6.rst:588 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:899 -#: ../../configuration/firewall/general-legacy.rst:579 +#: ../../configuration/firewall/ipv4.rst:599 +#: ../../configuration/firewall/ipv6.rst:609 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:824 -#: ../../configuration/firewall/general-legacy.rst:543 +#: ../../configuration/firewall/ipv4.rst:536 +#: ../../configuration/firewall/ipv6.rst:546 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:849 -#: ../../configuration/firewall/general-legacy.rst:555 +#: ../../configuration/firewall/ipv4.rst:557 +#: ../../configuration/firewall/ipv6.rst:567 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/nat/nat44.rst:247 +#: ../../configuration/nat/nat44.rst:259 msgid "Use address `masquerade` (the interfaces primary address) on rule 30" msgstr "Use address `masquerade` (the interfaces primary address) on rule 30" -#: ../../configuration/service/https.rst:67 +#: ../../configuration/service/https.rst:58 msgid "Use an automatically generated self-signed certificate" msgstr "Use an automatically generated self-signed certificate" #: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 -#: ../../_include/interface-ip.txt:104 msgid "Use any local address, configured on any interface if this is not set." msgstr "Use any local address, configured on any interface if this is not set." -#: ../../configuration/service/dns.rst:266 +#: ../../configuration/service/dns.rst:279 msgid "Use auth key file at ``/config/auth/my.key``" msgstr "Use auth key file at ``/config/auth/my.key``" -#: ../../configuration/service/dns.rst:395 +#: ../../configuration/service/https.rst:27 +msgid "Use certificate from PKI subsystem" +msgstr "Use certificate from PKI subsystem" + +#: ../../configuration/service/dns.rst:408 msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response." msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response." @@ -16666,7 +15905,7 @@ msgstr "Use inverse-match to match anything except the given country-codes." msgid "Use local socket for API" msgstr "Use local socket for API" -#: ../../configuration/vpn/sstp.rst:277 +#: ../../configuration/vpn/sstp.rst:288 msgid "Use local user `foo` with password `bar`" msgstr "Use local user `foo` with password `bar`" @@ -16682,6 +15921,10 @@ msgstr "Use the address of the specified interface on the local machine as the s msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" +#: ../../configuration/nat/nat66.rst:142 +msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." +msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." + #: ../../configuration/system/option.rst:48 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." @@ -16710,11 +15953,11 @@ msgstr "Use this PIM command in the selected interface to set the priority (1-42 msgid "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks." msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks." -#: ../../configuration/service/pppoe-server.rst:288 +#: ../../configuration/service/pppoe-server.rst:275 msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/vpn/sstp.rst:126 +#: ../../configuration/vpn/sstp.rst:137 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -16742,7 +15985,7 @@ msgstr "Use this command if you would like to set the TCP session hold time inte msgid "Use this command to allow the selected interface to join a multicast group." msgstr "Use this command to allow the selected interface to join a multicast group." -#: ../../configuration/protocols/igmp.rst:149 +#: ../../configuration/protocols/pim.rst:191 msgid "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too." msgstr "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too." @@ -16762,19 +16005,19 @@ msgstr "Use this command to check the tunnel status for OpenVPN server interface msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." -#: ../../configuration/system/ipv6.rst:180 +#: ../../configuration/system/ipv6.rst:154 msgid "Use this command to clear Border Gateway Protocol statistics or status." msgstr "Use this command to clear Border Gateway Protocol statistics or status." -#: ../../configuration/service/pppoe-server.rst:300 +#: ../../configuration/service/pppoe-server.rst:287 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/vpn/sstp.rst:135 +#: ../../configuration/vpn/sstp.rst:146 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:133 +#: ../../configuration/service/pppoe-server.rst:120 msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters." msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters." @@ -16855,7 +16098,7 @@ msgstr "Use this command to configure a Shaper policy, set its name, define a cl msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." -#: ../../configuration/service/pppoe-server.rst:206 +#: ../../configuration/service/pppoe-server.rst:193 msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." @@ -16919,10 +16162,18 @@ msgstr "Use this command to configure an interface with IGMP so that PIM can rec msgid "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors." msgstr "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors." -#: ../../configuration/protocols/igmp.rst:156 +#: ../../configuration/protocols/pim.rst:198 msgid "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use." msgstr "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use." +#: ../../configuration/protocols/pim.rst:202 +msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out." +msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out." + +#: ../../configuration/protocols/pim.rst:204 +msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out." +msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out." + #: ../../configuration/protocols/igmp.rst:163 msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out." msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out." @@ -16931,7 +16182,7 @@ msgstr "Use this command to configure in the selected interface the IGMP query r msgid "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds." msgstr "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds." -#: ../../configuration/service/pppoe-server.rst:112 +#: ../../configuration/service/pppoe-server.rst:99 msgid "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy." msgstr "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy." @@ -16983,18 +16234,35 @@ msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." +#: ../../configuration/service/pppoe-server.rst:81 +#: ../../configuration/vpn/sstp.rst:132 +msgid "Use this command to define default address pool name." +msgstr "Use this command to define default address pool name." + #: ../../configuration/system/name-server.rst:53 msgid "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries." msgstr "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries." +#: ../../configuration/protocols/pim.rst:211 +msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3." +msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3." + #: ../../configuration/protocols/igmp.rst:172 msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3." msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3." +#: ../../configuration/service/pppoe-server.rst:70 +msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." + #: ../../configuration/service/pppoe-server.rst:73 msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." +#: ../../configuration/vpn/sstp.rst:121 +msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." +msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask." + #: ../../configuration/service/pppoe-server.rst:42 msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients." msgstr "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients." @@ -17015,30 +16283,16 @@ msgstr "Use this command to define the maximum number of entries to keep in the msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." +#: ../../configuration/service/pppoe-server.rst:77 +#: ../../configuration/vpn/sstp.rst:128 +msgid "Use this command to define the next address pool name." +msgstr "Use this command to define the next address pool name." + #: ../../configuration/service/pppoe-server.rst:31 msgid "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server." msgstr "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server." #: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 -#: ../../_include/interface-disable-link-detect.txt:4 msgid "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged." msgstr "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged." @@ -17059,15 +16313,6 @@ msgid "Use this command to disable IPv6 operation on interface when Duplicate Ad msgstr "Use this command to disable IPv6 operation on interface when Duplicate Address Detection fails on Link-Local address." #: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 -#: ../../_include/interface-disable-flow-control.txt:16 msgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)." @@ -17107,30 +16352,11 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:236 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Use this command to enable bandwidth shaping via RADIUS." #: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 -#: ../../_include/interface-ip.txt:137 msgid "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system." msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system." @@ -17138,7 +16364,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." -#: ../../configuration/service/pppoe-server.rst:262 +#: ../../configuration/service/pppoe-server.rst:249 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." @@ -17154,7 +16380,13 @@ msgstr "Use this command to enable the logging of the default action." msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/system/ipv6.rst:191 +#: ../../configuration/firewall/bridge.rst:163 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "Use this command to enable the logging of the default action on the specified chain." +msgstr "Use this command to enable the logging of the default action on the specified chain." + +#: ../../configuration/system/ipv6.rst:165 msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route." msgstr "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route." @@ -17162,11 +16394,11 @@ msgstr "Use this command to flush the kernel IPv6 route cache. An address can be msgid "Use this command to get an overview of a zone." msgstr "Use this command to get an overview of a zone." -#: ../../configuration/system/ipv6.rst:146 +#: ../../configuration/system/ipv6.rst:120 msgid "Use this command to get information about OSPFv3." msgstr "Use this command to get information about OSPFv3." -#: ../../configuration/system/ipv6.rst:168 +#: ../../configuration/system/ipv6.rst:142 msgid "Use this command to get information about the RIPNG protocol" msgstr "Use this command to get information about the RIPNG protocol" @@ -17178,7 +16410,7 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." -#: ../../configuration/service/pppoe-server.rst:324 +#: ../../configuration/service/pppoe-server.rst:311 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Use this command to locally check the active sessions in the PPPoE server." @@ -17195,7 +16427,7 @@ msgstr "Use this command to not install advertised DNS nameservers into the loca msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface." msgstr "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface." -#: ../../configuration/system/ipv6.rst:186 +#: ../../configuration/system/ipv6.rst:160 msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface." msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface." @@ -17295,15 +16527,15 @@ msgstr "Use this command to show IPv6 multicast group membership." msgid "Use this command to show IPv6 routes." msgstr "Use this command to show IPv6 routes." -#: ../../configuration/system/ipv6.rst:104 +#: ../../configuration/system/ipv6.rst:105 msgid "Use this command to show all IPv6 access lists" msgstr "Use this command to show all IPv6 access lists" -#: ../../configuration/system/ipv6.rst:89 +#: ../../configuration/system/ipv6.rst:90 msgid "Use this command to show all IPv6 prefix lists" msgstr "Use this command to show all IPv6 prefix lists" -#: ../../configuration/system/ipv6.rst:172 +#: ../../configuration/system/ipv6.rst:146 msgid "Use this command to show the status of the RIPNG protocol" msgstr "Use this command to show the status of the RIPNG protocol" @@ -17420,7 +16652,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:176 +#: ../../configuration/service/pppoe-server.rst:163 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -17456,7 +16688,7 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:409 +#: ../../configuration/vrf/index.rst:411 msgid "VRF Route Leaking" msgstr "VRF Route Leaking" @@ -17464,15 +16696,15 @@ msgstr "VRF Route Leaking" msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:378 +#: ../../configuration/vrf/index.rst:380 msgid "VRF blue routing table" msgstr "VRF blue routing table" -#: ../../configuration/vrf/index.rst:345 +#: ../../configuration/vrf/index.rst:347 msgid "VRF default routing table" msgstr "VRF default routing table" -#: ../../configuration/vrf/index.rst:361 +#: ../../configuration/vrf/index.rst:363 msgid "VRF red routing table" msgstr "VRF red routing table" @@ -17537,11 +16769,11 @@ msgstr "Valid values are 0..255." msgid "Value" msgstr "Value" -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:263 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:258 msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests." msgstr "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests." @@ -17555,6 +16787,10 @@ msgstr "Verification" msgid "Verification:" msgstr "Verification:" +#: ../../configuration/nat/nat66.rst:226 +msgid "Verify that connections are hitting the rule on both sides:" +msgstr "Verify that connections are hitting the rule on both sides:" + #: ../../configuration/highavailability/index.rst:291 msgid "Version" msgstr "Version" @@ -17584,22 +16820,6 @@ msgid "VyOS 1.1 supported login as user ``root``. This has been removed due to t msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2." #: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 -#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3 msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." @@ -17615,7 +16835,7 @@ msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are store msgid "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive." msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive." -#: ../../configuration/interfaces/bonding.rst:None +#: ../../configuration/interfaces/bonding.rst:-1 msgid "VyOS Arista EOS setup" msgstr "VyOS Arista EOS setup" @@ -17635,7 +16855,11 @@ msgstr "VyOS IKE group has the next options:" msgid "VyOS MIBs" msgstr "VyOS MIBs" -#: ../../configuration/nat/nat66.rst:None +#: ../../configuration/nat/nat66.rst:-1 +msgid "VyOS NAT66 DHCPv6 using a dummy interface" +msgstr "VyOS NAT66 DHCPv6 using a dummy interface" + +#: ../../configuration/nat/nat66.rst:-1 msgid "VyOS NAT66 Simple Configure" msgstr "VyOS NAT66 Simple Configure" @@ -17659,7 +16883,7 @@ msgstr "VyOS SNMP supports both IPv4 and IPv6." msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`." msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`." -#: ../../configuration/service/dhcp-server.rst:580 +#: ../../configuration/service/dhcp-server.rst:504 msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS also provides DHCPv6 server functionality which is described in this section." @@ -17704,11 +16928,11 @@ msgstr "VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP* msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**." msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**." -#: ../../configuration/service/dns.rst:201 +#: ../../configuration/service/dns.rst:214 msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose." msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose." -#: ../../configuration/service/dns.rst:306 +#: ../../configuration/service/dns.rst:319 msgid "VyOS is also able to use any service relying on protocols supported by ddclient." msgstr "VyOS is also able to use any service relying on protocols supported by ddclient." @@ -17720,7 +16944,6 @@ msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where t msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." -#: ../../configuration/firewall/general.rst:13 #: ../../configuration/firewall/general-legacy.rst:17 msgid "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering." msgstr "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering." @@ -17737,7 +16960,7 @@ msgstr "VyOS not only can now manage certificates issued by 3rd party Certificat msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command." msgstr "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command." -#: ../../configuration/pki/index.rst:254 +#: ../../configuration/pki/index.rst:292 msgid "VyOS operational mode commands are not only available for generating keys but also to display them." msgstr "VyOS operational mode commands are not only available for generating keys but also to display them." @@ -17773,7 +16996,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS provides some operational commands on OpenVPN." -#: ../../configuration/service/dhcp-server.rst:173 +#: ../../configuration/service/dhcp-server.rst:138 msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements." msgstr "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements." @@ -17781,7 +17004,11 @@ msgstr "VyOS provides support for DHCP failover. DHCP failover must be configure msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." msgstr "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." -#: ../../configuration/protocols/igmp.rst:30 +#: ../../configuration/protocols/pim.rst:9 +msgid "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3" +msgstr "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3" + +#: ../../configuration/protocols/pim.rst:26 msgid "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)." msgstr "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)." @@ -17793,11 +17020,15 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." +#: ../../configuration/system/updates.rst:5 +msgid "VyOS supports online checking for updates" +msgstr "VyOS supports online checking for updates" + #: ../../configuration/system/sflow.rst:5 msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." -#: ../../configuration/system/conntrack.rst:53 +#: ../../configuration/system/conntrack.rst:67 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." @@ -17809,13 +17040,19 @@ msgstr "VyOS supports setting up PPPoE in two different ways to a PPPoE internet msgid "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment." msgstr "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment." +#: ../../configuration/service/dhcp-server.rst:7 +msgid "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment." +msgstr "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment." + +#: ../../configuration/system/frr.rst:7 +msgid "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system." +msgstr "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system." + #: ../../configuration/interfaces/wwan.rst:12 msgid "VyOS uses the `interfaces wwan` subsystem for configuration." msgstr "VyOS uses the `interfaces wwan` subsystem for configuration." #: ../../_include/interface-mirror.txt:9 -#: ../../_include/interface-mirror.txt:9 -#: ../../_include/interface-mirror.txt:9 msgid "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions." msgstr "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions." @@ -17839,7 +17076,7 @@ msgstr "VyOS utilizes accel-ppp_ to provide SSTP server functionality. We suppor msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols." msgstr "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols." -#: ../../configuration/vpn/site2site_ipsec.rst:160 +#: ../../configuration/vpn/site2site_ipsec.rst:164 msgid "WAN interface on `eth1`" msgstr "WAN interface on `eth1`" @@ -17876,7 +17113,7 @@ msgstr "Warning conditions" msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." -#: ../../configuration/nat/nat44.rst:760 +#: ../../configuration/nat/nat44.rst:782 msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." @@ -17896,7 +17133,7 @@ msgstr "We can also create the certificates using Cerbort which is an easy-to-us msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" -#: ../../configuration/protocols/bgp.rst:1248 +#: ../../configuration/protocols/bgp.rst:1249 msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny." @@ -17924,7 +17161,7 @@ msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles. msgid "We only allow the 192.168.2.0/24 subnet to travel over the tunnel" msgstr "We only allow the 192.168.2.0/24 subnet to travel over the tunnel" -#: ../../configuration/nat/nat44.rst:699 +#: ../../configuration/nat/nat44.rst:723 msgid "We only need a single step for this interface:" msgstr "We only need a single step for this interface:" @@ -17932,11 +17169,15 @@ msgstr "We only need a single step for this interface:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" -#: ../../configuration/system/login.rst:418 +#: ../../configuration/system/login.rst:420 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "We use a vontainer providing the TACACS serve rin this example." -#: ../../configuration/service/dhcp-server.rst:364 +#: ../../configuration/firewall/flowtables.rst:114 +msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." +msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." + +#: ../../configuration/service/dhcp-server.rst:331 msgid "Web Proxy Autodiscovery (WPAD) URL" msgstr "Web Proxy Autodiscovery (WPAD) URL" @@ -17944,19 +17185,31 @@ msgstr "Web Proxy Autodiscovery (WPAD) URL" msgid "Webproxy" msgstr "Webproxy" +#: ../../configuration/service/https.rst:40 +msgid "Webserver should listen on specified port." +msgstr "Webserver should listen on specified port." + +#: ../../configuration/service/https.rst:36 +msgid "Webserver should only listen on specified IP address" +msgstr "Webserver should only listen on specified IP address" + #: ../../configuration/protocols/mpls.rst:220 msgid "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:" msgstr "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:" +#: ../../configuration/protocols/pim.rst:75 +msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." +msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." + #: ../../configuration/vrf/index.rst:73 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." -#: ../../configuration/service/dns.rst:341 +#: ../../configuration/service/dns.rst:354 msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified." msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified." -#: ../../configuration/service/dns.rst:334 +#: ../../configuration/service/dns.rst:347 msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols." msgstr "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols." @@ -17980,7 +17233,11 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/service/dns.rst:155 +msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." +msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." + +#: ../../configuration/service/pppoe-server.rst:169 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." @@ -17996,11 +17253,13 @@ msgstr "When configuring your filter, you can use the ``Tab`` key to see the man msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." -#: ../../configuration/firewall/general.rst:521 +#: ../../configuration/firewall/bridge.rst:210 +#: ../../configuration/firewall/ipv4.rst:290 +#: ../../configuration/firewall/ipv6.rst:290 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." -#: ../../configuration/nat/nat44.rst:299 +#: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." @@ -18031,21 +17290,6 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table." #: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 -#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." @@ -18053,21 +17297,10 @@ msgstr "When no-release is specified, dhcp6c will send a release message on clie msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "When no options/parameters are used, the contents of the main syslog file are displayed." -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 -#: ../../_include/interface-dhcpv6-options.txt:40 +#: ../../configuration/protocols/pim.rst:65 +msgid "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task." +msgstr "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task." + #: ../../_include/interface-dhcpv6-options.txt:40 msgid "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements." msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements." @@ -18080,6 +17313,10 @@ msgstr "When remote peer does not have capability negotiation feature, remote pe msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." +#: ../../configuration/protocols/pim.rst:113 +msgid "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)." +msgstr "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)." + #: ../../configuration/interfaces/pppoe.rst:108 msgid "When set the interface is enabled for \"dial-on-demand\"." msgstr "When set the interface is enabled for \"dial-on-demand\"." @@ -18097,37 +17334,19 @@ msgstr "When starting a VyOS live system (the installation CD) the configured ke msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address." msgstr "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address." -#: ../../configuration/vpn/site2site_ipsec.rst:407 +#: ../../configuration/vpn/site2site_ipsec.rst:416 msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization." msgstr "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization." -#: ../../configuration/firewall/general.rst:106 -#: ../../configuration/firewall/general-legacy.rst:58 +#: ../../configuration/firewall/global-options.rst:43 msgid "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests." msgstr "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests." -#: ../../configuration/firewall/general.rst:115 -#: ../../configuration/firewall/general-legacy.rst:67 +#: ../../configuration/firewall/global-options.rst:52 msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." #: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 -#: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" @@ -18135,11 +17354,11 @@ msgstr "When using DHCP to retrieve IPv4 address and if local customizations are msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" -#: ../../configuration/nat/nat44.rst:351 +#: ../../configuration/nat/nat44.rst:365 msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system." msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system." -#: ../../configuration/nat/nat44.rst:238 +#: ../../configuration/nat/nat44.rst:250 msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system." msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system." @@ -18147,7 +17366,7 @@ msgstr "When using NAT for a large number of host systems it recommended that a msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options." msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options." -#: ../../configuration/vpn/openconnect.rst:215 +#: ../../configuration/vpn/openconnect.rst:222 msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP" msgstr "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP" @@ -18171,47 +17390,35 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." +#: ../../configuration/firewall/ipv4.rst:42 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." + +#: ../../configuration/firewall/ipv6.rst:42 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." + #: ../../configuration/protocols/bgp.rst:86 msgid "Where routes with a MED were received from the same AS, prefer the route with the lowest MED." msgstr "Where routes with a MED were received from the same AS, prefer the route with the lowest MED." #: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 -#: ../../_include/interface-ipv6.txt:77 msgid "Whether to accept DAD (Duplicate Address Detection)." msgstr "Whether to accept DAD (Duplicate Address Detection)." -#: ../../configuration/nat/nat44.rst:330 +#: ../../configuration/nat/nat44.rst:342 msgid "Which generates the following configuration:" msgstr "Which generates the following configuration:" -#: ../../configuration/nat/nat44.rst:444 +#: ../../configuration/nat/nat44.rst:458 msgid "Which results in a configuration of:" msgstr "Which results in a configuration of:" -#: ../../configuration/nat/nat44.rst:522 +#: ../../configuration/nat/nat44.rst:542 msgid "Which would generate the following NAT destination configuration:" msgstr "Which would generate the following NAT destination configuration:" -#: ../../configuration/firewall/general.rst:217 -#: ../../configuration/firewall/general-legacy.rst:193 +#: ../../configuration/firewall/groups.rst:44 msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." @@ -18293,7 +17500,7 @@ msgstr "Wireless options" msgid "Wireless options (Station/Client)" msgstr "Wireless options (Station/Client)" -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:7 msgid "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)." msgstr "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)." @@ -18305,8 +17512,7 @@ msgstr "With WireGuard, a Road Warrior VPN config is similar to a site-to-site V msgid "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically." msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically." -#: ../../configuration/firewall/general.rst:94 -#: ../../configuration/firewall/general-legacy.rst:46 +#: ../../configuration/firewall/global-options.rst:31 msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." @@ -18314,29 +17520,29 @@ msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, o msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "With this command, you can specify how the URL path should be matched against incoming requests." -#: ../../configuration/firewall/index.rst:73 +#: ../../configuration/firewall/index.rst:166 msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." -#: ../../configuration/service/dhcp-server.rst:290 -#: ../../configuration/service/dhcp-server.rst:295 -#: ../../configuration/service/dhcp-server.rst:300 -#: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/service/dhcp-server.rst:345 -#: ../../configuration/service/dhcp-server.rst:350 -#: ../../configuration/service/dhcp-server.rst:355 -#: ../../configuration/service/dhcp-server.rst:375 -#: ../../configuration/service/dhcp-server.rst:380 -#: ../../configuration/service/dhcp-server.rst:390 +#: ../../configuration/service/dhcp-server.rst:257 +#: ../../configuration/service/dhcp-server.rst:262 +#: ../../configuration/service/dhcp-server.rst:267 +#: ../../configuration/service/dhcp-server.rst:277 +#: ../../configuration/service/dhcp-server.rst:282 +#: ../../configuration/service/dhcp-server.rst:312 +#: ../../configuration/service/dhcp-server.rst:317 +#: ../../configuration/service/dhcp-server.rst:322 +#: ../../configuration/service/dhcp-server.rst:342 +#: ../../configuration/service/dhcp-server.rst:347 +#: ../../configuration/service/dhcp-server.rst:357 msgid "Y" msgstr "Y" -#: ../../configuration/firewall/zone.rst:99 +#: ../../configuration/firewall/zone.rst:118 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." -#: ../../configuration/system/login.rst:363 +#: ../../configuration/system/login.rst:365 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system." @@ -18348,24 +17554,23 @@ msgstr "You are be able to download the files using SCP, once the SSH service ha msgid "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:" msgstr "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:" -#: ../../configuration/system/conntrack.rst:86 +#: ../../configuration/system/conntrack.rst:99 msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." msgstr "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." -#: ../../configuration/service/dns.rst:299 +#: ../../configuration/service/dns.rst:312 msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``" msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``" -#: ../../configuration/system/ipv6.rst:106 +#: ../../configuration/system/ipv6.rst:107 msgid "You can also specify which IPv6 access-list should be shown:" msgstr "You can also specify which IPv6 access-list should be shown:" -#: ../../configuration/protocols/igmp.rst:121 #: ../../configuration/protocols/pim6.rst:42 msgid "You can also tune multicast with the following commands." msgstr "You can also tune multicast with the following commands." -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/pppoe-server.rst:139 msgid "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log." msgstr "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log." @@ -18377,7 +17582,7 @@ msgstr "You can also write a description for a filter:" msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key." msgstr "You can assign multiple keys to the same user by using a unique identifier per SSH key." -#: ../../configuration/nat/nat44.rst:386 +#: ../../configuration/nat/nat44.rst:400 msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." @@ -18402,11 +17607,6 @@ msgid "You can configure multiple interfaces which whould participate in sflow a msgstr "You can configure multiple interfaces which whould participate in sflow accounting." #: ../../_include/interface-vlan-8021q.txt:29 -#: ../../_include/interface-vlan-8021q.txt:29 -#: ../../_include/interface-vlan-8021q.txt:29 -#: ../../_include/interface-vlan-8021q.txt:29 -#: ../../_include/interface-vlan-8021q.txt:29 -#: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." @@ -18414,7 +17614,7 @@ msgstr "You can create multiple VLAN interfaces on a physical interface. The VLA msgid "You can disable a VRRP group with ``disable`` option:" msgstr "You can disable a VRRP group with ``disable`` option:" -#: ../../configuration/system/ipv6.rst:148 +#: ../../configuration/system/ipv6.rst:122 msgid "You can get more specific OSPFv3 information by using the parameters shown below:" msgstr "You can get more specific OSPFv3 information by using the parameters shown below:" @@ -18422,15 +17622,15 @@ msgstr "You can get more specific OSPFv3 information by using the parameters sho msgid "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_." msgstr "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_." -#: ../../configuration/service/mdns.rst:30 +#: ../../configuration/service/mdns.rst:46 msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" -#: ../../configuration/vpn/sstp.rst:320 +#: ../../configuration/vpn/sstp.rst:332 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:441 +#: ../../configuration/system/login.rst:443 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." @@ -18442,7 +17642,7 @@ msgstr "You can only apply one policy per interface and direction, but you could msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" -#: ../../configuration/service/dhcp-server.rst:211 +#: ../../configuration/service/dhcp-server.rst:176 msgid "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement." msgstr "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement." @@ -18462,7 +17662,7 @@ msgstr "You can verify your VRRP group status with the operational mode ``run sh msgid "You can view that the policy is being correctly (or incorrectly) utilised with the following command:" msgstr "You can view that the policy is being correctly (or incorrectly) utilised with the following command:" -#: ../../configuration/protocols/ospf.rst:1342 +#: ../../configuration/protocols/ospf.rst:1344 msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." @@ -18482,7 +17682,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." -#: ../../configuration/firewall/zone.rst:39 +#: ../../configuration/firewall/zone.rst:58 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "You need 2 separate firewalls to define traffic: one for each direction." @@ -18534,7 +17734,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro msgid "Zone-Policy Overview" msgstr "Zone-Policy Overview" -#: ../../configuration/firewall/index.rst:66 +#: ../../configuration/firewall/index.rst:159 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -18587,25 +17787,6 @@ msgid ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a ne msgstr ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources." #: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 -#: ../../_include/interface-ipv6.txt:25 msgid ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address." msgstr ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address." @@ -18625,7 +17806,7 @@ msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." -#: ../../configuration/protocols/igmp.rst:181 +#: ../../configuration/protocols/igmp-proxy.rst:9 msgid ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces." msgstr ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces." @@ -18637,7 +17818,7 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:401 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." @@ -18657,6 +17838,10 @@ msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys msgid ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets." msgstr ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets." +#: ../../configuration/nat/nat64.rst:7 +msgid ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP." +msgstr ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP." + #: ../../configuration/nat/nat44.rst:7 msgid ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network." msgstr ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network." @@ -18685,6 +17870,10 @@ msgstr ":abbr:`NTP (Network Time Protocol`) is a networking protocol for clock s msgid ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model." msgstr ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model." +#: ../../configuration/protocols/pim.rst:12 +msgid ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." +msgstr ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution." + #: ../../configuration/interfaces/pppoe.rst:9 msgid ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP." msgstr ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP." @@ -18706,28 +17895,13 @@ msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementat msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" #: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 -#: ../../_include/interface-ipv6.txt:4 msgid ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters." msgstr ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters." +#: ../../configuration/nat/nat64.rst:28 +msgid ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses." +msgstr ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses." + #: ../../configuration/nat/nat44.rst:78 msgid ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private." msgstr ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private." @@ -18877,25 +18051,10 @@ msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" #: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 -#: ../../_include/interface-dhcp-options.txt:4 msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client." msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client." -#: ../../configuration/service/dns.rst:217 +#: ../../configuration/service/dns.rst:230 msgid ":rfc:`2136` Based" msgstr ":rfc:`2136` Based" @@ -18923,7 +18082,7 @@ msgstr "`3. Add a full path to the script`_" msgid "`4. Add optional parameters`_" msgstr "`4. Add optional parameters`_" -#: ../../configuration/service/dhcp-server.rst:189 +#: ../../configuration/service/dhcp-server.rst:154 msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" @@ -18952,42 +18111,10 @@ msgid "``-`` failed" msgstr "``-`` failed" #: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 -#: ../../_include/interface-address-with-dhcp.txt:19 msgid "``/config/scripts/dhcp-client/post-hooks.d/``" msgstr "``/config/scripts/dhcp-client/post-hooks.d/``" #: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 -#: ../../_include/interface-address-with-dhcp.txt:18 msgid "``/config/scripts/dhcp-client/pre-hooks.d/``" msgstr "``/config/scripts/dhcp-client/pre-hooks.d/``" @@ -19063,6 +18190,10 @@ msgstr "``4800`` - 4800 bps" msgid "``57600`` - 57,600 bps" msgstr "``57600`` - 57,600 bps" +#: ../../configuration/nat/nat64.rst:31 +msgid "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96." +msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96." + #: ../../configuration/interfaces/bonding.rst:43 msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." @@ -19095,15 +18226,17 @@ msgstr "``a`` - 802.11a - 54 Mbits/sec" msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/sec" -#: ../../configuration/policy/route-map.rst:373 +#: ../../configuration/policy/route-map.rst:375 msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008" msgstr "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008" -#: ../../configuration/policy/route-map.rst:366 +#: ../../configuration/policy/route-map.rst:368 msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/general.rst:334 +#: ../../configuration/firewall/bridge.rst:72 +#: ../../configuration/firewall/ipv4.rst:88 +#: ../../configuration/firewall/ipv6.rst:88 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." @@ -19135,7 +18268,7 @@ msgstr "``all-available`` all checking target addresses must be available to pas msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" -#: ../../configuration/vpn/site2site_ipsec.rst:376 +#: ../../configuration/vpn/site2site_ipsec.rst:385 msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device." msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device." @@ -19163,7 +18296,7 @@ msgstr "``bgp`` - Border Gateway Protocol (BGP)" msgid "``bind`` - select a VTI interface to bind to this peer;" msgstr "``bind`` - select a VTI interface to bind to this peer;" -#: ../../configuration/policy/route-map.rst:374 +#: ../../configuration/policy/route-map.rst:376 msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A" msgstr "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A" @@ -19191,7 +18324,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating msgid "``clear`` set action to clear;" msgstr "``clear`` set action to clear;" -#: ../../configuration/vpn/site2site_ipsec.rst:402 +#: ../../configuration/vpn/site2site_ipsec.rst:411 msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." @@ -19215,6 +18348,12 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)" msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - how to handle this connection process. Possible variants:" +#: ../../configuration/firewall/bridge.rst:74 +#: ../../configuration/firewall/ipv4.rst:90 +#: ../../configuration/firewall/ipv6.rst:90 +msgid "``continue``: continue parsing next rule." +msgstr "``continue``: continue parsing next rule." + #: ../../configuration/vpn/site2site_ipsec.rst:62 msgid "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;" msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;" @@ -19223,7 +18362,7 @@ msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check msgid "``d`` - Execution interval in days" msgstr "``d`` - Execution interval in days" -#: ../../configuration/vpn/site2site_ipsec.rst:391 +#: ../../configuration/vpn/site2site_ipsec.rst:400 msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." @@ -19255,7 +18394,7 @@ msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec con msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." -#: ../../configuration/vpn/site2site_ipsec.rst:387 +#: ../../configuration/vpn/site2site_ipsec.rst:396 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." @@ -19279,7 +18418,9 @@ msgstr "``disable`` disable IPComp compression (default);" msgid "``disable`` disable MOBIKE;" msgstr "``disable`` disable MOBIKE;" -#: ../../configuration/firewall/general.rst:336 +#: ../../configuration/firewall/bridge.rst:76 +#: ../../configuration/firewall/ipv4.rst:92 +#: ../../configuration/firewall/ipv6.rst:92 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -19347,6 +18488,10 @@ msgstr "``file`` - path to the key file;" msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +#: ../../configuration/vpn/ipsec.rst:164 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/vpn/site2site_ipsec.rst:97 msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" @@ -19355,7 +18500,7 @@ msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagr msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" -#: ../../configuration/policy/route-map.rst:365 +#: ../../configuration/policy/route-map.rst:367 msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" @@ -19435,7 +18580,7 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." -#: ../../configuration/policy/route-map.rst:364 +#: ../../configuration/policy/route-map.rst:366 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Well-known communities value 0" @@ -19447,7 +18592,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)" -#: ../../configuration/firewall/general.rst:340 +#: ../../configuration/firewall/bridge.rst:78 +#: ../../configuration/firewall/ipv4.rst:96 +#: ../../configuration/firewall/ipv6.rst:96 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -19471,6 +18618,10 @@ msgstr "``latency``: A server profile focused on lowering network latency. This msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" +#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" +msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" + #: ../../configuration/vpn/ipsec.rst:125 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" @@ -19491,7 +18642,7 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);" -#: ../../configuration/policy/route-map.rst:371 +#: ../../configuration/policy/route-map.rst:373 msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006" msgstr "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006" @@ -19499,7 +18650,7 @@ msgstr "``llgr-stale`` - Well-known communities value LLGR_STA msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;" msgstr "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;" -#: ../../configuration/policy/route-map.rst:361 +#: ../../configuration/policy/route-map.rst:363 msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03" msgstr "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03" @@ -19564,78 +18715,62 @@ msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Mbits/sec" #: ../../configuration/pki/pki_cli_import_help.txt:5 -#: ../../configuration/pki/pki_cli_import_help.txt:5 -#: ../../configuration/pki/pki_cli_import_help.txt:5 -#: ../../configuration/pki/pki_cli_import_help.txt:5 -#: ../../configuration/pki/pki_cli_import_help.txt:5 -#: ../../configuration/pki/pki_cli_import_help.txt:5 -#: ../../configuration/pki/pki_cli_import_help.txt:5 msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." -#: ../../configuration/firewall/general.rst:142 -#: ../../configuration/firewall/general-legacy.rst:93 +#: ../../configuration/firewall/global-options.rst:79 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/general.rst:132 -#: ../../configuration/firewall/general-legacy.rst:84 +#: ../../configuration/firewall/global-options.rst:69 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/general.rst:157 -#: ../../configuration/firewall/general-legacy.rst:108 +#: ../../configuration/firewall/global-options.rst:94 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/general.rst:165 -#: ../../configuration/firewall/general-legacy.rst:115 +#: ../../configuration/firewall/global-options.rst:102 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/general.rst:150 -#: ../../configuration/firewall/general-legacy.rst:101 +#: ../../configuration/firewall/global-options.rst:87 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/general.rst:124 -#: ../../configuration/firewall/general-legacy.rst:76 +#: ../../configuration/firewall/global-options.rst:61 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/general.rst:180 -#: ../../configuration/firewall/general-legacy.rst:129 +#: ../../configuration/firewall/global-options.rst:117 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337``" -#: ../../configuration/firewall/general.rst:172 -#: ../../configuration/firewall/general-legacy.rst:122 +#: ../../configuration/firewall/global-options.rst:109 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/general.rst:143 -#: ../../configuration/firewall/general-legacy.rst:94 +#: ../../configuration/firewall/global-options.rst:80 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/general.rst:133 -#: ../../configuration/firewall/general-legacy.rst:85 +#: ../../configuration/firewall/global-options.rst:70 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" -#: ../../configuration/policy/route-map.rst:362 +#: ../../configuration/policy/route-map.rst:364 msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02" msgstr "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02" -#: ../../configuration/policy/route-map.rst:363 +#: ../../configuration/policy/route-map.rst:365 msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01" msgstr "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01" -#: ../../configuration/policy/route-map.rst:372 +#: ../../configuration/policy/route-map.rst:374 msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007" msgstr "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007" -#: ../../configuration/policy/route-map.rst:375 +#: ../../configuration/policy/route-map.rst:377 msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04" msgstr "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04" @@ -19740,7 +18875,9 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Preshared secret key name:" -#: ../../configuration/firewall/general.rst:345 +#: ../../configuration/firewall/bridge.rst:83 +#: ../../configuration/firewall/ipv4.rst:101 +#: ../../configuration/firewall/ipv6.rst:101 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -19748,7 +18885,8 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``rate``: Number of packets. Default 5." -#: ../../configuration/firewall/general.rst:338 +#: ../../configuration/firewall/ipv4.rst:94 +#: ../../configuration/firewall/ipv6.rst:94 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -19781,7 +18919,9 @@ msgstr "``respond`` - does not try to initiate a connection to a remote peer. In msgid "``restart`` set action to restart;" msgstr "``restart`` set action to restart;" -#: ../../configuration/firewall/general.rst:342 +#: ../../configuration/firewall/bridge.rst:80 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -19801,19 +18941,19 @@ msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential ord msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" -#: ../../configuration/policy/route-map.rst:367 +#: ../../configuration/policy/route-map.rst:369 msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002" msgstr "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002" -#: ../../configuration/policy/route-map.rst:369 +#: ../../configuration/policy/route-map.rst:371 msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004" msgstr "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004" -#: ../../configuration/policy/route-map.rst:368 +#: ../../configuration/policy/route-map.rst:370 msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003" msgstr "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003" -#: ../../configuration/policy/route-map.rst:370 +#: ../../configuration/policy/route-map.rst:372 msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005" msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005" @@ -19829,6 +18969,31 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" +#: ../../configuration/firewall/index.rst:90 +msgid "``set firewall bridge forward filter ...``." +msgstr "``set firewall bridge forward filter ...``." + +#: ../../configuration/firewall/index.rst:61 +msgid "``set firewall ipv4 forward filter ...``." +msgstr "``set firewall ipv4 forward filter ...``." + +#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:72 +msgid "``set firewall ipv4 input filter ...``." +msgstr "``set firewall ipv4 input filter ...``." + +#: ../../configuration/firewall/index.rst:63 +msgid "``set firewall ipv6 forward filter ...``." +msgstr "``set firewall ipv6 forward filter ...``." + +#: ../../configuration/firewall/index.rst:56 +msgid "``set firewall ipv6 input filter ...``." +msgstr "``set firewall ipv6 input filter ...``." + +#: ../../configuration/firewall/index.rst:74 +msgid "``set firewall ipv6 output filter ...``." +msgstr "``set firewall ipv6 output filter ...``." + #: ../../configuration/interfaces/wireless.rst:238 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Support for operation as single user beamformee" @@ -19877,7 +19042,8 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" -#: ../../configuration/firewall/general.rst:347 +#: ../../configuration/firewall/ipv4.rst:103 +#: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -19961,10 +19127,18 @@ msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defi msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" +#: ../../configuration/vpn/site2site_ipsec.rst:152 +msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder." +msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder." + #: ../../configuration/vpn/ipsec.rst:168 msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." +#: ../../configuration/vpn/ipsec.rst:168 +msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." +msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." + #: ../../configuration/policy/route-map.rst:175 msgid "``vnc`` - Virtual Network Control (VNC)" msgstr "``vnc`` - Virtual Network Control (VNC)" @@ -19993,7 +19167,7 @@ msgstr "``yes`` enable remote host re-authentication during an IKE rekey;" msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` and `source-interface` can not be used at the same time." -#: ../../configuration/protocols/rpki.rst:16 +#: ../../configuration/protocols/rpki.rst:12 msgid "`tweet by EvilMog`_, 2020-02-21" msgstr "`tweet by EvilMog`_, 2020-02-21" @@ -20005,8 +19179,8 @@ msgstr "a bandwidth test over the VPN got these results:" msgid "a blank indicates that no test has been carried out" msgstr "a blank indicates that no test has been carried out" -#: ../../configuration/nat/nat44.rst:728 -#: ../../configuration/nat/nat44.rst:733 +#: ../../configuration/nat/nat44.rst:750 +#: ../../configuration/nat/nat44.rst:755 msgid "aes256 Encryption" msgstr "aes256 Encryption" @@ -20020,7 +19194,7 @@ msgstr "alert" msgid "all" msgstr "all" -#: ../../configuration/vrf/index.rst:426 +#: ../../configuration/vrf/index.rst:428 msgid "an RD / RTLIST" msgstr "an RD / RTLIST" @@ -20052,27 +19226,31 @@ msgstr "auto - interface duplex setting is auto-negotiated" msgid "auto - interface speed is auto-negotiated" msgstr "auto - interface speed is auto-negotiated" +#: ../../configuration/system/frr.rst:32 +msgid "bgpd" +msgstr "bgpd" + #: ../../configuration/service/router-advert.rst:13 msgid "bonding" msgstr "bonding" -#: ../../configuration/service/dhcp-server.rst:338 +#: ../../configuration/service/dhcp-server.rst:305 msgid "boot-size" msgstr "boot-size" -#: ../../configuration/service/dhcp-server.rst:331 +#: ../../configuration/service/dhcp-server.rst:298 msgid "bootfile-name" msgstr "bootfile-name" -#: ../../configuration/service/dhcp-server.rst:333 +#: ../../configuration/service/dhcp-server.rst:300 msgid "bootfile-name, filename" msgstr "bootfile-name, filename" -#: ../../configuration/service/dhcp-server.rst:321 +#: ../../configuration/service/dhcp-server.rst:288 msgid "bootfile-server" msgstr "bootfile-server" -#: ../../configuration/service/dhcp-server.rst:336 +#: ../../configuration/service/dhcp-server.rst:303 msgid "bootfile-size" msgstr "bootfile-size" @@ -20080,7 +19258,7 @@ msgstr "bootfile-size" msgid "bridge" msgstr "bridge" -#: ../../configuration/service/dhcp-server.rst:269 +#: ../../configuration/service/dhcp-server.rst:236 msgid "client-prefix-length" msgstr "client-prefix-length" @@ -20112,11 +19290,11 @@ msgstr "daemon" msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:" msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:" -#: ../../configuration/service/dns.rst:205 +#: ../../configuration/service/dns.rst:218 msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." -#: ../../configuration/service/dns.rst:400 +#: ../../configuration/service/dns.rst:413 msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." @@ -20128,7 +19306,7 @@ msgstr "debug" msgid "decrement-lifetime" msgstr "decrement-lifetime" -#: ../../configuration/service/dhcp-server.rst:368 +#: ../../configuration/service/dhcp-server.rst:335 msgid "default-lease-time, max-lease-time" msgstr "default-lease-time, max-lease-time" @@ -20140,7 +19318,7 @@ msgstr "default-lifetime" msgid "default-preference" msgstr "default-preference" -#: ../../configuration/service/dhcp-server.rst:281 +#: ../../configuration/service/dhcp-server.rst:248 msgid "default-router" msgstr "default-router" @@ -20156,7 +19334,7 @@ msgstr "deprecate-prefix" msgid "destination-hashing" msgstr "destination-hashing" -#: ../../configuration/service/dhcp-server.rst:318 +#: ../../configuration/service/dhcp-server.rst:285 msgid "dhcp-server-identifier" msgstr "dhcp-server-identifier" @@ -20168,28 +19346,9 @@ msgstr "direct" msgid "directory" msgstr "directory" -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 #: ../../configuration/interfaces/pppoe.rst:241 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 #: ../../configuration/interfaces/sstp-client.rst:113 #: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 -#: ../../_include/interface-ip.txt:190 msgid "disable: No source validation" msgstr "disable: No source validation" @@ -20197,17 +19356,17 @@ msgstr "disable: No source validation" msgid "dnssl" msgstr "dnssl" -#: ../../configuration/service/dhcp-server.rst:296 -#: ../../configuration/service/dhcp-server.rst:298 +#: ../../configuration/service/dhcp-server.rst:263 +#: ../../configuration/service/dhcp-server.rst:265 msgid "domain-name" msgstr "domain-name" -#: ../../configuration/service/dhcp-server.rst:293 +#: ../../configuration/service/dhcp-server.rst:260 msgid "domain-name-servers" msgstr "domain-name-servers" -#: ../../configuration/service/dhcp-server.rst:351 -#: ../../configuration/service/dhcp-server.rst:353 +#: ../../configuration/service/dhcp-server.rst:318 +#: ../../configuration/service/dhcp-server.rst:320 msgid "domain-search" msgstr "domain-search" @@ -20215,7 +19374,7 @@ msgstr "domain-search" msgid "emerg" msgstr "emerg" -#: ../../configuration/firewall/general.rst:147 +#: ../../configuration/firewall/global-options.rst:84 msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:" msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:" @@ -20223,13 +19382,11 @@ msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following sy msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:" msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:" -#: ../../configuration/firewall/general.rst:139 -#: ../../configuration/firewall/general-legacy.rst:90 +#: ../../configuration/firewall/global-options.rst:76 msgid "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:" msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:" -#: ../../configuration/firewall/general.rst:154 -#: ../../configuration/firewall/general-legacy.rst:105 +#: ../../configuration/firewall/global-options.rst:91 msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" @@ -20245,11 +19402,11 @@ msgstr "ethernet" msgid "exact-match: exact match of the network prefixes." msgstr "exact-match: exact match of the network prefixes." -#: ../../configuration/service/dhcp-server.rst:376 +#: ../../configuration/service/dhcp-server.rst:343 msgid "exclude" msgstr "exclude" -#: ../../configuration/service/dhcp-server.rst:381 +#: ../../configuration/service/dhcp-server.rst:348 msgid "failover" msgstr "failover" @@ -20318,11 +19475,15 @@ msgstr "invalid" msgid "inverse-match: network/netmask to match (requires network be defined)." msgstr "inverse-match: network/netmask to match (requires network be defined)." -#: ../../configuration/service/dhcp-server.rst:301 -#: ../../configuration/service/dhcp-server.rst:303 +#: ../../configuration/service/dhcp-server.rst:268 +#: ../../configuration/service/dhcp-server.rst:270 msgid "ip-forwarding" msgstr "ip-forwarding" +#: ../../configuration/system/frr.rst:33 +msgid "isisd" +msgstr "isisd" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," @@ -20339,7 +19500,11 @@ msgstr "kern" msgid "l2tpv3" msgstr "l2tpv3" -#: ../../configuration/service/dhcp-server.rst:366 +#: ../../configuration/system/frr.rst:34 +msgid "ldpd" +msgstr "ldpd" + +#: ../../configuration/service/dhcp-server.rst:333 msgid "lease" msgstr "lease" @@ -20347,19 +19512,19 @@ msgstr "lease" msgid "least-connection" msgstr "least-connection" -#: ../../configuration/vpn/site2site_ipsec.rst:271 +#: ../../configuration/vpn/site2site_ipsec.rst:275 msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device" msgstr "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device" -#: ../../configuration/vpn/site2site_ipsec.rst:163 +#: ../../configuration/vpn/site2site_ipsec.rst:167 msgid "left local_ip: `198.51.100.3` # server side WAN IP" msgstr "left local_ip: `198.51.100.3` # server side WAN IP" -#: ../../configuration/vpn/site2site_ipsec.rst:272 +#: ../../configuration/vpn/site2site_ipsec.rst:276 msgid "left public_ip:172.18.201.10" msgstr "left public_ip:172.18.201.10" -#: ../../configuration/vpn/site2site_ipsec.rst:161 +#: ../../configuration/vpn/site2site_ipsec.rst:165 msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)" msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)" @@ -20439,28 +19604,9 @@ msgstr "logalert" msgid "logaudit" msgstr "logaudit" -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 #: ../../configuration/interfaces/pppoe.rst:237 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 #: ../../configuration/interfaces/sstp-client.rst:109 #: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 -#: ../../_include/interface-ip.txt:186 msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." @@ -20472,7 +19618,15 @@ msgstr "lpr" msgid "mDNS Repeater" msgstr "mDNS Repeater" -#: ../../configuration/service/mdns.rst:28 +#: ../../configuration/service/mdns.rst:38 +msgid "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted." +msgstr "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted." + +#: ../../configuration/service/mdns.rst:33 +msgid "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6." +msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6." + +#: ../../configuration/service/mdns.rst:29 msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "mDNS repeater can be temporarily disabled without deleting the service using" @@ -20512,12 +19666,12 @@ msgstr "more information related IGP - :ref:`routing-isis`" msgid "more information related IGP - :ref:`routing-ospf`" msgstr "more information related IGP - :ref:`routing-ospf`" -#: ../../configuration/service/dhcp-server.rst:291 +#: ../../configuration/service/dhcp-server.rst:258 #: ../../configuration/service/router-advert.rst:1 msgid "name-server" msgstr "name-server" -#: ../../configuration/service/dhcp-server.rst:313 +#: ../../configuration/service/dhcp-server.rst:280 msgid "netbios-name-servers" msgstr "netbios-name-servers" @@ -20533,7 +19687,7 @@ msgstr "network: network/netmask to match (requires inverse-match be defined) BU msgid "news" msgstr "news" -#: ../../configuration/service/dhcp-server.rst:323 +#: ../../configuration/service/dhcp-server.rst:290 msgid "next-server" msgstr "next-server" @@ -20557,11 +19711,11 @@ msgstr "notice" msgid "ntp" msgstr "ntp" -#: ../../configuration/service/dhcp-server.rst:306 +#: ../../configuration/service/dhcp-server.rst:273 msgid "ntp-server" msgstr "ntp-server" -#: ../../configuration/service/dhcp-server.rst:308 +#: ../../configuration/service/dhcp-server.rst:275 msgid "ntp-servers" msgstr "ntp-servers" @@ -20573,6 +19727,14 @@ msgstr "one rule with a LAN (inbound-interface) and the WAN (interface)." msgid "openvpn" msgstr "openvpn" +#: ../../configuration/system/frr.rst:35 +msgid "ospf6d" +msgstr "ospf6d" + +#: ../../configuration/system/frr.rst:36 +msgid "ospfd" +msgstr "ospfd" + #: ../../configuration/protocols/ospf.rst:207 msgid "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration." msgstr "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration." @@ -20601,8 +19763,8 @@ msgstr "policy extcommunity-list" msgid "policy large-community-list" msgstr "policy large-community-list" -#: ../../configuration/service/dhcp-server.rst:346 -#: ../../configuration/service/dhcp-server.rst:348 +#: ../../configuration/service/dhcp-server.rst:313 +#: ../../configuration/service/dhcp-server.rst:315 msgid "pop-server" msgstr "pop-server" @@ -20619,8 +19781,8 @@ msgstr "prefix-list, distribute-list" msgid "pseudo-ethernet" msgstr "pseudo-ethernet" -#: ../../configuration/service/dhcp-server.rst:371 -#: ../../configuration/service/dhcp-server.rst:373 +#: ../../configuration/service/dhcp-server.rst:338 +#: ../../configuration/service/dhcp-server.rst:340 msgid "range" msgstr "range" @@ -20636,7 +19798,7 @@ msgstr "reset commands" msgid "retrans-timer" msgstr "retrans-timer" -#: ../../configuration/service/dhcp-server.rst:358 +#: ../../configuration/service/dhcp-server.rst:325 msgid "rfc3442-static-route, windows-static-route" msgstr "rfc3442-static-route, windows-static-route" @@ -20644,18 +19806,22 @@ msgstr "rfc3442-static-route, windows-static-route" msgid "rfc3768-compatibility" msgstr "rfc3768-compatibility" -#: ../../configuration/vpn/site2site_ipsec.rst:273 +#: ../../configuration/vpn/site2site_ipsec.rst:277 msgid "right local_ip: 172.18.202.10 # right side WAN IP" msgstr "right local_ip: 172.18.202.10 # right side WAN IP" -#: ../../configuration/vpn/site2site_ipsec.rst:165 +#: ../../configuration/vpn/site2site_ipsec.rst:169 msgid "right local_ip: `203.0.113.2` # remote office side WAN IP" msgstr "right local_ip: `203.0.113.2` # remote office side WAN IP" -#: ../../configuration/vpn/site2site_ipsec.rst:164 +#: ../../configuration/vpn/site2site_ipsec.rst:168 msgid "right subnet: `10.0.0.0/24` site2,remote office side" msgstr "right subnet: `10.0.0.0/24` site2,remote office side" +#: ../../configuration/system/frr.rst:37 +msgid "ripd" +msgstr "ripd" + #: ../../configuration/highavailability/index.rst:349 msgid "round-robin" msgstr "round-robin" @@ -20665,7 +19831,7 @@ msgstr "round-robin" msgid "route-map" msgstr "route-map" -#: ../../configuration/service/dhcp-server.rst:283 +#: ../../configuration/service/dhcp-server.rst:250 msgid "routers" msgstr "routers" @@ -20682,7 +19848,7 @@ msgstr "sFlow is a technology that enables monitoring of network traffic by send msgid "security" msgstr "security" -#: ../../configuration/service/dhcp-server.rst:316 +#: ../../configuration/service/dhcp-server.rst:283 msgid "server-identifier" msgstr "server-identifier" @@ -20694,8 +19860,8 @@ msgstr "server example" msgid "set a destination and/or source address. Accepted input:" msgstr "set a destination and/or source address. Accepted input:" -#: ../../configuration/nat/nat44.rst:729 -#: ../../configuration/nat/nat44.rst:734 +#: ../../configuration/nat/nat44.rst:751 +#: ../../configuration/nat/nat44.rst:756 msgid "sha256 Hashes" msgstr "sha256 Hashes" @@ -20703,7 +19869,7 @@ msgstr "sha256 Hashes" msgid "show commands" msgstr "show commands" -#: ../../configuration/service/dhcp-server.rst:322 +#: ../../configuration/service/dhcp-server.rst:289 msgid "siaddr" msgstr "siaddr" @@ -20711,8 +19877,8 @@ msgstr "siaddr" msgid "slow: Request partner to transmit LACPDUs every 30 seconds" msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" -#: ../../configuration/service/dhcp-server.rst:341 -#: ../../configuration/service/dhcp-server.rst:343 +#: ../../configuration/service/dhcp-server.rst:308 +#: ../../configuration/service/dhcp-server.rst:310 msgid "smtp-server" msgstr "smtp-server" @@ -20732,40 +19898,21 @@ msgstr "spoke01-spoke04" msgid "spoke05" msgstr "spoke05" -#: ../../configuration/service/dhcp-server.rst:386 +#: ../../configuration/service/dhcp-server.rst:353 msgid "static-mapping" msgstr "static-mapping" -#: ../../configuration/service/dhcp-server.rst:356 +#: ../../configuration/service/dhcp-server.rst:323 msgid "static-route" msgstr "static-route" -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 #: ../../configuration/interfaces/pppoe.rst:233 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 #: ../../configuration/interfaces/sstp-client.rst:105 #: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 -#: ../../_include/interface-ip.txt:182 msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded." msgstr "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded." -#: ../../configuration/service/dhcp-server.rst:271 +#: ../../configuration/service/dhcp-server.rst:238 msgid "subnet-mask" msgstr "subnet-mask" @@ -20781,8 +19928,8 @@ msgstr "tail" msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend." msgstr "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend." -#: ../../configuration/service/dhcp-server.rst:326 -#: ../../configuration/service/dhcp-server.rst:328 +#: ../../configuration/service/dhcp-server.rst:293 +#: ../../configuration/service/dhcp-server.rst:295 msgid "tftp-server-name" msgstr "tftp-server-name" @@ -20791,16 +19938,16 @@ msgstr "tftp-server-name" msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs." msgstr "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs." -#: ../../configuration/service/dhcp-server.rst:275 -#: ../../configuration/service/dhcp-server.rst:277 +#: ../../configuration/service/dhcp-server.rst:242 +#: ../../configuration/service/dhcp-server.rst:244 msgid "time-offset" msgstr "time-offset" -#: ../../configuration/service/dhcp-server.rst:286 +#: ../../configuration/service/dhcp-server.rst:253 msgid "time-server" msgstr "time-server" -#: ../../configuration/service/dhcp-server.rst:288 +#: ../../configuration/service/dhcp-server.rst:255 msgid "time-servers" msgstr "time-servers" @@ -20861,7 +20008,7 @@ msgstr "weighted-round-robin" msgid "while a *byte* is written as a single **b**." msgstr "while a *byte* is written as a single **b**." -#: ../../configuration/service/dhcp-server.rst:311 +#: ../../configuration/service/dhcp-server.rst:278 msgid "wins-server" msgstr "wins-server" @@ -20877,14 +20024,18 @@ msgstr "wireless" msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases." msgstr "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases." -#: ../../configuration/service/dhcp-server.rst:361 +#: ../../configuration/service/dhcp-server.rst:328 msgid "wpad-url" msgstr "wpad-url" -#: ../../configuration/service/dhcp-server.rst:363 +#: ../../configuration/service/dhcp-server.rst:330 msgid "wpad-url, wpad-url code 252 = text" msgstr "wpad-url, wpad-url code 252 = text" #: ../../configuration/service/router-advert.rst:23 msgid "wwan" msgstr "wwan" + +#: ../../configuration/system/frr.rst:38 +msgid "zebra" +msgstr "zebra" |