diff options
Diffstat (limited to 'docs/configuration/firewall/zone.rst')
| -rw-r--r-- | docs/configuration/firewall/zone.rst | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index b27e02b9..1ab9c630 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -1,4 +1,4 @@ -:lastproofread: 2022-09-14 +:lastproofread: 2023-11-01 .. _firewall-zone: @@ -6,9 +6,43 @@ Zone Based Firewall ################### +******** +Overview +******** + +.. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall + structure can be found on all vyos instalations. Zone based firewall was + removed in that version, but re introduced in VyOS 1.4 and 1.5. All + versions built after 2023-10-22 has this feature. + Documentation for most of the new firewall CLI can be + found in the `firewall + <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ + chapter. The legacy firewall is still available for versions before + 1.4-rolling-202308040557 and can be found in the + :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` + chapter. + +In this section there's useful information of all firewall configuration that +is needed for zone-based firewall. +Configuration commands covered in this section: + +.. cfgcmd:: set firewall zone ... + +From main structure defined in +:doc:`Firewall Overview</configuration/firewall/index>` +in this section you can find detailed information only for the next part +of the general structure: + +.. code-block:: none + + - set firewall + * zone + - custom_zone_name + + ... + In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to -firewall rules. A Zone is a group of interfaces that have similar functions or +firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network. @@ -36,7 +70,7 @@ firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs. -An basic introduction to zone-based firewalls can be found `here +A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`. |