diff options
Diffstat (limited to 'docs/configuration/firewall')
| -rw-r--r-- | docs/configuration/firewall/ipv4.rst | 8 | ||||
| -rw-r--r-- | docs/configuration/firewall/ipv6.rst | 8 | 
2 files changed, 16 insertions, 0 deletions
| diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index d425b41f..2a654fd7 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -686,6 +686,10 @@ geoip) to keep database and rules updated.     For example: ``eth2*``. Prepending character ``!`` for inverted matching     criteria is also supportd. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using +   **inbound-interface**, vrf name must be used. For example ``set firewall +   ipv4 forward filter rule 10 inbound-interface name MGMT`` +  .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>     inbound-interface group <iface_group>  .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> @@ -707,6 +711,10 @@ geoip) to keep database and rules updated.     For example: ``eth2*``. Prepending character ``!`` for inverted matching     criteria is also supportd. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using +   **outbound-interface**, real interface name must be used. For example +   ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0`` +  .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>     outbound-interface group <iface_group>  .. cfgcmd:: set firewall ipv4 output filter rule <1-999999> diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index ce8c5ccf..19df996a 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -700,6 +700,10 @@ geoip) to keep database and rules updated.     For example: ``eth2*``. Prepending character ``!`` for inverted matching     criteria is also supportd. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using +   **inbound-interface**, vrf name must be used. For example ``set firewall +   ipv6 forward filter rule 10 inbound-interface name MGMT`` +  .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>     inbound-interface group <iface_group>  .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> @@ -721,6 +725,10 @@ geoip) to keep database and rules updated.     For example: ``eth2*``. Prepending character ``!`` for inverted matching     criteria is also supportd. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using +   **outbound-interface**, real interface name must be used. For example +   ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0`` +  .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>     outbound-interface group <iface_group>  .. cfgcmd:: set firewall ipv6 output filter rule <1-999999> | 
