diff options
Diffstat (limited to 'docs/configuration/service')
| -rw-r--r-- | docs/configuration/service/broadcast-relay.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/service/conntrack-sync.rst | 9 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst | 107 | ||||
| -rw-r--r-- | docs/configuration/service/dns.rst | 98 | ||||
| -rw-r--r-- | docs/configuration/service/https.rst | 37 | ||||
| -rw-r--r-- | docs/configuration/service/ids.rst | 6 | ||||
| -rw-r--r-- | docs/configuration/service/ipoe-server.rst | 17 | ||||
| -rw-r--r-- | docs/configuration/service/ntp.rst | 8 | ||||
| -rw-r--r-- | docs/configuration/service/pppoe-server.rst | 3 | ||||
| -rw-r--r-- | docs/configuration/service/router-advert.rst | 65 | ||||
| -rw-r--r-- | docs/configuration/service/salt-minion.rst | 2 |
11 files changed, 279 insertions, 77 deletions
diff --git a/docs/configuration/service/broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst index b6e2bed7..f64bb208 100644 --- a/docs/configuration/service/broadcast-relay.rst +++ b/docs/configuration/service/broadcast-relay.rst @@ -20,7 +20,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id <n> description <description> A description can be added for each and every unique relay ID. This is - useful to distinguish between multiple different ports/appliactions. + useful to distinguish between multiple different ports/applications. .. cfgcmd:: set service broadcast-relay id <n> interface <interface> @@ -35,7 +35,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id <n> port <port> - The UDP port number used by your apllication. It is mandatory for this kind + The UDP port number used by your application. It is mandatory for this kind of operation. .. cfgcmd:: set service broadcast-relay id <n> disable diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index d43f2385..232db1a8 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -29,7 +29,7 @@ will be mandatorily defragmented. It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the -"peer" keywork after the specificed interface, as in the following example: +"peer" keywork after the specified interface, as in the following example: :cfgcmd:`set service conntrack-sync interface eth0 peer 192.168.0.250` @@ -102,6 +102,11 @@ Configuration Disable connection logging via Syslog. +.. cfgcmd:: set service conntrack-sync startup-resync + + Order conntrackd to request a complete conntrack table resync against + the other node at startup. + ********* Operation ********* @@ -199,7 +204,7 @@ Now configure conntrack-sync service on ``router1`` **and** ``router2`` .. code-block:: none - set high-availablilty vrrp group internal virtual-address ... etc ... + set high-availability vrrp group internal virtual-address ... etc ... set high-availability vrrp sync-group syncgrp member 'internal' set service conntrack-sync accept-protocol 'tcp' set service conntrack-sync accept-protocol 'udp' diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index 6813d2c0..50e9ee7e 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -49,10 +49,26 @@ Configuration Inform client that the DNS server can be found at `<address>`. This is the configuration parameter for the entire shared network definition. - All subnets will inherit this configuration item if not specified locally. - + All subnets will inherit this configuration item if not specified locally. Multiple DNS servers can be defined. +.. cfgcmd:: set service dhcp-server shared-network-name <name> option + vendor-option <option-name> + + This configuration parameter lets you specify a vendor-option for the + entire shared network definition. All subnets will inherit this + configuration item if not specified locally. An example for Ubiquiti is + shown below: + +**Example:** + +Pass address of Unifi controller at ``172.16.100.1`` to all clients of ``NET1`` + +.. code-block:: none + + set service dhcp-server shared-network-name 'NET1' option vendor-option + ubiquiti '172.16.100.1' + .. cfgcmd:: set service dhcp-server listen-address <address> This configuration parameter lets the DHCP server to listen for DHCP @@ -132,28 +148,62 @@ Individual Client Subnet request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119). -Failover --------- +.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> + option vendor-option <option-name> + + This configuration parameter lets you specify a vendor-option for the + subnet specified within the shared network definition. An example for + Ubiquiti is shown below: + +**Example:** + +Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of +Unifi controller at ``172.16.100.1`` to clients of that subnet. + +.. code-block:: none + + set service dhcp-server shared-network-name 'NET1' subnet + '172.18.201.0/24' option vendor-option ubiquiti '172.16.100.1' + + +High Availability +----------------- -VyOS provides support for DHCP failover. DHCP failover must be configured -explicitly by the following statements. +VyOS provides High Availability support for DHCP server. DHCP High +Availability can act in two different modes: -.. cfgcmd:: set service dhcp-server failover source-address <address> +* **Active-active**: both DHCP servers will respond to DHCP requests. If + ``mode`` is not defined, this is the default behavior. - Local IP `<address>` used when communicating to the failover peer. +* **Active-passive**: only ``primary`` server will respond to DHCP requests. + If this server goes offline, then ``secondary`` server will take place. -.. cfgcmd:: set service dhcp-server failover remote <address> +DHCP High Availability must be configured explicitly by the following +statements on both servers: - Remote peer IP `<address>` of the second DHCP server in this failover +.. cfgcmd:: set service dhcp-server high-availability mode [active-active + | active-passive] + + Define operation mode of High Availability feature. Default value if command + is not specified is `active-active` + +.. cfgcmd:: set service dhcp-server high-availability source-address <address> + + Local IP `<address>` used when communicating to the HA peer. + +.. cfgcmd:: set service dhcp-server high-availability remote <address> + + Remote peer IP `<address>` of the second DHCP server in this HA cluster. -.. cfgcmd:: set service dhcp-server failover name <name> +.. cfgcmd:: set service dhcp-server high-availability name <name> A generic `<name>` referencing this sync service. .. note:: `<name>` must be identical on both sides! -.. cfgcmd:: set service dhcp-server failover status <primary | secondary> +.. cfgcmd:: set service dhcp-server high-availability status <primary + | secondary> The primary and secondary statements determines whether the server is primary or secondary. @@ -162,12 +212,12 @@ explicitly by the following statements. their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly. - .. hint:: The dialogue between failover partners is neither encrypted nor + .. hint:: The dialogue between HA partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you - have DHCP failover peers whose communications traverse insecure networks, + have DHCP HA peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them - to ensure that the failover partnership is immune to disruption + to ensure that the HA partnership is immune to disruption (accidental or otherwise) via third parties. Static mappings @@ -371,12 +421,13 @@ Please see the :ref:`dhcp-dns-quick-start` configuration. .. _dhcp-server:v4_example_failover: -Failover --------- +High Availability +----------------- -Configuration of a DHCP failover pair +Configuration of a DHCP HA pair: -* Setup DHCP failover for network 192.0.2.0/24 +* Setup DHCP HA for network 192.0.2.0/24 +* Use active-active HA mode. * Default gateway and DNS server is at `192.0.2.254` * The primary DHCP server uses address `192.168.189.252` * The secondary DHCP server uses address `192.168.189.253` @@ -398,19 +449,21 @@ Common configuration, valid for both primary and secondary node. .. code-block:: none - set service dhcp-server failover source-address '192.168.189.252' - set service dhcp-server failover name 'NET-VYOS' - set service dhcp-server failover remote '192.168.189.253' - set service dhcp-server failover status 'primary' + set service dhcp-server high-availability mode 'active-active' + set service dhcp-server high-availability source-address '192.168.189.252' + set service dhcp-server high-availability name 'NET-VYOS' + set service dhcp-server high-availability remote '192.168.189.253' + set service dhcp-server high-availability status 'primary' **Secondary** .. code-block:: none - set service dhcp-server failover source-address '192.168.189.253' - set service dhcp-server failover name 'NET-VYOS' - set service dhcp-server failover remote '192.168.189.252' - set service dhcp-server failover status 'secondary' + set service dhcp-server high-availability mode 'active-active' + set service dhcp-server high-availability source-address '192.168.189.253' + set service dhcp-server high-availability name 'NET-VYOS' + set service dhcp-server high-availability remote '192.168.189.252' + set service dhcp-server high-availability status 'secondary' .. _dhcp-server:v4_example_raw: diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index c6deb179..365e7885 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -143,6 +143,100 @@ avoid being tracked by the provider of your upstream DNS server. 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones. +Authoritative zones +------------------- + +The VyOS DNS forwarder can also be configured to host authoritative records for a domain. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> disable + + Disable hosting authoritative zone for `<domain-name>` without deleting from + configuration. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records <type> + <name> disable + + Disable specific record without deleting it from configuration. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records <type> + <name> ttl <seconds> + + Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds. + +Record types +^^^^^^^^^^^^ + +Below are a list of record types available to be configured within VyOS. Some records +support special `<name>` keywords: + +* ``@`` Use @ as record name to set the record for the root domain. + +* ``any`` Use any as record name to configure the record as a wildcard. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + a <name> address <x.x.x.x> + + Set an :abbr:`A (Address)` record. Supports ``@`` and ``any`` keywords. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + aaaa <name> address <h:h:h:h:h:h:h:h> + + Set an :abbr:`AAAA (IPv6 Address)` record. Supports ``@`` and ``any`` keywords. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + cname <name> target <target-domain-name> + + Set an :abbr:`CNAME (Canonical name)` record. Supports ``@`` keyword. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + naptr <name> rule <rule-number> <option> <value> + + Set an :abbr:`NAPTR (Naming authority pointer)` record. Supports ``@`` keyword. + NAPTR records support the following options: + + * **lookup-a** A Flag. + + * **lookup-srv** S flag. + + * **order** Rule order. Requires `<value>`. + + * **preference** Rule preference. Requires `<value>`. Defaults to 0 if not set. + + * **protocol-specific** P flag. + + * **regexp** Regular expression. Requires `<value>`. + + * **replacement** Replacement DNS name. + + * **resolve-uri** U flag. + + * **service** Service type. Requires `<value>`. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + ns <name> target <target-name> + + Set an :abbr:`NS (Nameserver)` record. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + ptr <name> target <target-name> + + Set an :abbr:`PTR (Pointer record)` record. Supports ``@`` keyword. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + spf <name> value <value> + + Set an :abbr:`SPF (Sender policy framework)` record. Supports ``@`` keyword. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + srv <name> entry <entry-number> [hostname | port | priority | weight] <value> + + Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword. + +.. cfgcmd:: set service dns forwarding authoritative-domain <domain-name> records + txt <name> value <value> + + Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword. + Example ======= @@ -208,7 +302,7 @@ one involves a third party service, like DynDNS.com or any other such service provider. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS. -.. _dns:dynmaic_config: +.. _dns:dynamic_config: Configuration ============= @@ -254,7 +348,7 @@ Configuration Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds. -.. _dns:dynmaic_example: +.. _dns:dynamic_example: Example ^^^^^^^ diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index 973c5355..af397456 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -53,7 +53,11 @@ Configuration .. cfgcmd:: set service https vrf <name> - Start Webserver in given VRF. + Start Webserver in given VRF. + +.. cfgcmd:: set service https request-body-size-limit <size> + + Set the maximum request body size in megabytes. Default is 1MB. API === @@ -70,7 +74,36 @@ API .. cfgcmd:: set service https api strict - Enforce strict path checking + Enforce strict path checking. + +.. cfgcmd:: set service https api cors allow-origin <origin> + + Allow cross-origin requests from `<origin>`. + +GraphQL +======= + +.. cfgcmd:: set service https api graphql introspection + + Enable GraphQL Schema introspection. + +.. note:: Do not leave introspection enabled in production, it is a security risk. + +.. cfgcmd:: set service https api graphql authentication type <key | token> + + Set the authentication type for GraphQL, default option is key. Available options are: + + * ``key`` use API keys configured in ``service https api keys`` + + * ``token`` use JWT tokens. + +.. cfgcmd:: set service https api graphql authentication expiration + + Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. + +.. cfgcmd:: set service https api graphql authentication secret-length + + Set the byte length of the JWT secret. Default is 32. ********************* Example Configuration diff --git a/docs/configuration/service/ids.rst b/docs/configuration/service/ids.rst index 3e508d50..8a64467f 100644 --- a/docs/configuration/service/ids.rst +++ b/docs/configuration/service/ids.rst @@ -33,7 +33,7 @@ Configuration Configure direction for processing traffic. .. cfgcmd:: set service ids ddos-protection exclude-network <x.x.x.x/x> -.. cfgcmd:: set service ids ddos-protection exlude-network <h:h:h:h:h:h:h:h/x> +.. cfgcmd:: set service ids ddos-protection exclude-network <h:h:h:h:h:h:h:h/x> Specify IPv4 and/or IPv6 networks which are going to be excluded. @@ -56,7 +56,7 @@ Configuration .. cfgcmd:: set service ids ddos-protection sflow port <1-65535> - Configure port number to be used for sflow conection. Default port is 6343. + Configure port number to be used for sflow connection. Default port is 6343. .. cfgcmd:: set service ids ddos-protection threshold general [fps | mbps | pps] <0-4294967294> @@ -96,7 +96,7 @@ In this simplified scenario, main things to be considered are: * Interface **eth0** used to connect to upstream. Since we are analyzing attacks to and from our internal network, two types -of attacks can be identified, and differents actions are needed: +of attacks can be identified, and different actions are needed: * External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 64048552..ef06bcd5 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -26,13 +26,13 @@ functionality as PPPoE, but in a less robust manner. Configuring IPoE Server *********************** -IPoE can be configure on different interfaces, it will depend on each specific -situation which interface will provide IPoE to clients. The clients mac address +IPoE can be configured on different interfaces, it will depend on each specific +situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client. The example configuration below will assign an IP to the client on the incoming -interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP +interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration. @@ -85,12 +85,11 @@ the configuration. .. cfgcmd:: set service ipoe-server interface <interface> mode <l2 | l3> - Set authentication backend. The configured authentication backend is used - for all queries. + Specifies the client connectivity mode. * **l2**: It means that clients are on same network where interface is.**(default)** - * **local**: It means that client are behind some router. + * **l3**: It means that client are behind some router. .. cfgcmd:: set service ipoe-server interface <interface> network <shared | vlan> @@ -279,7 +278,7 @@ IPv6 .. code-block:: none set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service ipoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service ipoe-server default-ipv6-pool IPv6-POOL ********* @@ -434,7 +433,7 @@ Toubleshooting .. code-block:: none - vyos@vyos:~$sudo journalctl -u accel-ppp@ipoe -b 0 + vyos@vyos:~$ show log ipoe-server Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:: recv [DHCPv4 Discover xid=55df9228 chaddr=0c:98:bd:b8:00:01 <Message-Type Discover> <Request-IP 192.168.0.3> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Classless-Route,Domain-Name,MTU>] Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: eth1.100: authentication succeeded @@ -447,4 +446,4 @@ Toubleshooting .. include:: /_include/common-references.txt .. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911 -.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file +.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index e7ee392b..266376cf 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -46,9 +46,9 @@ Configuration There are 3 default NTP server set. You are able to change them. - * ``0.pool.ntp.org`` - * ``1.pool.ntp.org`` - * ``2.pool.ntp.org`` + * ``time1.vyos.net`` + * ``time2.vyos.net`` + * ``time3.vyos.net`` .. cfgcmd:: set service ntp server <address> <noselect | nts | pool | prefer> @@ -85,7 +85,7 @@ Configuration .. cfgcmd:: set service ntp leap-second [ignore|smear|system|timezone] - Define how to handle leaf-seonds. + Define how to handle leap-seconds. * `ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 99b3fbb5..d9a16036 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -24,7 +24,6 @@ Configuring PPPoE Server set service pppoe-server authentication local-users username test password 'test' set service pppoe-server client-ip-pool PPPOE-POOL range 192.168.255.2-192.168.255.254 set service pppoe-server default-pool 'PPPOE-POOL' - set service pppoe-server outside-address 192.0.2.2 set service pppoe-server gateway-address 192.168.255.1 set service pppoe-server interface eth0 @@ -374,7 +373,7 @@ IPv6 set service pppoe-server ppp-options ipv6 allow set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service pppoe-server default-ipv6-pool IPv6-POOL IPv6 Advanced Options diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst index f179153a..8f984b10 100644 --- a/docs/configuration/service/router-advert.rst +++ b/docs/configuration/service/router-advert.rst @@ -13,6 +13,7 @@ Supported interface types: * bonding * bridge * ethernet + * geneve * l2tpv3 * openvpn * pseudo-ethernet @@ -22,9 +23,9 @@ Supported interface types: * wireless * wwan - -Enabling Advertisments -~~~~~~~~~~~~~~~~~~~~~~~ +************* +Configuration +************* .. cfgcmd:: set service router-advert interface <interface> ... @@ -37,7 +38,7 @@ Enabling Advertisments "Cur Hop Limit", "hop-limit", "Hop count field of the outgoing RA packets" """Managed address configuration"" flag", "managed-flag", "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" """Other configuration"" flag", "other-config-flag", "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information" - "MTU","link-mtu","Link MTU value placed in RAs, exluded in RAs if unset" + "MTU","link-mtu","Link MTU value placed in RAs, excluded in RAs if unset" "Router Lifetime","default-lifetime","Lifetime associated with the default router in units of seconds" "Reachable Time","reachable-time","Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation" "Retransmit Timer","retrans-timer","Time in milliseconds between retransmitted Neighbor Solicitation messages" @@ -50,7 +51,7 @@ Enabling Advertisments Advertising a Prefix -'''''''''''''''''''' +-------------------- .. cfgcmd:: set service router-advert interface <interface> prefix <prefix/mask> @@ -73,30 +74,48 @@ Advertising a Prefix .. start_vyoslinter +Advertising a NAT64 Prefix +-------------------------- + +.. cfgcmd:: set service router-advert interface <interface> nat64prefix <prefix/mask> + + Enable PREF64 option as outlined in :rfc:`8781`. + + NAT64 prefix mask must be one of: /32, /40, /48, /56, /64 or 96. + + .. note:: The well known NAT64 prefix is ``64:ff9b::/96`` + +.. stop_vyoslinter + +.. csv-table:: + :header: "VyOS Field", "Description" + :widths: 10,30 + + "valid-lifetime","Time in seconds that the prefix will remain valid (default: 65528 seconds)" + +.. start_vyoslinter + Disabling Advertisements -~~~~~~~~~~~~~~~~~~~~~~~~ +------------------------ To disable advertisements without deleting the configuration: .. cfgcmd:: set service router-advert interface <interface> no-send-advert -Example Configuration -~~~~~~~~~~~~~~~~~~~~~ + +******* +Example +******* + +Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router +beeing ``2001:db8:beef:2::1`` .. code-block:: none - interface eth0.2 { - default-preference high - hop-limit 64 - interval { - max 600 - } - name-server 2001:db8::1 - name-server 2001:db8::2 - other-config-flag - prefix 2001:db8:beef:2::/64 { - valid-lifetime 2592000 - } - reachable-time 0 - retrans-timer 0 - } + set interfaces ethernet eth0 address 2001:db8:beef:2::1/64 + + set service router-advert interface eth0 default-preference 'high' + set service router-advert interface eth0 name-server '2001:db8::1' + set service router-advert interface eth0 name-server '2001:db8::2' + set service router-advert interface eth0 other-config-flag + set service router-advert interface eth0 prefix 2001:db8:beef:2::/64 diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst index aa747c36..8638246b 100644 --- a/docs/configuration/service/salt-minion.rst +++ b/docs/configuration/service/salt-minion.rst @@ -17,7 +17,7 @@ Requirements ************ To use the Salt-Minion, a running Salt-Master is required. You can find more -in the `Salt Poject Documentaion +in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_ ************* |