summaryrefslogtreecommitdiff
path: root/docs/quick-start.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/quick-start.rst')
-rw-r--r--docs/quick-start.rst32
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 04746017..bb651c29 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -9,14 +9,14 @@ for a device with two interfaces.
Enter configuration mode:
-.. code-block:: console
+.. code-block:: none
vyos@vyos$ configure
vyos@vyos#
Configure network interfaces:
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'OUTSIDE'
@@ -25,14 +25,14 @@ Configure network interfaces:
Enable SSH for remote management:
-.. code-block:: console
+.. code-block:: none
set service ssh port '22'
Configure DHCP Server and DNS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-.. code-block:: console
+.. code-block:: none
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1'
@@ -43,7 +43,7 @@ Configure DHCP Server and DNS
And a DNS forwarder:
-.. code-block:: console
+.. code-block:: none
set service dns forwarding cache-size '0'
set service dns forwarding listen-address '192.168.0.1'
@@ -55,7 +55,7 @@ NAT and Firewall
Configure Source NAT for our "Inside" network.
-.. code-block:: console
+.. code-block:: none
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.168.0.0/24'
@@ -65,7 +65,7 @@ Add a set of firewall policies for our "Outside" interface.
This configuration creates a proper stateful firewall that blocks all traffic:
-.. code-block:: console
+.. code-block:: none
set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
@@ -86,7 +86,7 @@ could create some additional rules to allow the traffic.
These rules allow SSH traffic and rate limit it to 4 requests per minute. This
blocks brute-forcing attempts:
-.. code-block:: console
+.. code-block:: none
set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
@@ -101,14 +101,14 @@ blocks brute-forcing attempts:
Apply the firewall policies:
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
Commit changes, save the configuration, and exit configuration mode:
-.. code-block:: console
+.. code-block:: none
vyos@vyos# commit
vyos@vyos# save
@@ -127,7 +127,7 @@ One common use of traffic policy is to limit bandwidth for an interface. In
the example below we limit bandwidth for our LAN connection to 200 Mbit
download and out WAN connection to 50 Mbit upload:
-.. code-block:: console
+.. code-block:: none
set traffic-policy shaper WAN-OUT bandwidth '50Mbit'
set traffic-policy shaper WAN-OUT default bandwidth '50%'
@@ -140,7 +140,7 @@ download and out WAN connection to 50 Mbit upload:
Resulting in the following configuration:
-.. code-block:: console
+.. code-block:: none
traffic-policy {
shaper WAN-OUT {
@@ -164,7 +164,7 @@ Resulting in the following configuration:
Once defined, a traffic policy can be applied to each interface using the
interface-level traffic-policy directive:
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 traffic-policy out 'WAN-OUT'
set interfaces ethernet eth1 traffic-policy out 'LAN-OUT'
@@ -184,7 +184,7 @@ additional configuration steps that should be taken.
Create a user to replace the default `vyos` user:
-.. code-block:: console
+.. code-block:: none
set system login user myvyosuser level admin
set system login user myvyosuser authentication plaintext-password mysecurepassword
@@ -192,7 +192,7 @@ Create a user to replace the default `vyos` user:
Set up SSH key based authentication. For example, on Linux you'd want to run
``ssh-keygen -t rsa``. Then the contents of ``id_rsa.pub`` would be used below:
-.. code-block:: console
+.. code-block:: none
set system login user myvyosuser authentication public-keys myusername@mydesktop type ssh-rsa
set system login user myvyosuser authentication public-keys myusername@mydesktop key contents_of_id_rsa.pub
@@ -204,7 +204,7 @@ confirmed that your new user can access your server, without a password, delete
the original ``vyos`` user and probably disable password authentication for
SSH:
-.. code-block:: console
+.. code-block:: none
delete system login user vyos
set service ssh disable-password-authentication