summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/configuration-overview.rst9
-rw-r--r--docs/firewall.rst12
2 files changed, 17 insertions, 4 deletions
diff --git a/docs/configuration-overview.rst b/docs/configuration-overview.rst
index cb5bf716..7d0e8767 100644
--- a/docs/configuration-overview.rst
+++ b/docs/configuration-overview.rst
@@ -221,7 +221,7 @@ These commands are also relative to the level where they are executed and all re
These two commands above are essentially the same, just executed from different levels in the hierarchy.
To delete a configuration entry use the `delete` command, this also deletes all sub-levels under the current level you've specified in the `delete` command.
-Deleting an entry would also result in the element reverting back to its default value if one exist.
+Deleting an entry will also result in the element reverting back to its default value if one exists.
.. code-block:: sh
@@ -351,6 +351,9 @@ To compare configuration revisions in configuration mode, use the compare comman
[edit]
vyos@vyos#
+Comparing Revisions
+"""""""""""""""""""
+
You can compare revisions with `compare X Y` command, where X and Y are revision numbers. The output will describe how the configuration X is when compared to Y, indicating with a plus sign (**+**) the additional parts X has when compared to y, and indicating with a minus sign (**-**) the lacking parts x misses when compared to y.
.. code-block:: sh
@@ -368,6 +371,8 @@ You can compare revisions with `compare X Y` command, where X and Y are revision
- address 192.0.2.4/24
-}
+Rolling Back Changes
+""""""""""""""""""""
You can rollback configuration using the rollback command. This
command will apply the selected revision and trigger a system reboot.
@@ -386,7 +391,7 @@ command will apply the selected revision and trigger a system reboot.
vyos@vyos#
Configuring the archive size
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+""""""""""""""""""""""""""""
You can specify the number of revisions stored on disk with `set system config-management commit-revisions X`, where X is a number between 0 and 65535. When the number of revisions exceeds that number, the oldest revision is removed.
diff --git a/docs/firewall.rst b/docs/firewall.rst
index f875ad12..f4708b2a 100644
--- a/docs/firewall.rst
+++ b/docs/firewall.rst
@@ -37,7 +37,7 @@ or the need to reload individual firewall rules.
.. note:: Groups can also be referenced by NAT configuration.
-While network groups accept IP networks in CIDR notation, specific IP addresses
+While **network groups** accept IP networks in CIDR notation, specific IP addresses
can be added as a 32-bit prefix. If you foresee the need to add a mix of
addresses and networks, the network group is recommended.
@@ -49,7 +49,15 @@ internal network:
set firewall group network-group NET-INSIDE network 192.168.0.0/24
set firewall group network-group NET-INSIDE network 192.168.1.0/24
-A port group represents only port numbers, not the protocol. Port groups can
+Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append "-v4" or "-v6" to your group names.
+
+.. code-block:: sh
+
+ set firewall group network-group NET-INSIDE-v4 network 192.168.1.0/24
+ set firewall group ipv6-network-group NET-INSIDE-v6 network 2001:db8::/64
+
+
+A **port group** represents only port numbers, not the protocol. Port groups can
be referenced for either TCP or UDP. It is recommended that TCP and UDP groups
are created separately to avoid accidentally filtering unnecessary ports.
Ranges of ports can be specified by using `-`.