summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/_locale/de/404.pot8
-rw-r--r--docs/_locale/de/LC_MESSAGES/404.mobin984 -> 1252 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/automation.mobin35418 -> 37840 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/cli.mobin29208 -> 30414 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/configexamples.mobin123543 -> 127575 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/configuration.mobin1067443 -> 1148357 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/contributing.mobin109457 -> 111651 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/installation.mobin102022 -> 102388 bytes
-rw-r--r--docs/_locale/de/LC_MESSAGES/quick-start.mobin19890 -> 22278 bytes
-rw-r--r--docs/_locale/de/automation.pot130
-rw-r--r--docs/_locale/de/cli.pot48
-rw-r--r--docs/_locale/de/configexamples.pot194
-rw-r--r--docs/_locale/de/configuration.pot5623
-rw-r--r--docs/_locale/de/contributing.pot288
-rw-r--r--docs/_locale/de/copyright.pot4
-rw-r--r--docs/_locale/de/index.pot30
-rw-r--r--docs/_locale/de/installation.pot114
-rw-r--r--docs/_locale/de/quick-start.pot110
-rw-r--r--docs/_locale/en/LC_MESSAGES/404.mobin930 -> 1198 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/automation.mobin35418 -> 37840 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/cli.mobin29208 -> 30414 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/configexamples.mobin123532 -> 127564 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/configuration.mobin1067404 -> 1148318 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/contributing.mobin107118 -> 109312 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/installation.mobin102022 -> 102388 bytes
-rw-r--r--docs/_locale/en/LC_MESSAGES/quick-start.mobin19890 -> 22278 bytes
-rw-r--r--docs/_locale/es/404.pot8
-rw-r--r--docs/_locale/es/LC_MESSAGES/404.mobin979 -> 1247 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/automation.mobin38270 -> 40692 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/cli.mobin31126 -> 32332 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/configexamples.mobin131348 -> 135380 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/configuration.mobin1147773 -> 1228687 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/contributing.mobin114847 -> 117041 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/installation.mobin109558 -> 109924 bytes
-rw-r--r--docs/_locale/es/LC_MESSAGES/quick-start.mobin20335 -> 22723 bytes
-rw-r--r--docs/_locale/es/automation.pot130
-rw-r--r--docs/_locale/es/cli.pot48
-rw-r--r--docs/_locale/es/configexamples.pot194
-rw-r--r--docs/_locale/es/configuration.pot5623
-rw-r--r--docs/_locale/es/contributing.pot288
-rw-r--r--docs/_locale/es/copyright.pot4
-rw-r--r--docs/_locale/es/index.pot30
-rw-r--r--docs/_locale/es/installation.pot114
-rw-r--r--docs/_locale/es/quick-start.pot110
-rw-r--r--docs/_locale/ja/404.pot8
-rw-r--r--docs/_locale/ja/LC_MESSAGES/404.mobin917 -> 1185 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/automation.mobin35405 -> 37827 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/cli.mobin29195 -> 30401 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/configexamples.mobin123519 -> 127551 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/configuration.mobin1067391 -> 1148305 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/contributing.mobin107105 -> 109299 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/installation.mobin102009 -> 102375 bytes
-rw-r--r--docs/_locale/ja/LC_MESSAGES/quick-start.mobin19877 -> 22265 bytes
-rw-r--r--docs/_locale/ja/automation.pot130
-rw-r--r--docs/_locale/ja/cli.pot48
-rw-r--r--docs/_locale/ja/configexamples.pot194
-rw-r--r--docs/_locale/ja/configuration.pot5623
-rw-r--r--docs/_locale/ja/contributing.pot288
-rw-r--r--docs/_locale/ja/copyright.pot4
-rw-r--r--docs/_locale/ja/index.pot30
-rw-r--r--docs/_locale/ja/installation.pot114
-rw-r--r--docs/_locale/ja/quick-start.pot110
-rw-r--r--docs/_locale/pt/404.pot8
-rw-r--r--docs/_locale/pt/LC_MESSAGES/404.mobin938 -> 1206 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/automation.mobin35426 -> 37848 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/cli.mobin29216 -> 30422 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/configexamples.mobin123540 -> 127572 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/configuration.mobin1067412 -> 1148326 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/contributing.mobin107126 -> 109320 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/installation.mobin102030 -> 102396 bytes
-rw-r--r--docs/_locale/pt/LC_MESSAGES/quick-start.mobin19898 -> 22286 bytes
-rw-r--r--docs/_locale/pt/automation.pot130
-rw-r--r--docs/_locale/pt/cli.pot48
-rw-r--r--docs/_locale/pt/configexamples.pot194
-rw-r--r--docs/_locale/pt/configuration.pot5623
-rw-r--r--docs/_locale/pt/contributing.pot288
-rw-r--r--docs/_locale/pt/copyright.pot4
-rw-r--r--docs/_locale/pt/index.pot30
-rw-r--r--docs/_locale/pt/installation.pot114
-rw-r--r--docs/_locale/pt/quick-start.pot110
-rw-r--r--docs/_locale/uk/404.pot8
-rw-r--r--docs/_locale/uk/LC_MESSAGES/404.mobin1007 -> 1275 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/automation.mobin35495 -> 37917 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/cli.mobin29285 -> 30491 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/configexamples.mobin123609 -> 127641 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/configuration.mobin1067481 -> 1148395 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/contributing.mobin107195 -> 109389 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/installation.mobin102099 -> 102465 bytes
-rw-r--r--docs/_locale/uk/LC_MESSAGES/quick-start.mobin19967 -> 22355 bytes
-rw-r--r--docs/_locale/uk/automation.pot130
-rw-r--r--docs/_locale/uk/cli.pot48
-rw-r--r--docs/_locale/uk/configexamples.pot194
-rw-r--r--docs/_locale/uk/configuration.pot5623
-rw-r--r--docs/_locale/uk/contributing.pot288
-rw-r--r--docs/_locale/uk/copyright.pot4
-rw-r--r--docs/_locale/uk/index.pot30
-rw-r--r--docs/_locale/uk/installation.pot114
-rw-r--r--docs/_locale/uk/quick-start.pot110
-rw-r--r--docs/_static/css/breadcrumbs.css165
-rw-r--r--docs/_static/css/code-snippets.css233
-rw-r--r--docs/_static/css/configuration/index.css23
-rw-r--r--docs/_static/css/custom.css650
-rw-r--r--docs/_static/css/headers.css134
-rw-r--r--docs/_static/css/hints.css123
-rw-r--r--docs/_static/css/installation/running-on-bare-metal.css11
-rw-r--r--docs/_static/css/leftSidebar.css371
-rw-r--r--docs/_static/css/linkButtons.css57
-rw-r--r--docs/_static/css/lists.css56
-rw-r--r--docs/_static/css/scrolls.css20
-rw-r--r--docs/_static/css/separate-commands.css116
-rw-r--r--docs/_static/css/tables.css231
-rw-r--r--docs/_static/css/text.css120
-rw-r--r--docs/_static/images/IPSec_close_action_settings.jpgbin70253 -> 62330 bytes
-rw-r--r--docs/_static/images/VyOS_Dual-Hub_DMVPN.pngbin0 -> 67747 bytes
-rw-r--r--docs/_static/images/arrow-left.svg3
-rw-r--r--docs/_static/images/arrow-right.svg3
-rw-r--r--docs/_static/images/breadcrumbs-icon.svg3
-rw-r--r--docs/_static/images/check.svg3
-rw-r--r--docs/_static/images/close-sidebar-icon.svg3
-rw-r--r--docs/_static/images/cmnd-link-dollar-icon.svg3
-rw-r--r--docs/_static/images/cmnd-link-icon.svg3
-rw-r--r--docs/_static/images/copy-code-icon.svg4
-rw-r--r--docs/_static/images/github.svg10
-rw-r--r--docs/_static/images/hamburger-icon.svg3
-rw-r--r--docs/_static/images/keypairs.pngbin0 -> 49718 bytes
-rw-r--r--docs/_static/images/lac-lns-diagram.jpgbin0 -> 35665 bytes
-rw-r--r--docs/_static/images/lac-lns-winclient.jpgbin0 -> 90842 bytes
-rw-r--r--docs/_static/images/note-icon.svg5
-rw-r--r--docs/_static/images/sg.pngbin0 -> 31817 bytes
-rw-r--r--docs/_static/images/traffic.pngbin0 -> 36786 bytes
-rw-r--r--docs/_static/images/wireguard_site2site_diagram.jpgbin21630 -> 19987 bytes
-rw-r--r--docs/_static/images/zone-policy-diagram.pngbin126116 -> 113618 bytes
-rw-r--r--docs/_static/js/codecopier.js67
-rw-r--r--docs/_static/js/footer.js92
-rw-r--r--docs/_static/js/sidebar.js162
-rw-r--r--docs/_templates/layout.html28
-rw-r--r--docs/automation/index.rst4
-rw-r--r--docs/automation/terraform/index.rst18
-rw-r--r--docs/automation/terraform/terraformAWS.rst579
-rw-r--r--docs/automation/vyos-terraform.rst1036
-rw-r--r--docs/conf.py4
-rw-r--r--docs/configexamples/index.rst1
-rw-r--r--docs/configexamples/lac-lns.rst169
-rw-r--r--docs/configuration/container/index.rst76
-rw-r--r--docs/configuration/interfaces/pppoe.rst12
-rw-r--r--docs/configuration/pki/index.rst35
-rw-r--r--docs/configuration/service/conntrack-sync.rst4
-rw-r--r--docs/configuration/service/dns.rst198
-rw-r--r--docs/configuration/service/ipoe-server.rst472
-rw-r--r--docs/configuration/service/pppoe-server.rst538
-rw-r--r--docs/configuration/service/router-advert.rst8
-rw-r--r--docs/configuration/system/ip.rst13
-rw-r--r--docs/configuration/system/ipv6.rst13
-rw-r--r--docs/configuration/system/login.rst4
-rw-r--r--docs/configuration/system/option.rst22
-rw-r--r--docs/configuration/trafficpolicy/index.rst2
-rw-r--r--docs/configuration/vpn/ipsec.rst320
-rw-r--r--docs/configuration/vpn/l2tp.rst551
-rw-r--r--docs/configuration/vpn/pptp.rst552
-rw-r--r--docs/configuration/vpn/site2site_ipsec.rst39
-rw-r--r--docs/configuration/vpn/sstp.rst595
-rw-r--r--docs/configuration/vrf/index.rst19
-rw-r--r--docs/copyright.md2
-rw-r--r--docs/quick-start.rst2
164 files changed, 20965 insertions, 19770 deletions
diff --git a/docs/_locale/de/404.pot b/docs/_locale/de/404.pot
index 7ef03f50..57b3b68d 100644
--- a/docs/_locale/de/404.pot
+++ b/docs/_locale/de/404.pot
@@ -25,5 +25,13 @@ msgid "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
msgstr "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
#: ../../404.rst:11
+msgid "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+msgstr "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+
+#: ../../404.rst:12
+msgid "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+msgstr "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+
+#: ../../404.rst:11
msgid "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
msgstr "`Rolling Release (Sagitta) <https://docs.vyos.io/en/latest/>`_"
diff --git a/docs/_locale/de/LC_MESSAGES/404.mo b/docs/_locale/de/LC_MESSAGES/404.mo
index 5cfb6e0c..e992b14f 100644
--- a/docs/_locale/de/LC_MESSAGES/404.mo
+++ b/docs/_locale/de/LC_MESSAGES/404.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/automation.mo b/docs/_locale/de/LC_MESSAGES/automation.mo
index 0c571a2e..cb431fe9 100644
--- a/docs/_locale/de/LC_MESSAGES/automation.mo
+++ b/docs/_locale/de/LC_MESSAGES/automation.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/cli.mo b/docs/_locale/de/LC_MESSAGES/cli.mo
index efb26dae..1722898e 100644
--- a/docs/_locale/de/LC_MESSAGES/cli.mo
+++ b/docs/_locale/de/LC_MESSAGES/cli.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/configexamples.mo b/docs/_locale/de/LC_MESSAGES/configexamples.mo
index 44d8467f..4c237a80 100644
--- a/docs/_locale/de/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/de/LC_MESSAGES/configexamples.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo
index 0bbe8f6c..5d09f4b5 100644
--- a/docs/_locale/de/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/de/LC_MESSAGES/configuration.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/contributing.mo b/docs/_locale/de/LC_MESSAGES/contributing.mo
index 98e048cc..affcbb27 100644
--- a/docs/_locale/de/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/de/LC_MESSAGES/contributing.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/installation.mo b/docs/_locale/de/LC_MESSAGES/installation.mo
index e3d86879..d04f2532 100644
--- a/docs/_locale/de/LC_MESSAGES/installation.mo
+++ b/docs/_locale/de/LC_MESSAGES/installation.mo
Binary files differ
diff --git a/docs/_locale/de/LC_MESSAGES/quick-start.mo b/docs/_locale/de/LC_MESSAGES/quick-start.mo
index 6988da10..c14e354d 100644
--- a/docs/_locale/de/LC_MESSAGES/quick-start.mo
+++ b/docs/_locale/de/LC_MESSAGES/quick-start.mo
Binary files differ
diff --git a/docs/_locale/de/automation.pot b/docs/_locale/de/automation.pot
index 6d0be2c4..efd67b47 100644
--- a/docs/_locale/de/automation.pot
+++ b/docs/_locale/de/automation.pot
@@ -32,22 +32,30 @@ msgstr "**user-data**: includes vyos-commands."
msgid "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
msgstr "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
-#: ../../automation/vyos-api.rst:285
+#: ../../automation/vyos-api.rst:322
msgid "/config-file"
msgstr "/config-file"
-#: ../../automation/vyos-api.rst:228
+#: ../../automation/vyos-api.rst:265
msgid "/configure"
msgstr "/configure"
-#: ../../automation/vyos-api.rst:209
+#: ../../automation/vyos-api.rst:246
msgid "/generate"
msgstr "/generate"
-#: ../../automation/vyos-api.rst:147
+#: ../../automation/vyos-api.rst:184
msgid "/image"
msgstr "/image"
+#: ../../automation/vyos-api.rst:165
+msgid "/poweroff"
+msgstr "/poweroff"
+
+#: ../../automation/vyos-api.rst:147
+msgid "/reboot"
+msgstr "/reboot"
+
#: ../../automation/vyos-api.rst:129
msgid "/reset"
msgstr "/reset"
@@ -56,7 +64,7 @@ msgstr "/reset"
msgid "/retrieve"
msgstr "/retrieve"
-#: ../../automation/vyos-api.rst:185
+#: ../../automation/vyos-api.rst:222
msgid "/show"
msgstr "/show"
@@ -178,6 +186,34 @@ msgstr "Configuration"
msgid "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
msgstr "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
+#: ../../automation/vyos-pyvyos.rst:94
+msgid "Configure, then Delete Object"
+msgstr "Configure, then Delete Object"
+
+#: ../../automation/vyos-pyvyos.rst:141
+msgid "Configure, then Load File"
+msgstr "Configure, then Load File"
+
+#: ../../automation/vyos-pyvyos.rst:101
+msgid "Configure, then Save"
+msgstr "Configure, then Save"
+
+#: ../../automation/vyos-pyvyos.rst:108
+msgid "Configure, then Save File"
+msgstr "Configure, then Save File"
+
+#: ../../automation/vyos-pyvyos.rst:68
+msgid "Configure, then Set"
+msgstr "Configure, then Set"
+
+#: ../../automation/vyos-pyvyos.rst:85
+msgid "Configure, then Show Object"
+msgstr "Configure, then Show Object"
+
+#: ../../automation/vyos-pyvyos.rst:77
+msgid "Configure, then Show a Single Object Value"
+msgstr "Configure, then Show a Single Object Value"
+
#: ../../automation/vyos-napalm.rst:89
msgid "Content of commands.conf"
msgstr "Content of commands.conf"
@@ -258,7 +294,7 @@ msgstr "For configuration and enabling the API see :ref:`http-api`"
msgid "For example, get the addresses of a ``dum0`` interface."
msgstr "For example, get the addresses of a ``dum0`` interface."
-#: ../../automation/vyos-api.rst:189
+#: ../../automation/vyos-api.rst:226
msgid "For example, show which images are installed."
msgstr "For example, show which images are installed."
@@ -270,10 +306,18 @@ msgstr "For more information on the NoCloud data source, visit its `page <https:
msgid "From cli or GUI, power on VM, and after it boots, verify configuration"
msgstr "From cli or GUI, power on VM, and after it boots, verify configuration"
+#: ../../automation/vyos-pyvyos.rst:123
+msgid "Generate Object"
+msgstr "Generate Object"
+
#: ../../automation/cloud-init.rst:268
msgid "Generate qcow image"
msgstr "Generate qcow image"
+#: ../../automation/vyos-pyvyos.rst:24
+msgid "Getting Started"
+msgstr "Getting Started"
+
#: ../../automation/command-scripting.rst:82
msgid "Here is a simple example:"
msgstr "Here is a simple example:"
@@ -306,6 +350,10 @@ msgstr "If you need to gather information from linux commands to configure VyOS,
msgid "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
msgstr "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
+#: ../../automation/vyos-pyvyos.rst:27
+msgid "Importing and Disabling Warnings for verify=False"
+msgstr "Importing and Disabling Warnings for verify=False"
+
#: ../../automation/cloud-init.rst:298
msgid "In Proxmox server three files are going to be used for this setup:"
msgstr "In Proxmox server three files are going to be used for this setup:"
@@ -326,6 +374,10 @@ msgstr "In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G.
msgid "Initial Configuration"
msgstr "Initial Configuration"
+#: ../../automation/vyos-pyvyos.rst:47
+msgid "Initializing a VyDevice Object"
+msgstr "Initializing a VyDevice Object"
+
#: ../../automation/cloud-init.rst:180
msgid "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
msgstr "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
@@ -334,6 +386,10 @@ msgstr "Injecting configuration data is not limited to cloud platforms. Users ca
msgid "Install ``napalm-vyos`` module"
msgstr "Install ``napalm-vyos`` module"
+#: ../../automation/vyos-pyvyos.rst:15
+msgid "Installation"
+msgstr "Installation"
+
#: ../../automation/vyos-salt.rst:98
msgid "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
msgstr "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
@@ -451,6 +507,14 @@ msgstr "Proxmox IP address: **192.168.0.253/24**"
msgid "Proxmox `Cloud-init-Support`_."
msgstr "Proxmox `Cloud-init-Support`_."
+#: ../../automation/vyos-pyvyos.rst:6
+msgid "PyVyOS"
+msgstr "PyVyOS"
+
+#: ../../automation/vyos-pyvyos.rst:8
+msgid "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+msgstr "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+
#: ../../automation/cloud-init.rst:416
msgid "References"
msgstr "References"
@@ -459,6 +523,10 @@ msgstr "References"
msgid "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
msgstr "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
+#: ../../automation/vyos-pyvyos.rst:132
+msgid "Reset Object"
+msgstr "Reset Object"
+
#: ../../automation/vyos-ansible.rst:80
msgid "Run ansible"
msgstr "Run ansible"
@@ -487,11 +555,11 @@ msgstr "Salt"
msgid "Salt master configuration:"
msgstr "Salt master configuration:"
-#: ../../automation/vyos-api.rst:307
+#: ../../automation/vyos-api.rst:344
msgid "Save a running configuration to a file."
msgstr "Save a running configuration to a file."
-#: ../../automation/vyos-api.rst:289
+#: ../../automation/vyos-api.rst:326
msgid "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
msgstr "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
@@ -503,6 +571,10 @@ msgstr "Script vyos-napalm.py"
msgid "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
msgstr "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
+#: ../../automation/vyos-pyvyos.rst:115
+msgid "Show Object"
+msgstr "Show Object"
+
#: ../../automation/command-scripting.rst:52
msgid "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
msgstr "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
@@ -523,7 +595,7 @@ msgstr "Structure of files"
msgid "System Defaults/Fallbacks"
msgstr "System Defaults/Fallbacks"
-#: ../../automation/vyos-api.rst:264
+#: ../../automation/vyos-api.rst:301
msgid "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
msgstr "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
@@ -535,11 +607,11 @@ msgstr "The ``/config/scripts/vyos-postconfig-bootup.script`` script is called o
msgid "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
msgstr "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
-#: ../../automation/vyos-api.rst:187
+#: ../../automation/vyos-api.rst:224
msgid "The ``/show`` endpoint is to show everything in the operational mode."
msgstr "The ``/show`` endpoint is to show everything in the operational mode."
-#: ../../automation/vyos-api.rst:211
+#: ../../automation/vyos-api.rst:248
msgid "The ``generate`` endpoint run a ``generate`` command."
msgstr "The ``generate`` endpoint run a ``generate`` command."
@@ -568,7 +640,7 @@ msgstr "The default file looks like this:"
msgid "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
msgstr "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
-#: ../../automation/vyos-api.rst:287
+#: ../../automation/vyos-api.rst:324
msgid "The endpoint ``/config-file`` is to save or load a configuration."
msgstr "The endpoint ``/config-file`` is to save or load a configuration."
@@ -604,11 +676,11 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
msgstr "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
-#: ../../automation/vyos-api.rst:323
+#: ../../automation/vyos-api.rst:360
msgid "To Load a configuration file."
msgstr "To Load a configuration file."
-#: ../../automation/vyos-api.rst:149
+#: ../../automation/vyos-api.rst:186
msgid "To add or delete an image, use the ``/image`` endpoint."
msgstr "To add or delete an image, use the ``/image`` endpoint."
@@ -624,6 +696,10 @@ msgstr "To get the whole configuration, pass an empty list to the ``path`` field
msgid "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
msgstr "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
+#: ../../automation/vyos-api.rst:149
+msgid "To initiate a reboot use the ``reboot`` endpoint."
+msgstr "To initiate a reboot use the ``reboot`` endpoint."
+
#: ../../automation/command-scripting.rst:128
msgid "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
msgstr "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
@@ -632,6 +708,10 @@ msgstr "To make sure that a script is not accidentally called without the ``vyat
msgid "To only get a part of the configuration, for example ``system syslog``."
msgstr "To only get a part of the configuration, for example ``system syslog``."
+#: ../../automation/vyos-api.rst:167
+msgid "To power off the system use the ``poweroff`` endpoint."
+msgstr "To power off the system use the ``poweroff`` endpoint."
+
#: ../../automation/cloud-init.rst:223
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -648,6 +728,14 @@ msgstr "User-data"
msgid "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
msgstr "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
+#: ../../automation/vyos-pyvyos.rst:35
+msgid "Using API Response Class"
+msgstr "Using API Response Class"
+
+#: ../../automation/vyos-pyvyos.rst:65
+msgid "Using PyVyOS"
+msgstr "Using PyVyOS"
+
#: ../../automation/cloud-init.rst:373
msgid "VM ID: in this example, VM ID used is 555."
msgstr "VM ID: in this example, VM ID used is 555."
@@ -736,11 +824,15 @@ msgstr "Without proxy it requires VyOS minion configuration and support op-mode
msgid "Without proxy it requires VyOS minion configuration and supports op-mode data:"
msgstr "Without proxy it requires VyOS minion configuration and supports op-mode data:"
-#: ../../automation/vyos-api.rst:230
+#: ../../automation/vyos-pyvyos.rst:17
+msgid "You can install PyVyOS using pip:"
+msgstr "You can install PyVyOS using pip:"
+
+#: ../../automation/vyos-api.rst:267
msgid "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
msgstr "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
-#: ../../automation/vyos-api.rst:249
+#: ../../automation/vyos-api.rst:286
msgid "``delete`` a single command"
msgstr "``delete`` a single command"
@@ -748,7 +840,7 @@ msgstr "``delete`` a single command"
msgid "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
msgstr "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
-#: ../../automation/vyos-api.rst:233
+#: ../../automation/vyos-api.rst:270
msgid "``set`` a single command"
msgstr "``set`` a single command"
@@ -764,7 +856,7 @@ msgstr "``vyos``/``vyos`` credentials if no others specified by data source."
msgid "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
msgstr "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
-#: ../../automation/vyos-api.rst:151
+#: ../../automation/vyos-api.rst:188
msgid "add an image"
msgstr "add an image"
@@ -784,7 +876,7 @@ msgstr "cloud-init logs to /var/log/cloud-init.log. This file can be helpful in
msgid "commands.txt"
msgstr "commands.txt"
-#: ../../automation/vyos-api.rst:168
+#: ../../automation/vyos-api.rst:205
msgid "delete an image, for example ``1.3-rolling-202006070117``"
msgstr "delete an image, for example ``1.3-rolling-202006070117``"
diff --git a/docs/_locale/de/cli.pot b/docs/_locale/de/cli.pot
index 06a89458..8f272347 100644
--- a/docs/_locale/de/cli.pot
+++ b/docs/_locale/de/cli.pot
@@ -124,15 +124,19 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to `
msgid "Get a collection of all the set commands required which led to the running configuration."
msgstr "Get a collection of all the set commands required which led to the running configuration."
-#: ../../cli.rst:930
+#: ../../cli.rst:933
msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
-#: ../../cli.rst:916
+#: ../../cli.rst:919
msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
#: ../../cli.rst:413
+msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+
+#: ../../cli.rst:413
msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
@@ -168,7 +172,7 @@ msgstr "Remote Archive"
msgid "Rename a configuration element."
msgstr "Rename a configuration element."
-#: ../../cli.rst:914
+#: ../../cli.rst:917
msgid "Restore Default"
msgstr "Restore Default"
@@ -184,7 +188,7 @@ msgstr "Rollback Changes"
msgid "Rollback to revision N (currently requires reboot)"
msgstr "Rollback to revision N (currently requires reboot)"
-#: ../../cli.rst:881
+#: ../../cli.rst:884
msgid "Saving and loading manually"
msgstr "Saving and loading manually"
@@ -244,11 +248,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:
msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
-#: ../../cli.rst:869
+#: ../../cli.rst:872
msgid "The number of revisions don't affect the commit-archive."
msgstr "The number of revisions don't affect the commit-archive."
-#: ../../cli.rst:927
+#: ../../cli.rst:930
msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
@@ -280,7 +284,7 @@ msgstr "To remove an existing comment from your current configuration, specify a
msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
-#: ../../cli.rst:892
+#: ../../cli.rst:895
msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
@@ -352,7 +356,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper
msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
-#: ../../cli.rst:886
+#: ../../cli.rst:889
msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
@@ -364,6 +368,10 @@ msgstr "When viewing in page mode the following commands are available:"
msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+#: ../../cli.rst:370
+msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+
#: ../../cli.rst:618
msgid "You can also rename config subtrees:"
msgstr "You can also rename config subtrees:"
@@ -384,15 +392,15 @@ msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down wit
msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
-#: ../../cli.rst:883
+#: ../../cli.rst:886
msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
-#: ../../cli.rst:871
+#: ../../cli.rst:874
msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
-#: ../../cli.rst:924
+#: ../../cli.rst:927
msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
@@ -404,6 +412,18 @@ msgstr "``b`` will scroll back one page"
msgid "``ftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``ftp://<user>:<passwd>@<host>/<dir>``"
+#: ../../cli.rst:870
+msgid "``git+https://<user>:<passwd>@<host>/<path>``"
+msgstr "``git+https://<user>:<passwd>@<host>/<path>``"
+
+#: ../../cli.rst:864
+msgid "``http://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``http://<user>:<passwd>@<host>:/<dir>``"
+
+#: ../../cli.rst:865
+msgid "``https://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``https://<user>:<passwd>@<host>:/<dir>``"
+
#: ../../cli.rst:71
msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
@@ -416,11 +436,11 @@ msgstr "``q`` key can be used to cancel output"
msgid "``return`` will scroll down one line"
msgstr "``return`` will scroll down one line"
-#: ../../cli.rst:864
+#: ../../cli.rst:868
msgid "``scp://<user>:<passwd>@<host>:/<dir>``"
msgstr "``scp://<user>:<passwd>@<host>:/<dir>``"
-#: ../../cli.rst:865
+#: ../../cli.rst:867
msgid "``sftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
@@ -428,7 +448,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
msgid "``space`` will scroll down one page"
msgstr "``space`` will scroll down one page"
-#: ../../cli.rst:867
+#: ../../cli.rst:869
msgid "``tftp://<host>/<dir>``"
msgstr "``tftp://<host>/<dir>``"
diff --git a/docs/_locale/de/configexamples.pot b/docs/_locale/de/configexamples.pot
index 22c08587..d7dd346f 100644
--- a/docs/_locale/de/configexamples.pot
+++ b/docs/_locale/de/configexamples.pot
@@ -211,22 +211,18 @@ msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them."
msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them."
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
msgid "64496:1"
msgstr "64496:1"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
msgid "64496:100"
msgstr "64496:100"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
msgid "64496:2"
msgstr "64496:2"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
msgid "64496:50"
msgstr "64496:50"
@@ -276,7 +272,7 @@ msgstr "A brief excursion into VRFs: This has been one of the longest-standing f
msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
-#: ../../configexamples/index.rst:35
+#: ../../configexamples/index.rst:37
msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
@@ -322,10 +318,22 @@ msgstr "Active Directory on Windows server"
msgid "Add (temporary) default route"
msgstr "Add (temporary) default route"
+#: ../../configexamples/ansible.rst:73
+msgid "Add all the hosts of VyOS:"
+msgstr "Add all the hosts of VyOS:"
+
+#: ../../configexamples/ansible.rst:85
+msgid "Add general variables:"
+msgstr "Add general variables:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47
msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
+#: ../../configexamples/ansible.rst:99
+msgid "Add the simple playbook with the tasks for each router:"
+msgstr "Add the simple playbook with the tasks for each router:"
+
#: ../../configexamples/wan-load-balancing.rst:167
msgid "Adding a rule for the second interface"
msgstr "Adding a rule for the second interface"
@@ -426,11 +434,15 @@ msgstr "And show all DHCP Leases"
msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig."
msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig."
-#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None
-#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None
+#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1
msgid "Ansible Example topology image"
msgstr "Ansible Example topology image"
+#: ../../configexamples/ansible.rst:7
+msgid "Ansible example"
+msgstr "Ansible example"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10
msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
@@ -559,6 +571,10 @@ msgstr "Basic Firewall"
msgid "Basic Setup (via console)"
msgstr "Basic Setup (via console)"
+#: ../../configexamples/ansible.rst:64
+msgid "Basik configuration of the ansible.cfg:"
+msgstr "Basik configuration of the ansible.cfg:"
+
#: ../../configexamples/qos.rst:74
msgid "Before the interface eth0 on router VyOS3"
msgstr "Before the interface eth0 on router VyOS3"
@@ -611,6 +627,14 @@ msgstr "Check the result"
msgid "Check the result."
msgstr "Check the result."
+#: ../../configexamples/ansible.rst:142
+msgid "Check the result on the vyos10 router:"
+msgstr "Check the result on the vyos10 router:"
+
+#: ../../configexamples/ansible.rst:51
+msgid "Check the version:"
+msgstr "Check the version:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164
msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
@@ -619,6 +643,10 @@ msgstr "Checking the routing table of the VRF should reveal both static and conn
msgid "Checking through op-mode commands"
msgstr "Checking through op-mode commands"
+#: ../../configexamples/site-2-site-cisco.rst:71
+msgid "Cisco"
+msgstr "Cisco"
+
#: ../../configexamples/ha.rst:90
msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
@@ -652,6 +680,7 @@ msgstr "Conclusions"
#: ../../configexamples/ospf-unnumbered.rst:12
#: ../../configexamples/policy-based-ipsec-and-firewall.rst:47
#: ../../configexamples/segment-routing-isis.rst:24
+#: ../../configexamples/site-2-site-cisco.rst:18
msgid "Configuration"
msgstr "Configuration"
@@ -675,7 +704,7 @@ msgstr "Configuration 'dcsp' and shaper using QoS"
msgid "Configuration Blueprints"
msgstr "Configuration Blueprints"
-#: ../../configexamples/index.rst:28
+#: ../../configexamples/index.rst:30
msgid "Configuration Blueprints (autotest)"
msgstr "Configuration Blueprints (autotest)"
@@ -856,7 +885,7 @@ msgstr "Dynamic routing used between CE and PE nodes and eBGP peering establishe
msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
-#: ../../configexamples/index.rst:32
+#: ../../configexamples/index.rst:34
msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
@@ -962,6 +991,10 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman
msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
+#: ../../configexamples/site-2-site-cisco.rst:9
+msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+
#: ../../configexamples/ha.rst:60
msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
@@ -998,6 +1031,10 @@ msgstr "From Management to Outside (fails as intended)"
msgid "Full configuration from all devices"
msgstr "Full configuration from all devices"
+#: ../../configexamples/site-2-site-cisco.rst:23
+msgid "GRE:"
+msgstr "GRE:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19
msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
@@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:"
msgid "IP Schema"
msgstr "IP Schema"
+#: ../../configexamples/site-2-site-cisco.rst:34
+msgid "IPsec:"
+msgstr "IPsec:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85
msgid "IPv4 Network"
msgstr "IPv4 Network"
@@ -1171,6 +1212,10 @@ msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS sys
msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
+#: ../../configexamples/ansible.rst:216
+msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+
#: ../../configexamples/ha.rst:154
msgid "In this case, the hardware router has a different IP, so it would be"
msgstr "In this case, the hardware router has a different IP, so it would be"
@@ -1191,6 +1236,10 @@ msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream
msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
+#: ../../configexamples/ansible.rst:12
+msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42
msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication."
msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication."
@@ -1215,6 +1264,14 @@ msgstr "Information about Ethernet Virtual Private Networks"
msgid "Information about prefix-sid and label-operation from VyOS"
msgstr "Information about prefix-sid and label-operation from VyOS"
+#: ../../configexamples/ansible.rst:37
+msgid "Install the Ansible:"
+msgstr "Install the Ansible:"
+
+#: ../../configexamples/ansible.rst:44
+msgid "Install the paramiko:"
+msgstr "Install the paramiko:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3
msgid "Inter-VRF Routing over VRF Lite"
msgstr "Inter-VRF Routing over VRF Lite"
@@ -1276,7 +1333,7 @@ msgstr "Keep networks isolated is -in general- a good principle, but there are c
msgid "L3VPN EVPN with VyOS"
msgstr "L3VPN EVPN with VyOS"
-#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None
+#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1
msgid "L3VPN EVPN with VyOS topology image"
msgstr "L3VPN EVPN with VyOS topology image"
@@ -1403,29 +1460,14 @@ msgstr "Network Cabling"
msgid "Network Topology"
msgstr "Network Topology"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None
-#: ../../configexamples/l3vpn-hub-and-spoke.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/pppoe-ipv6-basic.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/zone-policy.rst:None
+#: ../../configexamples/ansible.rst:-1
+#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1
+#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1
+#: ../../configexamples/nmp.rst:-1
+#: ../../configexamples/pppoe-ipv6-basic.rst:-1
+#: ../../configexamples/qos.rst:-1
+#: ../../configexamples/wan-load-balancing.rst:-1
+#: ../../configexamples/zone-policy.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -1457,7 +1499,7 @@ msgstr "Node"
msgid "Note that router1 is a VM that runs on one of the compute nodes."
msgstr "Note that router1 is a VM that runs on one of the compute nodes."
-#: ../../configexamples/pppoe-ipv6-basic.rst:111
+#: ../../configexamples/pppoe-ipv6-basic.rst:115
msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
@@ -1554,7 +1596,7 @@ msgstr "One cable/logical connection between LAN2 and Management"
msgid "OpenVPN with LDAP"
msgstr "OpenVPN with LDAP"
-#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None
+#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1
msgid "OpenVPN with LDAP topology image"
msgstr "OpenVPN with LDAP topology image"
@@ -1793,6 +1835,10 @@ msgstr "Sets your LAN interface's IP address"
msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
+#: ../../configexamples/ansible.rst:10
+msgid "Setting up Ansible on a server running the Debian operating system."
+msgstr "Setting up Ansible on a server running the Debian operating system."
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51
msgid "Setup the ipv6 default route to the tunnel interface"
msgstr "Setup the ipv6 default route to the tunnel interface"
@@ -1809,6 +1855,10 @@ msgstr "Similarly, to attach the firewall, you would use `set interfaces etherne
msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
+#: ../../configexamples/site-2-site-cisco.rst:128
+msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+
#: ../../configexamples/zone-policy.rst:236
msgid "Since we have 4 zones, we need to setup the following rulesets."
msgstr "Since we have 4 zones, we need to setup the following rulesets."
@@ -1821,6 +1871,10 @@ msgstr "Single LAN Setup"
msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
+#: ../../configexamples/site-2-site-cisco.rst:4
+msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179
msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
@@ -1838,6 +1892,10 @@ msgstr "Spoke"
msgid "Start by setting the interface and default action for each zone."
msgstr "Start by setting the interface and default action for each zone."
+#: ../../configexamples/ansible.rst:122
+msgid "Start the playbook:"
+msgstr "Start the playbook:"
+
#: ../../configexamples/zone-policy.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
@@ -1909,6 +1967,11 @@ msgstr "Testdate: 2023-05-11"
msgid "Testdate: 2023-08-31"
msgstr "Testdate: 2023-08-31"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7
+msgid "Testdate: 2024-01-13"
+msgstr "Testdate: 2024-01-13"
+
#: ../../configexamples/ha.rst:276
#: ../../configexamples/ha.rst:337
msgid "Testing"
@@ -1979,7 +2042,11 @@ msgstr "The format of these addresses:"
msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
-#: ../../configexamples/index.rst:30
+#: ../../configexamples/site-2-site-cisco.rst:14
+msgid "The lab was built using EVE-NG."
+msgstr "The lab was built using EVE-NG."
+
+#: ../../configexamples/index.rst:32
msgid "The next pages contains automatic full tested configuration examples."
msgstr "The next pages contains automatic full tested configuration examples."
@@ -1987,7 +2054,7 @@ msgstr "The next pages contains automatic full tested configuration examples."
msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
-#: ../../configexamples/index.rst:38
+#: ../../configexamples/index.rst:40
msgid "The process will do the following steps:"
msgstr "The process will do the following steps:"
@@ -1999,6 +2066,10 @@ msgstr "The scope of this document is to cover such cases in a dynamic way witho
msgid "The setup used in this example is shown in the following diagram:"
msgstr "The setup used in this example is shown in the following diagram:"
+#: ../../configexamples/ansible.rst:161
+msgid "The simple way without configuration of the hostname (one task for all routers):"
+msgstr "The simple way without configuration of the hostname (one task for all routers):"
+
#: ../../configexamples/ha.rst:339
msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
@@ -2079,6 +2150,10 @@ msgstr "This example uses the failover mode."
msgid "This gives us MPLS segment routing enabled and labels forwarding :"
msgstr "This gives us MPLS segment routing enabled and labels forwarding :"
+#: ../../configexamples/site-2-site-cisco.rst:6
+msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+
#: ../../configexamples/azure-vpn-dual-bgp.rst:8
msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
@@ -2196,7 +2271,7 @@ msgstr "Transport:"
msgid "Tunnelbroker.net (IPv6)"
msgstr "Tunnelbroker.net (IPv6)"
-#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1
msgid "Tunnelbroker topology image"
msgstr "Tunnelbroker topology image"
@@ -2212,6 +2287,7 @@ msgstr "Two rules will be created, the first rule directs traffic coming in from
msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
+#: ../../configexamples/ansible.rst:15
#: ../../configexamples/qos.rst:16
msgid "Using the general schema for example:"
msgstr "Using the general schema for example:"
@@ -2245,6 +2321,7 @@ msgstr "VRRP Configuration"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829
+#: ../../configexamples/site-2-site-cisco.rst:134
msgid "Verification"
msgstr "Verification"
@@ -2264,9 +2341,18 @@ msgid "Version: 1.4-rolling-202308240020"
msgstr "Version: 1.4-rolling-202308240020"
#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8
+msgid "Version: 1.5-rolling-202401121239"
+msgstr "Version: 1.5-rolling-202401121239"
+
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
msgid "Version: vyos-1.4-rolling-202302150317"
msgstr "Version: vyos-1.4-rolling-202302150317"
+#: ../../configexamples/site-2-site-cisco.rst:21
+msgid "VyOS"
+msgstr "VyOS"
+
#: ../../configexamples/l3vpn-hub-and-spoke.rst:1025
msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
@@ -2434,6 +2520,10 @@ msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF t
msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
+#: ../../configexamples/ansible.rst:22
+msgid "We have four pre-configured routers with this configuration:"
+msgstr "We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/zone-policy.rst:25
msgid "We have three networks."
msgstr "We have three networks."
@@ -2623,15 +2713,15 @@ msgstr "compute3 - Port 11 of each switch"
msgid "compute3 (VMware ESXi 6.5)"
msgstr "compute3 (VMware ESXi 6.5)"
-#: ../../configexamples/index.rst:41
+#: ../../configexamples/index.rst:43
msgid "configure each host in the lab"
msgstr "configure each host in the lab"
-#: ../../configexamples/index.rst:40
+#: ../../configexamples/index.rst:42
msgid "create the lab on a eve-ng server"
msgstr "create the lab on a eve-ng server"
-#: ../../configexamples/index.rst:42
+#: ../../configexamples/index.rst:44
msgid "do some defined tests"
msgstr "do some defined tests"
@@ -2652,7 +2742,7 @@ msgstr "extended community and remote label of specific destination"
msgid "first the PCA"
msgstr "first the PCA"
-#: ../../configexamples/index.rst:44
+#: ../../configexamples/index.rst:46
msgid "generate the documentation and include files"
msgstr "generate the documentation and include files"
@@ -2664,7 +2754,7 @@ msgstr "green uses local routing table id and VNI 4000"
msgid "information between PE and CE:"
msgstr "information between PE and CE:"
-#: ../../configexamples/index.rst:43
+#: ../../configexamples/index.rst:45
msgid "optional do an upgrade to a higher version and do step 3 again."
msgstr "optional do an upgrade to a higher version and do step 3 again."
@@ -2680,7 +2770,7 @@ msgstr "router2 (Random 1RU machine with 4 NICs)"
msgid "save the output to a file and import it in nearly all openvpn clients."
msgstr "save the output to a file and import it in nearly all openvpn clients."
-#: ../../configexamples/index.rst:45
+#: ../../configexamples/index.rst:47
msgid "shutdown and destroy the lab, if there is no error"
msgstr "shutdown and destroy the lab, if there is no error"
@@ -2700,6 +2790,22 @@ msgstr "switch2 (Nexus 10gb Switch)"
msgid "v6 pairs would be:"
msgstr "v6 pairs would be:"
+#: ../../configexamples/ansible.rst:34
+msgid "vyos10 - 192.0.2.108"
+msgstr "vyos10 - 192.0.2.108"
+
+#: ../../configexamples/ansible.rst:31
+msgid "vyos7 - 192.0.2.105"
+msgstr "vyos7 - 192.0.2.105"
+
+#: ../../configexamples/ansible.rst:32
+msgid "vyos8 - 192.0.2.106"
+msgstr "vyos8 - 192.0.2.106"
+
+#: ../../configexamples/ansible.rst:33
+msgid "vyos9 - 192.0.2.107"
+msgstr "vyos9 - 192.0.2.107"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571
msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot
index df607936..cc30affb 100644
--- a/docs/_locale/de/configuration.pot
+++ b/docs/_locale/de/configuration.pot
@@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag"
msgid "\"Other configuration\" flag"
msgstr "\"Other configuration\" flag"
+#: ../../configuration/firewall/flowtables.rst:5
+msgid "###################ä############# Flowtables Firewall Configuration #################################"
+msgstr "###################ä############# Flowtables Firewall Configuration #################################"
+
#: ../../configuration/protocols/babel.rst:146
msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
@@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic."
msgid "**Apply the traffic policy to an interface ingress or egress**."
msgstr "**Apply the traffic policy to an interface ingress or egress**."
+#: ../../configuration/firewall/index.rst:22
+msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+
+#: ../../configuration/firewall/index.rst:23
+msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+
#: ../../configuration/interfaces/tunnel.rst:137
msgid "**Cisco IOS Router:**"
msgstr "**Cisco IOS Router:**"
-#: ../../configuration/service/pppoe-server.rst:69
+#: ../../configuration/service/pppoe-server.rst:66
msgid "**Client IP address via IP range definition**"
msgstr "**Client IP address via IP range definition**"
@@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**"
msgid "**Cluster-List length check**"
msgstr "**Cluster-List length check**"
+#: ../../configuration/firewall/index.rst:35
+msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+
#: ../../configuration/trafficpolicy/index.rst:30
msgid "**Create a traffic policy**."
msgstr "**Create a traffic policy**."
+#: ../../configuration/interfaces/wwan.rst:53
#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021q.txt:97
#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../configuration/interfaces/wwan.rst:53
msgid "**DHCP(v6)**"
msgstr "**DHCP(v6)**"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
msgid "**DHCPv6 Prefix Delegation (PD)**"
msgstr "**DHCPv6 Prefix Delegation (PD)**"
+#: ../../configuration/firewall/index.rst:41
+msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/firewall/index.rst:43
+msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/index.rst:44
+msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/bridge.rst:9
+#: ../../configuration/firewall/flowtables.rst:9
+msgid "**Documentation under development**"
+msgstr "**Documentation under development**"
+
#: ../../configuration/trafficpolicy/index.rst:169
msgid "**Ethernet (protocol, destination address or source address)**"
msgstr "**Ethernet (protocol, destination address or source address)**"
-#: ../../configuration/service/dhcp-server.rst:235
-#: ../../configuration/service/dhcp-server.rst:657
-#: ../../configuration/service/dhcp-server.rst:694
+#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/service/dhcp-server.rst:587
+#: ../../configuration/service/dhcp-server.rst:626
msgid "**Example:**"
msgstr "**Example:**"
@@ -177,10 +182,30 @@ msgstr "**External check**"
msgid "**Firewall mark**"
msgstr "**Firewall mark**"
-#: ../../configuration/firewall/index.rst:41
+#: ../../configuration/firewall/flowtables.rst:51
+msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+
+#: ../../configuration/firewall/index.rst:152
msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
+#: ../../configuration/firewall/index.rst:58
+msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:86
+msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/index.rst:87
+msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/flowtables.rst:83
+msgid "**Hardware offload:** should be supported by the NICs used."
+msgstr "**Hardware offload:** should be supported by the NICs used."
+
#: ../../configuration/protocols/bgp.rst:94
msgid "**IGP cost check**"
msgstr "**IGP cost check**"
@@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr
msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vor 1.4-Rolling-YYYYMMDDHHMM gültig"
+#: ../../configuration/firewall/ipv4.rst:60
+#: ../../configuration/firewall/ipv6.rst:60
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+
+#: ../../configuration/firewall/bridge.rst:143
+#: ../../configuration/firewall/ipv4.rst:190
+#: ../../configuration/firewall/ipv6.rst:190
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+
#: ../../configuration/firewall/general.rst:72
msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für eine Kette nicht definiert ist, ist die Standardaktion für diese Kette auf ** accept** gesetzt. Nur für benutzerdefinierte Ketten ist die Standardaktion auf **drop** gesetzt."
@@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term
msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
+#: ../../configuration/firewall/index.rst:48
+msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:49
+msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/trafficpolicy/index.rst:170
msgid "**Interface name**"
msgstr "**Interface name**"
-#: ../../configuration/vpn/site2site_ipsec.rst:299
+#: ../../configuration/vpn/site2site_ipsec.rst:303
msgid "**LEFT**"
msgstr "**LEFT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:283
+#: ../../configuration/vpn/site2site_ipsec.rst:287
msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
-#: ../../configuration/interfaces/vxlan.rst:214
+#: ../../configuration/firewall/bridge.rst:48
+msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+
+#: ../../configuration/interfaces/vxlan.rst:235
msgid "**Leaf2 configuration:**"
msgstr "**Leaf2 configuration:**"
-#: ../../configuration/interfaces/vxlan.rst:239
+#: ../../configuration/interfaces/vxlan.rst:260
msgid "**Leaf3 configuration:**"
msgstr "**Leaf3 configuration:**"
@@ -261,33 +309,33 @@ msgstr "**MED check**"
msgid "**Multi-path check**"
msgstr "**Multi-path check**"
-#: ../../configuration/protocols/bgp.rst:1192
+#: ../../configuration/protocols/bgp.rst:1193
msgid "**Node1:**"
msgstr "**Node1:**"
-#: ../../configuration/protocols/bgp.rst:1220
+#: ../../configuration/protocols/bgp.rst:1221
msgid "**Node2:**"
msgstr "**Node2:**"
#: ../../configuration/protocols/ospf.rst:840
#: ../../configuration/protocols/ospf.rst:913
#: ../../configuration/protocols/ospf.rst:985
-#: ../../configuration/protocols/ospf.rst:1348
+#: ../../configuration/protocols/ospf.rst:1350
#: ../../configuration/protocols/segment-routing.rst:281
msgid "**Node 1**"
msgstr "**Node 1**"
#: ../../configuration/protocols/babel.rst:192
-#: ../../configuration/protocols/bgp.rst:1102
-#: ../../configuration/protocols/bgp.rst:1129
-#: ../../configuration/protocols/bgp.rst:1147
-#: ../../configuration/protocols/bgp.rst:1175
-#: ../../configuration/protocols/isis.rst:313
-#: ../../configuration/protocols/isis.rst:388
-#: ../../configuration/protocols/isis.rst:429
-#: ../../configuration/protocols/isis.rst:467
+#: ../../configuration/protocols/bgp.rst:1103
+#: ../../configuration/protocols/bgp.rst:1130
+#: ../../configuration/protocols/bgp.rst:1148
+#: ../../configuration/protocols/bgp.rst:1176
+#: ../../configuration/protocols/isis.rst:341
+#: ../../configuration/protocols/isis.rst:416
+#: ../../configuration/protocols/isis.rst:457
+#: ../../configuration/protocols/isis.rst:495
#: ../../configuration/protocols/ospf.rst:948
-#: ../../configuration/protocols/ospf.rst:1318
+#: ../../configuration/protocols/ospf.rst:1320
#: ../../configuration/protocols/rip.rst:243
#: ../../configuration/protocols/segment-routing.rst:195
msgid "**Node 1:**"
@@ -296,20 +344,20 @@ msgstr "**Node 1:**"
#: ../../configuration/protocols/ospf.rst:850
#: ../../configuration/protocols/ospf.rst:930
#: ../../configuration/protocols/ospf.rst:1001
-#: ../../configuration/protocols/ospf.rst:1363
+#: ../../configuration/protocols/ospf.rst:1365
#: ../../configuration/protocols/segment-routing.rst:296
msgid "**Node 2**"
msgstr "**Node 2**"
#: ../../configuration/protocols/babel.rst:202
-#: ../../configuration/protocols/bgp.rst:1113
-#: ../../configuration/protocols/bgp.rst:1135
-#: ../../configuration/protocols/bgp.rst:1159
-#: ../../configuration/protocols/bgp.rst:1181
-#: ../../configuration/protocols/isis.rst:324
-#: ../../configuration/protocols/isis.rst:404
-#: ../../configuration/protocols/isis.rst:483
-#: ../../configuration/protocols/ospf.rst:1327
+#: ../../configuration/protocols/bgp.rst:1114
+#: ../../configuration/protocols/bgp.rst:1136
+#: ../../configuration/protocols/bgp.rst:1160
+#: ../../configuration/protocols/bgp.rst:1182
+#: ../../configuration/protocols/isis.rst:352
+#: ../../configuration/protocols/isis.rst:432
+#: ../../configuration/protocols/isis.rst:511
+#: ../../configuration/protocols/ospf.rst:1329
#: ../../configuration/protocols/rip.rst:251
#: ../../configuration/protocols/segment-routing.rst:211
msgid "**Node 2:**"
@@ -331,15 +379,39 @@ msgstr "**One gateway:**"
msgid "**Origin check**"
msgstr "**Origin check**"
+#: ../../configuration/firewall/index.rst:64
+msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:65
+msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/protocols/bgp.rst:125
msgid "**Peer address**"
msgstr "**Peer address**"
+#: ../../configuration/firewall/index.rst:38
+msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+
#: ../../configuration/policy/examples.rst:5
msgid "**Policy definition:**"
msgstr "**Policy definition:**"
-#: ../../configuration/service/dhcp-server.rst:450
+#: ../../configuration/firewall/index.rst:76
+msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+
+#: ../../configuration/firewall/index.rst:29
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/firewall/index.rst:28
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/service/dhcp-server.rst:391
msgid "**Primary**"
msgstr "**Primary**"
@@ -401,19 +473,19 @@ msgstr "**R2**"
msgid "**R2 Static Key**"
msgstr "**R2 Static Key**"
-#: ../../configuration/service/pppoe-server.rst:104
+#: ../../configuration/service/pppoe-server.rst:91
msgid "**RADIUS based IP pools (Framed-IP-Address)**"
msgstr "**RADIUS based IP pools (Framed-IP-Address)**"
-#: ../../configuration/service/pppoe-server.rst:128
+#: ../../configuration/service/pppoe-server.rst:115
msgid "**RADIUS sessions management DM/CoA**"
msgstr "**RADIUS sessions management DM/CoA**"
-#: ../../configuration/vpn/site2site_ipsec.rst:335
+#: ../../configuration/vpn/site2site_ipsec.rst:343
msgid "**RIGHT**"
msgstr "**RIGHT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:289
+#: ../../configuration/vpn/site2site_ipsec.rst:293
msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
@@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172
msgid "**Router-ID check**"
msgstr "**Router-ID check**"
-#: ../../configuration/protocols/igmp.rst:46
+#: ../../configuration/protocols/pim.rst:228
msgid "**Router 1**"
msgstr "**Router 1**"
-#: ../../configuration/protocols/igmp.rst:74
+#: ../../configuration/protocols/pim.rst:256
msgid "**Router 2**"
msgstr "**Router 2**"
-#: ../../configuration/protocols/igmp.rst:59
+#: ../../configuration/protocols/pim.rst:241
msgid "**Router 3**"
msgstr "**Router 3**"
@@ -449,7 +521,7 @@ msgstr "**SW1**"
msgid "**SW2**"
msgstr "**SW2**"
-#: ../../configuration/service/dhcp-server.rst:459
+#: ../../configuration/service/dhcp-server.rst:400
msgid "**Secondary**"
msgstr "**Secondary**"
@@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**"
msgid "**Setting up the GRE tunnel**"
msgstr "**Setting up the GRE tunnel**"
-#: ../../configuration/interfaces/vxlan.rst:191
+#: ../../configuration/firewall/index.rst:80
+msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/interfaces/vxlan.rst:212
msgid "**Spine1 Configuration:**"
msgstr "**Spine1 Configuration:**"
-#: ../../configuration/protocols/ospf.rst:1378
+#: ../../configuration/protocols/ospf.rst:1380
msgid "**Status**"
msgstr "**Status**"
-#: ../../configuration/protocols/ospf.rst:1336
+#: ../../configuration/protocols/ospf.rst:1338
msgid "**To see the redistributed routes:**"
msgstr "**To see the redistributed routes:**"
@@ -490,48 +566,12 @@ msgstr "**VyOS Router:**"
msgid "**Weight check**"
msgstr "**Weight check**"
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
+#: ../../_include/interface-dhcp-options.txt:74
msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
@@ -579,51 +619,19 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe
msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
-#: ../../configuration/vpn/sstp.rst:188
+#: ../../configuration/vpn/sstp.rst:199
msgid "**deny** - deny mppe"
msgstr "**deny** - deny mppe"
-#: ../../configuration/nat/nat44.rst:201
+#: ../../configuration/nat/nat44.rst:213
msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
@@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server
msgid "**discard:** Received packets which already contain relay information will be discarded."
msgstr "**discard:** Received packets which already contain relay information will be discarded."
-#: ../../configuration/protocols/igmp.rst:195
+#: ../../configuration/protocols/igmp-proxy.rst:23
msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
@@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow
msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
-#: ../../configuration/firewall/general.rst:99
+#: ../../configuration/firewall/global-options.rst:36
msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
@@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen
msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
+#: ../../configuration/nat/nat44.rst:165
+msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
#: ../../configuration/interfaces/bonding.rst:161
msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
@@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c
msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
-#: ../../configuration/vpn/sstp.rst:187
+#: ../../configuration/nat/nat44.rst:149
+msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
+#: ../../configuration/vpn/sstp.rst:198
msgid "**prefer** - ask client for mppe, if it rejects don't fail"
msgstr "**prefer** - ask client for mppe, if it rejects don't fail"
@@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro
msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
-#: ../../configuration/nat/nat44.rst:169
+#: ../../configuration/nat/nat44.rst:181
msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
@@ -767,7 +783,7 @@ msgstr "**remote side - commands**"
msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
-#: ../../configuration/vpn/sstp.rst:186
+#: ../../configuration/vpn/sstp.rst:197
msgid "**require** - ask client for mppe, if it rejects drop connection"
msgstr "**require** - ask client for mppe, if it rejects drop connection"
@@ -779,7 +795,7 @@ msgstr "**right**"
msgid "**setpcap**: Capability sets (from bounded or inherited set)"
msgstr "**setpcap**: Capability sets (from bounded or inherited set)"
-#: ../../configuration/nat/nat44.rst:183
+#: ../../configuration/nat/nat44.rst:195
msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
@@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock"
msgid "**transition** - Send and accept both styles of TLVs during transition."
msgstr "**transition** - Send and accept both styles of TLVs during transition."
-#: ../../configuration/protocols/igmp.rst:191
+#: ../../configuration/protocols/igmp-proxy.rst:19
msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
@@ -860,25 +876,6 @@ msgid "011110"
msgstr "011110"
#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
msgid "0: Disable DAD"
msgstr "0: Disable DAD"
@@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing."
msgid "0 if not defined."
msgstr "0 if not defined."
-#: ../../configuration/service/dhcp-server.rst:270
+#: ../../configuration/service/dhcp-server.rst:237
#: ../../configuration/system/syslog.rst:114
#: ../../configuration/system/syslog.rst:173
#: ../../configuration/trafficpolicy/index.rst:801
@@ -898,7 +895,7 @@ msgstr "0 if not defined."
msgid "1"
msgstr "1"
-#: ../../configuration/nat/nat44.rst:588
+#: ../../configuration/nat/nat44.rst:612
msgid "1-to-1 NAT"
msgstr "1-to-1 NAT"
@@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s"
msgid "11"
msgstr "11"
-#: ../../configuration/service/dhcp-server.rst:352
+#: ../../configuration/service/dhcp-server.rst:319
msgid "119"
msgstr "119"
@@ -963,11 +960,11 @@ msgstr "119"
msgid "12"
msgstr "12"
-#: ../../configuration/service/dhcp-server.rst:357
+#: ../../configuration/service/dhcp-server.rst:324
msgid "121, 249"
msgstr "121, 249"
-#: ../../configuration/service/dhcp-server.rst:337
+#: ../../configuration/service/dhcp-server.rst:304
#: ../../configuration/system/syslog.rst:138
#: ../../configuration/trafficpolicy/index.rst:870
msgid "13"
@@ -979,7 +976,7 @@ msgstr "13"
msgid "14"
msgstr "14"
-#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:264
#: ../../configuration/system/syslog.rst:142
#: ../../configuration/trafficpolicy/index.rst:866
msgid "15"
@@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)"
msgid "18"
msgstr "18"
-#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:269
#: ../../configuration/system/syslog.rst:150
msgid "19"
msgstr "19"
@@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)"
msgid "1. Create an event handler"
msgstr "1. Create an event handler"
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
+#: ../../configuration/firewall/flowtables.rst:144
+msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+
#: ../../_include/interface-ipv6.txt:80
msgid "1: Enable DAD (default)"
msgstr "1: Enable DAD (default)"
@@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)"
msgid "1 if not defined."
msgstr "1 if not defined."
-#: ../../configuration/service/dhcp-server.rst:276
+#: ../../configuration/service/dhcp-server.rst:243
#: ../../configuration/system/syslog.rst:116
#: ../../configuration/system/syslog.rst:178
#: ../../configuration/trafficpolicy/index.rst:799
@@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s"
msgid "2500 - 2.5 GBit/s"
msgstr "2500 - 2.5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dhcp-server.rst:329
msgid "252"
msgstr "252"
@@ -1097,30 +1079,15 @@ msgstr "2FA OTP support"
msgid "2. Add regex to the script"
msgstr "2. Add regex to the script"
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
+#: ../../configuration/firewall/flowtables.rst:148
+msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+
#: ../../_include/interface-ipv6.txt:81
msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
-#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:249
#: ../../configuration/system/syslog.rst:118
#: ../../configuration/system/syslog.rst:181
#: ../../configuration/trafficpolicy/index.rst:797
@@ -1148,7 +1115,7 @@ msgstr "38"
msgid "3. Add a full path to the script"
msgstr "3. Add a full path to the script"
-#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:254
#: ../../configuration/system/syslog.rst:120
#: ../../configuration/system/syslog.rst:183
#: ../../configuration/trafficpolicy/index.rst:795
@@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s"
msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
-#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:274
msgid "42"
msgstr "42"
-#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:279
msgid "44"
msgstr "44"
@@ -1180,6 +1147,10 @@ msgstr "46"
msgid "4. Add optional parameters"
msgstr "4. Add optional parameters"
+#: ../../configuration/firewall/flowtables.rst:153
+msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+
#: ../../configuration/system/syslog.rst:122
#: ../../configuration/system/syslog.rst:185
#: ../../configuration/trafficpolicy/index.rst:793
@@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s"
msgid "5000 - 5 GBit/s"
msgstr "5000 - 5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:284
msgid "54"
msgstr "54"
+#: ../../configuration/firewall/flowtables.rst:157
+msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+
#: ../../configuration/highavailability/index.rst:257
#: ../../configuration/highavailability/index.rst:288
msgid "5 if not defined."
msgstr "5 if not defined."
-#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:259
#: ../../configuration/system/syslog.rst:124
#: ../../configuration/system/syslog.rst:189
#: ../../configuration/trafficpolicy/index.rst:791
@@ -1212,7 +1187,7 @@ msgstr "5 if not defined."
msgid "6"
msgstr "6"
-#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:294
msgid "66"
msgstr "66"
@@ -1220,14 +1195,18 @@ msgstr "66"
msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
-#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:299
msgid "67"
msgstr "67"
-#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:309
msgid "69"
msgstr "69"
+#: ../../configuration/firewall/flowtables.rst:161
+msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+
#: ../../configuration/interfaces/tunnel.rst:81
msgid "6in4 (SIT)"
msgstr "6in4 (SIT)"
@@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin
msgid "7"
msgstr "7"
-#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:314
msgid "70"
msgstr "70"
@@ -1252,11 +1231,6 @@ msgid "8"
msgstr "8"
#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
@@ -1325,22 +1299,31 @@ msgstr "<x.x.x.x>-<x.x.x.x>: IP range to match."
msgid "<x.x.x.x>: IP address to match."
msgstr "<x.x.x.x>: IP address to match."
+#: ../../configuration/pki/index.rst:252
+msgid "ACME"
+msgstr "ACME"
+
+#: ../../configuration/pki/index.rst:281
+msgid "ACME Directory Resource URI."
+msgstr "ACME Directory Resource URI."
+
+#: ../../configuration/service/https.rst:59
+msgid "API"
+msgstr "API"
+
#: ../../configuration/protocols/static.rst:150
msgid "ARP"
msgstr "ARP"
-#: ../../configuration/firewall/general.rst:302
-#: ../../configuration/firewall/general-legacy.rst:257
+#: ../../configuration/firewall/groups.rst:129
msgid "A **domain group** represents a collection of domains."
msgstr "A **domain group** represents a collection of domains."
-#: ../../configuration/firewall/general.rst:284
-#: ../../configuration/firewall/general-legacy.rst:242
+#: ../../configuration/firewall/groups.rst:111
msgid "A **mac group** represents a collection of mac addresses."
msgstr "A **mac group** represents a collection of mac addresses."
-#: ../../configuration/firewall/general.rst:259
-#: ../../configuration/firewall/general-legacy.rst:217
+#: ../../configuration/firewall/groups.rst:86
msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
@@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by
msgid "A Rule-Set can be applied to every interface:"
msgstr "A Rule-Set can be applied to every interface:"
-#: ../../configuration/service/dhcp-server.rst:631
+#: ../../configuration/service/dhcp-server.rst:561
msgid "A SNTP server address can be specified for DHCPv6 clients."
msgstr "A SNTP server address can be specified for DHCPv6 clients."
@@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac
msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
-#: ../../configuration/service/dns.rst:149
+#: ../../configuration/service/dns.rst:162
msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
-#: ../../configuration/service/dhcp-server.rst:603
+#: ../../configuration/service/dhcp-server.rst:533
msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
@@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used
msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
-#: ../../configuration/firewall/zone.rst:54
+#: ../../configuration/firewall/zone.rst:73
msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
@@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe
msgid "A complete LDAP auth OpenVPN configuration could look like the following example:"
msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:"
-#: ../../configuration/vpn/sstp.rst:323
+#: ../../configuration/vpn/sstp.rst:335
msgid "A connection attempt will be shown as:"
msgstr "A connection attempt will be shown as:"
@@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w
msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
-#: ../../configuration/nat/nat44.rst:685
+#: ../../configuration/nat/nat44.rst:709
msgid "A dummy interface for the provider-assigned IP;"
msgstr "A dummy interface for the provider-assigned IP;"
@@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi
msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
-#: ../../configuration/service/dhcp-server.rst:187
+#: ../../configuration/service/dhcp-server.rst:152
msgid "A generic `<name>` referencing this sync service."
msgstr "A generic `<name>` referencing this sync service."
@@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik
msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
+#: ../../configuration/firewall/flowtables.rst:44
+msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+
#: ../../configuration/protocols/bgp.rst:698
msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
@@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt
msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
-#: ../../configuration/nat/nat44.rst:360
+#: ../../configuration/nat/nat44.rst:374
msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"
msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:"
-#: ../../configuration/firewall/general.rst:761
-#: ../../configuration/firewall/general-legacy.rst:506
+#: ../../configuration/firewall/ipv4.rst:485
+#: ../../configuration/firewall/ipv6.rst:491
msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."
msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``."
@@ -1536,23 +1523,14 @@ msgid "A segment ID that contains an IP address prefix calculated by an IGP in t
msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it"
#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
-#: ../../configuration/service/dhcp-server.rst:659
+#: ../../configuration/service/dhcp-server.rst:589
msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
-#: ../../configuration/protocols/bgp.rst:1145
+#: ../../configuration/protocols/bgp.rst:1146
msgid "A simple BGP configuration via IPv6."
msgstr "A simple BGP configuration via IPv6."
@@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6."
msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
-#: ../../configuration/protocols/bgp.rst:1100
+#: ../../configuration/protocols/bgp.rst:1101
msgid "A simple eBGP configuration:"
msgstr "A simple eBGP configuration:"
@@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities."
msgid "A simple example of an FQ-CoDel policy working inside a Shaper one."
msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one."
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+
#: ../../configuration/nat/nat66.rst:28
msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
@@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa
msgid "A sync group allows VRRP groups to transition together."
msgstr "A sync group allows VRRP groups to transition together."
-#: ../../configuration/protocols/ospf.rst:1316
+#: ../../configuration/protocols/ospf.rst:1318
msgid "A typical configuration using 2 nodes."
msgstr "A typical configuration using 2 nodes."
-#: ../../configuration/nat/nat44.rst:400
+#: ../../configuration/nat/nat44.rst:414
msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
@@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header
msgid "A very small buffer will soon start dropping packets."
msgstr "A very small buffer will soon start dropping packets."
-#: ../../configuration/firewall/zone.rst:33
+#: ../../configuration/firewall/zone.rst:52
msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
-#: ../../configuration/service/dns.rst:384
+#: ../../configuration/service/dns.rst:397
msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
@@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected
msgid "Action which will be run once the ctrl-alt-del keystroke is received."
msgstr "Action which will be run once the ctrl-alt-del keystroke is received."
-#: ../../configuration/firewall/general.rst:327
+#: ../../configuration/firewall/bridge.rst:65
+#: ../../configuration/firewall/ipv4.rst:81
+#: ../../configuration/firewall/ipv6.rst:81
#: ../../configuration/policy/route.rst:238
msgid "Actions"
msgstr "Actions"
-#: ../../configuration/interfaces/openvpn.rst:431
+#: ../../configuration/interfaces/openvpn.rst:483
msgid "Active Directory"
msgstr "Active Directory"
@@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should
msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI."
msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI."
-#: ../../configuration/vpn/openconnect.rst:169
+#: ../../configuration/vpn/openconnect.rst:176
msgid "Adding a 2FA with an OTP-key"
msgstr "Adding a 2FA with an OTP-key"
@@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing
msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
-#: ../../configuration/nat/nat44.rst:738
+#: ../../configuration/nat/nat44.rst:760
msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
@@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis
msgid "Address"
msgstr "Address"
-#: ../../configuration/nat/nat44.rst:219
+#: ../../configuration/nat/nat44.rst:231
msgid "Address Conversion"
msgstr "Address Conversion"
@@ -1773,20 +1761,19 @@ msgstr "Address Conversion"
msgid "Address Families"
msgstr "Address Families"
-#: ../../configuration/firewall/general.rst:192
-#: ../../configuration/firewall/general-legacy.rst:168
+#: ../../configuration/firewall/groups.rst:19
msgid "Address Groups"
msgstr "Address Groups"
-#: ../../configuration/service/dhcp-server.rst:662
+#: ../../configuration/service/dhcp-server.rst:592
msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
-#: ../../configuration/service/dhcp-server.rst:652
+#: ../../configuration/service/dhcp-server.rst:582
msgid "Address pools"
msgstr "Address pools"
-#: ../../configuration/service/https.rst:42
+#: ../../configuration/service/https.rst:33
msgid "Address to listen for HTTPS requests"
msgstr "Address to listen for HTTPS requests"
@@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for
msgid "Administrative Distance"
msgstr "Administrative Distance"
-#: ../../configuration/nat/nat44.rst:289
+#: ../../configuration/nat/nat44.rst:301
msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
@@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix"
msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
-#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:325
msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
@@ -1846,7 +1833,7 @@ msgstr "Algorithm"
msgid "Aliases"
msgstr "Aliases"
-#: ../../configuration/service/dns.rst:154
+#: ../../configuration/service/dns.rst:167
msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
@@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes
msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
-#: ../../configuration/service/dns.rst:156
+#: ../../configuration/service/dns.rst:169
msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
@@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve
msgid "All reply sizes are accepted by default."
msgstr "All reply sizes are accepted by default."
+#: ../../configuration/protocols/pim.rst:91
+msgid "All routers in the PIM network must agree on these values."
+msgstr "All routers in the PIM network must agree on these values."
+
#: ../../configuration/system/task-scheduler.rst:10
msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
@@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an
msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
-#: ../../configuration/firewall/zone.rst:36
+#: ../../configuration/firewall/zone.rst:55
msgid "All traffic between zones is affected by existing policies"
msgstr "All traffic between zones is affected by existing policies"
-#: ../../configuration/firewall/zone.rst:35
+#: ../../configuration/firewall/zone.rst:54
msgid "All traffic to and from an interface within a zone is permitted."
msgstr "All traffic to and from an interface within a zone is permitted."
@@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy
msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
-#: ../../configuration/service/dns.rst:346
+#: ../../configuration/service/dns.rst:359
msgid "Allow explicit IPv6 address for the interface."
msgstr "Allow explicit IPv6 address for the interface."
@@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface."
msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
+#: ../../configuration/service/mdns.rst:43
+msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+
#: ../../configuration/protocols/bfd.rst:34
msgid "Allow this BFD peer to not be directly connected"
msgstr "Allow this BFD peer to not be directly connected"
-#: ../../configuration/firewall/general.rst:1137
#: ../../configuration/firewall/general-legacy.rst:694
msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
+#: ../../configuration/firewall/ipv4.rst:812
+#: ../../configuration/firewall/ipv6.rst:821
+#: ../../configuration/system/conntrack.rst:199
+msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+
#: ../../configuration/interfaces/bridge.rst:162
msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
@@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP
msgid "Already learned known_hosts files of clients need an update as the public key will change."
msgstr "Already learned known_hosts files of clients need an update as the public key will change."
-#: ../../configuration/firewall/general.rst:377
+#: ../../configuration/firewall/bridge.rst:123
+#: ../../configuration/firewall/ipv4.rst:166
+#: ../../configuration/firewall/ipv6.rst:166
msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
@@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic
msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
-#: ../../configuration/nat/nat44.rst:276
+#: ../../configuration/nat/nat44.rst:288
msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
@@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables"
msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
-#: ../../configuration/interfaces/vxlan.rst:321
+#: ../../configuration/interfaces/vxlan.rst:342
msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
-#: ../../configuration/service/dhcp-server.rst:130
+#: ../../configuration/service/dhcp-server.rst:116
msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
-#: ../../configuration/firewall/general.rst:241
+#: ../../configuration/firewall/groups.rst:68
msgid "An **interface group** represents a collection of interfaces."
msgstr "An **interface group** represents a collection of interfaces."
@@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag
msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
+#: ../../configuration/firewall/ipv4.rst:373
+msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+
#: ../../configuration/firewall/general-legacy.rst:424
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
-#: ../../configuration/firewall/general.rst:619
+#: ../../configuration/firewall/ipv6.rst:371
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:"
msgid "An example of key generation:"
msgstr "An example of key generation:"
-#: ../../configuration/vpn/openconnect.rst:291
+#: ../../configuration/vpn/openconnect.rst:298
msgid "An example of the data captured by a FREERADIUS server with sql accounting:"
msgstr "An example of the data captured by a FREERADIUS server with sql accounting:"
@@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti
msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
+#: ../../configuration/firewall/flowtables.rst:142
+msgid "Analysis on what happens for desired connection:"
+msgstr "Analysis on what happens for desired connection:"
+
+#: ../../configuration/firewall/bridge.rst:297
+msgid "And, to print only bridge firewall information:"
+msgstr "And, to print only bridge firewall information:"
+
+#: ../../configuration/firewall/ipv4.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+
#: ../../configuration/policy/route.rst:76
msgid "And for ipv6:"
msgstr "And for ipv6:"
+#: ../../configuration/firewall/groups.rst:165
+msgid "And next, some configuration example where groups are used:"
+msgstr "And next, some configuration example where groups are used:"
+
+#: ../../configuration/firewall/bridge.rst:349
+msgid "And op-mode commands:"
+msgstr "And op-mode commands:"
+
#: ../../configuration/system/ip.rst:84
msgid "And the different IPv4 **reset** commands available:"
msgstr "And the different IPv4 **reset** commands available:"
@@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:"
msgid "And then hash is reduced modulo slave count."
msgstr "And then hash is reduced modulo slave count."
-#: ../../configuration/nat/nat44.rst:590
+#: ../../configuration/nat/nat44.rst:614
msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
@@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo
msgid "Apply routing policy to **inbound** direction of out VLAN interfaces"
msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces"
-#: ../../configuration/firewall/zone.rst:82
+#: ../../configuration/firewall/zone.rst:101
msgid "Applying a Rule-Set to a Zone"
msgstr "Applying a Rule-Set to a Zone"
@@ -2151,49 +2181,11 @@ msgstr "Arista EOS"
msgid "Aruba/HP"
msgstr "Aruba/HP"
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/pppoe.rst:207
#: ../../configuration/interfaces/pppoe.rst:253
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/sstp-client.rst:79
#: ../../_include/interface-ip.txt:4
#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
@@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de
msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
+#: ../../configuration/firewall/index.rst:7
+msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+
#: ../../configuration/interfaces/wwan.rst:326
msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
@@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b
msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
-#: ../../configuration/firewall/zone.rst:49
+#: ../../configuration/firewall/zone.rst:68
msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
+#: ../../configuration/firewall/flowtables.rst:109
+msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+
#: ../../configuration/system/option.rst:80
msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
@@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys
msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
+#: ../../configuration/firewall/groups.rst:147
+msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+
#: ../../configuration/trafficpolicy/index.rst:196
msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
@@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets
msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
-#: ../../configuration/firewall/index.rst:81
+#: ../../configuration/firewall/index.rst:176
msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
-#: ../../configuration/firewall/index.rst:60
+#: ../../configuration/firewall/index.rst:182
msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
@@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules
msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
-#: ../../configuration/interfaces/vxlan.rst:264
+#: ../../configuration/interfaces/vxlan.rst:285
msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
@@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel"
msgid "Assign static IP address to `<user>` account."
msgstr "Assign static IP address to `<user>` account."
-#: ../../configuration/service/dhcp-server.rst:111
+#: ../../configuration/service/dhcp-server.rst:97
msgid "Assign the IP address to this machine for `<time>` seconds."
msgstr "Assign the IP address to this machine for `<time>` seconds."
@@ -2377,7 +2381,6 @@ msgstr "Assured Forwarding(AF) 43"
msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
-#: ../../configuration/firewall/general.rst:1489
#: ../../configuration/firewall/general-legacy.rst:972
msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
@@ -2434,7 +2437,7 @@ msgstr "Authentication – to verify that the message is from a valid source."
msgid "Authorization token"
msgstr "Authorization token"
-#: ../../configuration/service/pppoe-server.rst:172
+#: ../../configuration/service/pppoe-server.rst:159
msgid "Automatic VLAN Creation"
msgstr "Automatic VLAN Creation"
@@ -2442,6 +2445,10 @@ msgstr "Automatic VLAN Creation"
msgid "Automatic VLAN creation"
msgstr "Automatic VLAN creation"
+#: ../../configuration/protocols/pim.rst:137
+msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+
#: ../../configuration/system/option.rst:19
msgid "Automatically reboot system on kernel panic after 60 seconds."
msgstr "Automatically reboot system on kernel panic after 60 seconds."
@@ -2450,7 +2457,7 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds."
msgid "Autonomous Systems"
msgstr "Autonomous Systems"
-#: ../../configuration/nat/nat44.rst:370
+#: ../../configuration/nat/nat44.rst:384
msgid "Avoiding \"leaky\" NAT"
msgstr "Avoiding \"leaky\" NAT"
@@ -2530,7 +2537,7 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add
msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
-#: ../../configuration/vrf/index.rst:411
+#: ../../configuration/vrf/index.rst:413
msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
@@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name"
msgstr "Balancing based on domain name"
#: ../../configuration/service/ipoe-server.rst:122
-#: ../../configuration/service/pppoe-server.rst:195
+#: ../../configuration/service/pppoe-server.rst:182
#: ../../configuration/vpn/l2tp.rst:113
msgid "Bandwidth Shaping"
msgstr "Bandwidth Shaping"
@@ -2573,7 +2580,7 @@ msgstr "Bandwidth Shaping"
msgid "Bandwidth Shaping for local users"
msgstr "Bandwidth Shaping for local users"
-#: ../../configuration/service/pppoe-server.rst:197
+#: ../../configuration/service/pppoe-server.rst:184
msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes."
@@ -2585,7 +2592,14 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att
msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
-#: ../../configuration/vpn/dmvpn.rst:34
+#: ../../configuration/firewall/ipv4.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+
#: ../../configuration/vpn/dmvpn.rst:34
msgid "Baseline DMVPN topology"
msgstr "Baseline DMVPN topology"
@@ -2594,7 +2608,6 @@ msgstr "Baseline DMVPN topology"
msgid "Basic Concepts"
msgstr "Basic Concepts"
-#: ../../configuration/protocols/igmp.rst:91
#: ../../configuration/protocols/pim6.rst:26
msgid "Basic commands"
msgstr "Basic commands"
@@ -2611,7 +2624,7 @@ msgstr "Basic filtering could also be applied to IPv6 traffic."
msgid "Basic setup"
msgstr "Basic setup"
-#: ../../configuration/vpn/openconnect.rst:255
+#: ../../configuration/vpn/openconnect.rst:262
msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
@@ -2631,11 +2644,11 @@ msgstr "Because existing sessions do not automatically fail over to a new path,
msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
-#: ../../configuration/firewall/zone.rst:84
+#: ../../configuration/firewall/zone.rst:103
msgid "Before you are able to apply a rule-set to a zone you have to create the zones first."
msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first."
-#: ../../configuration/vpn/site2site_ipsec.rst:413
+#: ../../configuration/vpn/site2site_ipsec.rst:422
msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
@@ -2663,7 +2676,7 @@ msgstr "Binary value"
msgid "Bind listener to specific interface/address, mandatory for IPv6"
msgstr "Bind listener to specific interface/address, mandatory for IPv6"
-#: ../../configuration/interfaces/vxlan.rst:285
+#: ../../configuration/interfaces/vxlan.rst:306
msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
@@ -2695,15 +2708,15 @@ msgstr "Bond / Link Aggregation"
msgid "Bond options"
msgstr "Bond options"
-#: ../../configuration/service/dhcp-server.rst:339
+#: ../../configuration/service/dhcp-server.rst:306
msgid "Boot image length in 512-octet blocks"
msgstr "Boot image length in 512-octet blocks"
-#: ../../configuration/service/dhcp-server.rst:334
+#: ../../configuration/service/dhcp-server.rst:301
msgid "Bootstrap file name"
msgstr "Bootstrap file name"
-#: ../../configuration/interfaces/vxlan.rst:102
+#: ../../configuration/interfaces/vxlan.rst:123
msgid "Both IPv4 and IPv6 multicast is possible."
msgstr "Both IPv4 and IPv6 multicast is possible."
@@ -2712,25 +2725,6 @@ msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Aut
msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported."
#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
@@ -2746,10 +2740,18 @@ msgstr "Bridge"
msgid "Bridge:"
msgstr "Bridge:"
+#: ../../configuration/firewall/bridge.rst:7
+msgid "Bridge Firewall Configuration"
+msgstr "Bridge Firewall Configuration"
+
#: ../../configuration/interfaces/bridge.rst:66
msgid "Bridge Options"
msgstr "Bridge Options"
+#: ../../configuration/firewall/bridge.rst:56
+msgid "Bridge Rules"
+msgstr "Bridge Rules"
+
#: ../../configuration/interfaces/bridge.rst:198
#: ../../configuration/interfaces/bridge.rst:233
msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64"
@@ -2779,7 +2781,7 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if
msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
-#: ../../configuration/service/dns.rst:380
+#: ../../configuration/service/dns.rst:393
msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
@@ -2792,7 +2794,7 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic
msgid "By default, it supports both planned and unplanned outages."
msgstr "By default, it supports both planned and unplanned outages."
-#: ../../configuration/service/https.rst:54
+#: ../../configuration/service/https.rst:45
msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
@@ -2808,8 +2810,7 @@ msgstr "By default, the BGP prefix is advertised even if it's not present in the
msgid "By default, this bridging is allowed."
msgstr "By default, this bridging is allowed."
-#: ../../configuration/firewall/general.rst:90
-#: ../../configuration/firewall/general-legacy.rst:42
+#: ../../configuration/firewall/global-options.rst:27
msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
@@ -2876,7 +2877,7 @@ msgstr "Certificates"
msgid "Change system keyboard layout to given language."
msgstr "Change system keyboard layout to given language."
-#: ../../configuration/firewall/zone.rst:75
+#: ../../configuration/firewall/zone.rst:94
msgid "Change the default-action with this setting."
msgstr "Change the default-action with this setting."
@@ -2896,6 +2897,10 @@ msgstr "Changing the keymap only has an effect on the system console, using SSH
msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
+#: ../../configuration/system/updates.rst:28
+msgid "Check:"
+msgstr "Check:"
+
#: ../../configuration/system/acceleration.rst:32
msgid "Check if the Intel® QAT device is up and ready to do the job."
msgstr "Check if the Intel® QAT device is up and ready to do the job."
@@ -2908,10 +2913,14 @@ msgstr "Check status"
msgid "Check the many parameters available for the `show ipv6 route` command:"
msgstr "Check the many parameters available for the `show ipv6 route` command:"
-#: ../../configuration/service/pppoe-server.rst:320
+#: ../../configuration/service/pppoe-server.rst:307
msgid "Checking connections"
msgstr "Checking connections"
+#: ../../configuration/firewall/flowtables.rst:165
+msgid "Checks"
+msgstr "Checks"
+
#: ../../configuration/service/tftp-server.rst:21
msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
@@ -2921,25 +2930,6 @@ msgid "Cisco Catalyst"
msgstr "Cisco Catalyst"
#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
msgid "Cisco and Allied Telesyn call it Private VLAN"
msgstr "Cisco and Allied Telesyn call it Private VLAN"
@@ -2955,7 +2945,7 @@ msgstr "Class treatment"
msgid "Classes"
msgstr "Classes"
-#: ../../configuration/service/dhcp-server.rst:359
+#: ../../configuration/service/dhcp-server.rst:326
msgid "Classless static route"
msgstr "Classless static route"
@@ -2975,7 +2965,7 @@ msgstr "Client:"
msgid "Client Address Pools"
msgstr "Client Address Pools"
-#: ../../configuration/interfaces/openvpn.rst:388
+#: ../../configuration/interfaces/openvpn.rst:440
msgid "Client Authentication"
msgstr "Client Authentication"
@@ -2983,7 +2973,7 @@ msgstr "Client Authentication"
msgid "Client Configuration"
msgstr "Client Configuration"
-#: ../../configuration/vpn/sstp.rst:278
+#: ../../configuration/vpn/sstp.rst:289
msgid "Client IP addresses will be provided from pool `192.0.2.0/25`"
msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`"
@@ -2995,11 +2985,11 @@ msgstr "Client Side"
msgid "Client configuration"
msgstr "Client configuration"
-#: ../../configuration/service/dhcp-server.rst:299
+#: ../../configuration/service/dhcp-server.rst:266
msgid "Client domain name"
msgstr "Client domain name"
-#: ../../configuration/service/dhcp-server.rst:354
+#: ../../configuration/service/dhcp-server.rst:321
msgid "Client domain search"
msgstr "Client domain search"
@@ -3011,7 +3001,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet
msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
-#: ../../configuration/service/dhcp-server.rst:590
+#: ../../configuration/service/dhcp-server.rst:514
msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
@@ -3023,7 +3013,9 @@ msgstr "Clock daemon"
msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
-#: ../../configuration/firewall/general.rst:530
+#: ../../configuration/firewall/bridge.rst:216
+#: ../../configuration/firewall/ipv4.rst:298
+#: ../../configuration/firewall/ipv6.rst:298
msgid "Command for disabling a rule but keep it in the configuration."
msgstr "Command for disabling a rule but keep it in the configuration."
@@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration."
msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
-#: ../../configuration/firewall/general.rst:1544
-#: ../../configuration/firewall/general-legacy.rst:1054
+#: ../../configuration/firewall/ipv4.rst:1179
+#: ../../configuration/firewall/ipv6.rst:1195
msgid "Command used to update GeoIP database and firewall sets."
msgstr "Command used to update GeoIP database and firewall sets."
-#: ../../configuration/service/dhcp-server.rst:438
+#: ../../configuration/firewall/flowtables.rst:119
+msgid "Commands"
+msgstr "Commands"
+
+#: ../../configuration/service/dhcp-server.rst:379
msgid "Common configuration, valid for both primary and secondary node."
msgstr "Common configuration, valid for both primary and secondary node."
@@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut
msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source."
#: ../../configuration/container/index.rst:12
-#: ../../configuration/firewall/zone.rst:47
+#: ../../configuration/firewall/global-options.rst:23
+#: ../../configuration/firewall/groups.rst:11
+#: ../../configuration/firewall/zone.rst:66
#: ../../configuration/interfaces/bonding.rst:17
#: ../../configuration/interfaces/bridge.rst:21
#: ../../configuration/interfaces/dummy.rst:28
@@ -3081,6 +3079,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/l2tpv3.rst:31
#: ../../configuration/interfaces/loopback.rst:26
#: ../../configuration/interfaces/macsec.rst:20
+#: ../../configuration/interfaces/openvpn.rst:585
#: ../../configuration/interfaces/pppoe.rst:59
#: ../../configuration/interfaces/pseudo-ethernet.rst:45
#: ../../configuration/interfaces/sstp-client.rst:20
@@ -3090,7 +3089,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/wireless.rst:30
#: ../../configuration/interfaces/wwan.rst:16
#: ../../configuration/loadbalancing/reverse-proxy.rst:13
-#: ../../configuration/nat/nat44.rst:681
+#: ../../configuration/nat/nat44.rst:705
#: ../../configuration/policy/access-list.rst:13
#: ../../configuration/policy/as-path-list.rst:10
#: ../../configuration/policy/community-list.rst:10
@@ -3101,7 +3100,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/policy/route-map.rst:10
#: ../../configuration/protocols/bfd.rst:143
#: ../../configuration/protocols/bgp.rst:164
-#: ../../configuration/protocols/igmp.rst:186
+#: ../../configuration/protocols/igmp-proxy.rst:14
#: ../../configuration/protocols/isis.rst:28
#: ../../configuration/protocols/ospf.rst:22
#: ../../configuration/protocols/ospf.rst:1076
@@ -3112,13 +3111,13 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/service/dhcp-relay.rst:19
#: ../../configuration/service/dhcp-relay.rst:137
#: ../../configuration/service/dhcp-server.rst:22
-#: ../../configuration/service/dhcp-server.rst:586
+#: ../../configuration/service/dhcp-server.rst:510
#: ../../configuration/service/dns.rst:8
-#: ../../configuration/service/dns.rst:214
+#: ../../configuration/service/dns.rst:227
#: ../../configuration/service/https.rst:14
#: ../../configuration/service/ipoe-server.rst:28
#: ../../configuration/service/lldp.rst:36
-#: ../../configuration/service/mdns.rst:18
+#: ../../configuration/service/mdns.rst:19
#: ../../configuration/service/ntp.rst:40
#: ../../configuration/service/pppoe-server.rst:17
#: ../../configuration/service/salt-minion.rst:25
@@ -3131,28 +3130,31 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/system/login.rst:241
#: ../../configuration/system/login.rst:310
#: ../../configuration/system/sflow.rst:12
+#: ../../configuration/system/updates.rst:8
#: ../../configuration/vpn/dmvpn.rst:38
#: ../../configuration/vpn/dmvpn.rst:182
#: ../../configuration/vpn/openconnect.rst:21
#: ../../configuration/vpn/sstp.rst:65
#: ../../configuration/vrf/index.rst:16
#: ../../configuration/vrf/index.rst:253
-#: ../../configuration/vrf/index.rst:286
-#: ../../configuration/vrf/index.rst:434
+#: ../../configuration/vrf/index.rst:288
+#: ../../configuration/vrf/index.rst:436
msgid "Configuration"
msgstr "Configuration"
+#: ../../configuration/firewall/flowtables.rst:100
#: ../../configuration/protocols/babel.rst:188
-#: ../../configuration/protocols/ospf.rst:1314
+#: ../../configuration/protocols/ospf.rst:1316
#: ../../configuration/protocols/pim6.rst:78
#: ../../configuration/protocols/rip.rst:239
#: ../../configuration/protocols/segment-routing.rst:187
#: ../../configuration/system/login.rst:279
-#: ../../configuration/system/login.rst:348
+#: ../../configuration/system/login.rst:350
msgid "Configuration Example"
msgstr "Configuration Example"
-#: ../../configuration/nat/nat44.rst:313
+#: ../../configuration/nat/nat44.rst:325
+#: ../../configuration/nat/nat64.rst:38
#: ../../configuration/nat/nat66.rst:109
msgid "Configuration Examples"
msgstr "Configuration Examples"
@@ -3165,6 +3167,10 @@ msgstr "Configuration Guide"
msgid "Configuration Options"
msgstr "Configuration Options"
+#: ../../configuration/firewall/global-options.rst:17
+msgid "Configuration commands covered in this section:"
+msgstr "Configuration commands covered in this section:"
+
#: ../../configuration/vpn/ipsec.rst:284
msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
@@ -3173,7 +3179,11 @@ msgstr "Configuration commands for the private and public key will be displayed
msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
-#: ../../configuration/vrf/index.rst:428
+#: ../../configuration/firewall/bridge.rst:323
+msgid "Configuration example:"
+msgstr "Configuration example:"
+
+#: ../../configuration/vrf/index.rst:430
msgid "Configuration for these exported routes must, at a minimum, specify these two parameters."
msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters."
@@ -3181,11 +3191,11 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes
msgid "Configuration of :ref:`routing-static`"
msgstr "Configuration of :ref:`routing-static`"
-#: ../../configuration/service/dhcp-server.rst:430
+#: ../../configuration/service/dhcp-server.rst:371
msgid "Configuration of a DHCP failover pair"
msgstr "Configuration of a DHCP failover pair"
-#: ../../configuration/vrf/index.rst:436
+#: ../../configuration/vrf/index.rst:438
msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
@@ -3198,11 +3208,11 @@ msgstr "Configure"
msgid "Configure BFD"
msgstr "Configure BFD"
-#: ../../configuration/service/dns.rst:245
+#: ../../configuration/service/dns.rst:258
msgid "Configure DNS `<record>` which should be updated. This can be set multiple times."
msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times."
-#: ../../configuration/service/dns.rst:240
+#: ../../configuration/service/dns.rst:253
msgid "Configure DNS `<zone>` to be updated."
msgstr "Configure DNS `<zone>` to be updated."
@@ -3224,59 +3234,42 @@ msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
-#: ../../configuration/vpn/sstp.rst:203
+#: ../../configuration/vpn/sstp.rst:214
msgid "Configure RADIUS `<server>` and its required port for authentication requests."
msgstr "Configure RADIUS `<server>` and its required port for authentication requests."
-#: ../../configuration/vpn/sstp.rst:207
+#: ../../configuration/vpn/sstp.rst:218
msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
-#: ../../configuration/nat/nat44.rst:210
+#: ../../configuration/nat/nat44.rst:222
msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
-#: ../../configuration/system/login.rst:373
+#: ../../configuration/system/login.rst:375
msgid "Configure `<message>` which is shown after user has logged in to the system."
msgstr "Configure `<message>` which is shown after user has logged in to the system."
-#: ../../configuration/system/login.rst:368
+#: ../../configuration/system/login.rst:370
msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in."
msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in."
-#: ../../configuration/service/dns.rst:328
+#: ../../configuration/service/dns.rst:341
msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
-#: ../../configuration/service/dns.rst:321
+#: ../../configuration/service/dns.rst:334
msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
+#: ../../configuration/system/updates.rst:17
+msgid "Configure a URL that contains information about images."
+msgstr "Configure a URL that contains information about images."
+
#: ../../configuration/system/flow-accounting.rst:158
msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
@@ -3311,7 +3304,7 @@ msgstr "Configure agent IP address associated with this interface."
msgid "Configure aggregation delay timer interval."
msgstr "Configure aggregation delay timer interval."
-#: ../../configuration/vpn/openconnect.rst:278
+#: ../../configuration/vpn/openconnect.rst:285
msgid "Configure an accounting server and enable accounting with:"
msgstr "Configure an accounting server and enable accounting with:"
@@ -3323,10 +3316,18 @@ msgstr "Configure and enable collection of flow information for the interface id
msgid "Configure and enable collection of flow information for the interface identified by `<interface>`."
msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`."
+#: ../../configuration/system/updates.rst:12
+msgid "Configure auto-checking for new images"
+msgstr "Configure auto-checking for new images"
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:114
msgid "Configure backend `<name>` mode TCP or HTTP"
msgstr "Configure backend `<name>` mode TCP or HTTP"
+#: ../../configuration/nat/nat66.rst:148
+msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+
#: ../../configuration/service/console-server.rst:49
msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
@@ -3339,75 +3340,16 @@ msgstr "Configure either seven or eight data bits. This defaults to eight data b
msgid "Configure individual bridge port `<priority>`."
msgstr "Configure individual bridge port `<priority>`."
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/pppoe.rst:223
#: ../../configuration/interfaces/pppoe.rst:269
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/sstp-client.rst:95
#: ../../_include/interface-ip.txt:59
#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
msgstr "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
msgid "Configure interface `<interface>` with one or more interface addresses."
msgstr "Configure interface `<interface>` with one or more interface addresses."
@@ -3439,7 +3381,7 @@ msgstr "Configure one or more attributes to the given NTP server."
msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
-#: ../../configuration/service/dns.rst:251
+#: ../../configuration/service/dns.rst:264
msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
@@ -3452,14 +3394,10 @@ msgid "Configure physical interface speed setting."
msgstr "Configure physical interface speed setting."
#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
@@ -3491,7 +3429,7 @@ msgstr "Configure service `<name>` mode TCP or HTTP"
msgid "Configure service `<name>` to use the backend <name>"
msgstr "Configure service `<name>` to use the backend <name>"
-#: ../../configuration/system/login.rst:392
+#: ../../configuration/system/login.rst:394
msgid "Configure session timeout after which the user will be logged out."
msgstr "Configure session timeout after which the user will be logged out."
@@ -3499,7 +3437,15 @@ msgstr "Configure session timeout after which the user will be logged out."
msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
-#: ../../configuration/service/dns.rst:234
+#: ../../configuration/nat/nat66.rst:182
+msgid "Configure the A-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the A-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/nat/nat66.rst:204
+msgid "Configure the B-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the B-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/service/dns.rst:247
msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
@@ -3524,26 +3470,13 @@ msgid "Configure the load-balancing reverse-proxy service for HTTP."
msgstr "Configure the load-balancing reverse-proxy service for HTTP."
#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
+#: ../../configuration/protocols/pim.rst:180
+msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+
#: ../../configuration/vrf/index.rst:28
msgid "Configured routing table `<id>` is used by VRF `<name>`."
msgstr "Configured routing table `<id>` is used by VRF `<name>`."
@@ -3556,7 +3489,7 @@ msgstr "Configured value"
msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
-#: ../../configuration/vpn/openconnect.rst:272
+#: ../../configuration/vpn/openconnect.rst:279
msgid "Configuring RADIUS accounting"
msgstr "Configuring RADIUS accounting"
@@ -3569,11 +3502,15 @@ msgstr "Configuring a listen-address is essential for the service to work."
msgid "Connect/Disconnect"
msgstr "Connect/Disconnect"
-#: ../../configuration/vpn/sstp.rst:144
+#: ../../configuration/vpn/sstp.rst:155
msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
#: ../../configuration/protocols/rpki.rst:129
+msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+
+#: ../../configuration/protocols/rpki.rst:129
msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
@@ -3585,10 +3522,18 @@ msgstr "Conntrack"
msgid "Conntrack Sync"
msgstr "Conntrack Sync"
-#: ../../configuration/service/conntrack-sync.rst:None
+#: ../../configuration/service/conntrack-sync.rst:-1
msgid "Conntrack Sync Example"
msgstr "Conntrack Sync Example"
+#: ../../configuration/system/conntrack.rst:178
+msgid "Conntrack ignore rules"
+msgstr "Conntrack ignore rules"
+
+#: ../../configuration/system/conntrack.rst:204
+msgid "Conntrack log"
+msgstr "Conntrack log"
+
#: ../../configuration/system/syslog.rst:21
msgid "Console"
msgstr "Console"
@@ -3605,6 +3550,10 @@ msgstr "Constrain the memory available to the container."
msgid "Container"
msgstr "Container"
+#: ../../configuration/system/conntrack.rst:65
+msgid "Contrack Timeouts"
+msgstr "Contrack Timeouts"
+
#: ../../configuration/nat/nat66.rst:98
msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
msgstr "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
@@ -3629,11 +3578,11 @@ msgstr "Creat community-list policy identified by name <text>."
msgid "Creat extcommunity-list policy identified by name <text>."
msgstr "Creat extcommunity-list policy identified by name <text>."
-#: ../../configuration/service/dhcp-server.rst:118
+#: ../../configuration/service/dhcp-server.rst:104
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
-#: ../../configuration/service/dhcp-server.rst:124
+#: ../../configuration/service/dhcp-server.rst:110
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
@@ -3657,16 +3606,11 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using
msgid "Create a load balancing rule, it can be a number between 1 and 9999:"
msgstr "Create a load balancing rule, it can be a number between 1 and 9999:"
-#: ../../configuration/service/dhcp-server.rst:218
+#: ../../configuration/service/dhcp-server.rst:183
msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
@@ -3714,6 +3658,22 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho
msgid "Create as-path-policy identified by name <text>."
msgstr "Create as-path-policy identified by name <text>."
+#: ../../configuration/firewall/flowtables.rst:64
+msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+
+#: ../../configuration/firewall/flowtables.rst:95
+msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:90
+msgid "Create firewall rule in forward chain, and set action to ``offload``."
+msgstr "Create firewall rule in forward chain, and set action to ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:61
+msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+
#: ../../configuration/policy/large-community-list.rst:17
msgid "Create large-community-list policy identified by name <text>."
msgstr "Create large-community-list policy identified by name <text>."
@@ -3726,7 +3686,7 @@ msgstr "Create named `<alias>` for the configured static mapping for `<hostname>
msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
msgstr "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
-#: ../../configuration/service/dns.rst:221
+#: ../../configuration/service/dns.rst:234
msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
@@ -3750,10 +3710,18 @@ msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broa
msgid "Creating a bridge interface is very simple. In this example, we will have:"
msgstr "Creating a bridge interface is very simple. In this example, we will have:"
+#: ../../configuration/firewall/flowtables.rst:67
+msgid "Creating a flow table:"
+msgstr "Creating a flow table:"
+
#: ../../configuration/trafficpolicy/index.rst:335
msgid "Creating a traffic policy"
msgstr "Creating a traffic policy"
+#: ../../configuration/firewall/flowtables.rst:85
+msgid "Creating rules for using flow tables:"
+msgstr "Creating rules for using flow tables:"
+
#: ../../configuration/system/syslog.rst:178
msgid "Critical"
msgstr "Critical"
@@ -3794,15 +3762,27 @@ msgstr "Currently dynamic routing is supported for the following protocols:"
msgid "Custom File"
msgstr "Custom File"
+#: ../../configuration/firewall/bridge.rst:44
+msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+
#: ../../configuration/firewall/general.rst:77
msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+#: ../../configuration/firewall/ipv4.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
+#: ../../configuration/firewall/ipv6.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
#: ../../configuration/highavailability/index.rst:373
msgid "Custom health-check script allows checking real-server availability"
msgstr "Custom health-check script allows checking real-server availability"
-#: ../../configuration/system/conntrack.rst:167
+#: ../../configuration/system/conntrack.rst:180
msgid "Customized ignore rules, based on a packet and flow selector."
msgstr "Customized ignore rules, based on a packet and flow selector."
@@ -3822,20 +3802,19 @@ msgstr "DHCP Relay"
msgid "DHCP Server"
msgstr "DHCP Server"
-#: ../../configuration/service/dhcp-server.rst:384
+#: ../../configuration/service/dhcp-server.rst:351
msgid "DHCP failover parameters"
msgstr "DHCP failover parameters"
-#: ../../configuration/service/dhcp-server.rst:374
+#: ../../configuration/service/dhcp-server.rst:341
msgid "DHCP lease range"
msgstr "DHCP lease range"
-#: ../../configuration/service/dhcp-server.rst:436
+#: ../../configuration/service/dhcp-server.rst:377
msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
#: ../../configuration/service/dhcp-relay.rst:96
-#: ../../configuration/service/dhcp-relay.rst:96
msgid "DHCP relay example"
msgstr "DHCP relay example"
@@ -3843,20 +3822,19 @@ msgstr "DHCP relay example"
msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
-#: ../../configuration/service/dhcp-server.rst:654
+#: ../../configuration/service/dhcp-server.rst:584
msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
-#: ../../configuration/service/dhcp-relay.rst:182
-#: ../../configuration/service/dhcp-relay.rst:182
+#: ../../configuration/service/dhcp-relay.rst:184
msgid "DHCPv6 relay example"
msgstr "DHCPv6 relay example"
-#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-relay.rst:176
msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
msgstr "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
-#: ../../configuration/nat/nat44.rst:735
+#: ../../configuration/nat/nat44.rst:757
msgid "DH Group 14"
msgstr "DH Group 14"
@@ -3884,11 +3862,11 @@ msgstr "DNAT"
msgid "DNAT66"
msgstr "DNAT66"
-#: ../../configuration/nat/nat44.rst:494
+#: ../../configuration/nat/nat44.rst:514
msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
msgstr "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
-#: ../../configuration/nat/nat44.rst:268
+#: ../../configuration/nat/nat44.rst:280
msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
msgstr "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
@@ -3909,11 +3887,11 @@ msgstr "DNS name servers"
msgid "DNS search list to advertise"
msgstr "DNS search list to advertise"
-#: ../../configuration/service/dhcp-server.rst:294
+#: ../../configuration/service/dhcp-server.rst:261
msgid "DNS server IPv4 address"
msgstr "DNS server IPv4 address"
-#: ../../configuration/service/dhcp-server.rst:661
+#: ../../configuration/service/dhcp-server.rst:591
msgid "DNS server is located at ``2001:db8::ffff``"
msgstr "DNS server is located at ``2001:db8::ffff``"
@@ -3925,8 +3903,8 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:"
msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
-#: ../../configuration/firewall/general.rst:714
-#: ../../configuration/firewall/general-legacy.rst:480
+#: ../../configuration/firewall/ipv4.rst:444
+#: ../../configuration/firewall/ipv6.rst:451
msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
@@ -3943,28 +3921,13 @@ msgid "Default"
msgstr "Default"
#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
msgid "Default: 1"
msgstr "Default: 1"
+#: ../../configuration/service/https.rst:42
+msgid "Default: 443"
+msgstr "Default: 443"
+
#: ../../configuration/protocols/failover.rst:58
msgid "Default 1."
msgstr "Default 1."
@@ -3977,11 +3940,11 @@ msgstr "Default Gateway/Route"
msgid "Default Router Preference"
msgstr "Default Router Preference"
-#: ../../configuration/vpn/sstp.rst:190
+#: ../../configuration/vpn/sstp.rst:201
msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
-#: ../../configuration/service/dhcp-server.rst:433
+#: ../../configuration/service/dhcp-server.rst:374
msgid "Default gateway and DNS server is at `192.0.2.254`"
msgstr "Default gateway and DNS server is at `192.0.2.254`"
@@ -3998,25 +3961,6 @@ msgid "Default is ``icmp``."
msgstr "Default is ``icmp``."
#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
msgid "Default is to detects physical link state changes."
msgstr "Default is to detects physical link state changes."
@@ -4044,36 +3988,31 @@ msgstr "Define Conection Timeouts"
msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
-#: ../../configuration/firewall/general.rst:225
-#: ../../configuration/firewall/general-legacy.rst:201
+#: ../../configuration/firewall/groups.rst:52
msgid "Define a IPv4 or IPv6 Network group."
msgstr "Define a IPv4 or IPv6 Network group."
-#: ../../configuration/firewall/general.rst:201
-#: ../../configuration/firewall/general-legacy.rst:177
+#: ../../configuration/firewall/groups.rst:28
msgid "Define a IPv4 or a IPv6 address group"
msgstr "Define a IPv4 or a IPv6 address group"
-#: ../../configuration/firewall/zone.rst:59
+#: ../../configuration/firewall/zone.rst:78
msgid "Define a Zone"
msgstr "Define a Zone"
-#: ../../configuration/nat/nat44.rst:246
+#: ../../configuration/nat/nat44.rst:258
msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
-#: ../../configuration/firewall/general.rst:306
-#: ../../configuration/firewall/general-legacy.rst:261
+#: ../../configuration/firewall/groups.rst:133
msgid "Define a domain group."
msgstr "Define a domain group."
-#: ../../configuration/firewall/general.rst:288
-#: ../../configuration/firewall/general-legacy.rst:246
+#: ../../configuration/firewall/groups.rst:115
msgid "Define a mac group."
msgstr "Define a mac group."
-#: ../../configuration/firewall/general.rst:268
-#: ../../configuration/firewall/general-legacy.rst:226
+#: ../../configuration/firewall/groups.rst:95
msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
@@ -4081,119 +4020,51 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service
msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
-#: ../../configuration/firewall/general.rst:245
+#: ../../configuration/firewall/groups.rst:72
msgid "Define an interface group. Wildcard are accepted too."
msgstr "Define an interface group. Wildcard are accepted too."
#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
msgstr "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
-#: ../../configuration/firewall/general.rst:476
-#: ../../configuration/firewall/general-legacy.rst:361
+#: ../../configuration/firewall/flowtables.rst:71
+msgid "Define interfaces to be used in the flowtable."
+msgstr "Define interfaces to be used in the flowtable."
+
+#: ../../configuration/firewall/bridge.rst:187
+#: ../../configuration/firewall/ipv4.rst:252
+#: ../../configuration/firewall/ipv6.rst:252
msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
-#: ../../configuration/firewall/general.rst:450
-#: ../../configuration/firewall/general-legacy.rst:347
+#: ../../configuration/firewall/bridge.rst:173
+#: ../../configuration/firewall/ipv4.rst:230
+#: ../../configuration/firewall/ipv6.rst:230
msgid "Define log-level. Only applicable if rule log is enable."
msgstr "Define log-level. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:463
-#: ../../configuration/firewall/general-legacy.rst:354
+#: ../../configuration/firewall/bridge.rst:180
+#: ../../configuration/firewall/ipv4.rst:241
+#: ../../configuration/firewall/ipv6.rst:241
msgid "Define log group to send message to. Only applicable if rule log is enable."
msgstr "Define log group to send message to. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:490
-#: ../../configuration/firewall/general-legacy.rst:369
+#: ../../configuration/firewall/bridge.rst:195
+#: ../../configuration/firewall/ipv4.rst:264
+#: ../../configuration/firewall/ipv6.rst:264
msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
@@ -4201,15 +4072,19 @@ msgstr "Define number of packets to queue inside the kernel before sending them
msgid "Define the time interval to update the local cache"
msgstr "Define the time interval to update the local cache"
-#: ../../configuration/firewall/zone.rst:70
+#: ../../configuration/firewall/zone.rst:89
msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
+#: ../../configuration/firewall/flowtables.rst:80
+msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+
#: ../../configuration/protocols/rpki.rst:114
msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
-#: ../../configuration/protocols/igmp.rst:202
+#: ../../configuration/protocols/igmp-proxy.rst:30
msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
msgstr "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
@@ -4233,7 +4108,7 @@ msgstr "Defines next-hop distance for this route, routes with smaller administra
msgid "Defines protocols for checking ARP, ICMP, TCP"
msgstr "Defines protocols for checking ARP, ICMP, TCP"
-#: ../../configuration/vpn/sstp.rst:167
+#: ../../configuration/vpn/sstp.rst:178
msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
@@ -4245,7 +4120,7 @@ msgstr "Defines the specified device as a system console. Available console devi
msgid "Defining Peers"
msgstr "Defining Peers"
-#: ../../configuration/service/dhcp-server.rst:649
+#: ../../configuration/service/dhcp-server.rst:579
msgid "Delegate prefixes from the range indicated by the start and stop qualifier."
msgstr "Delegate prefixes from the range indicated by the start and stop qualifier."
@@ -4282,7 +4157,6 @@ msgid "Depending on the location, not all of these channels may be available for
msgstr "Depending on the location, not all of these channels may be available for use!"
#: ../../configuration/service/router-advert.rst:1
-#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/system/syslog.rst:107
#: ../../configuration/system/syslog.rst:167
#: ../../configuration/trafficpolicy/index.rst:262
@@ -4297,11 +4171,11 @@ msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets
msgid "Despite the fact that AD is a superset of LDAP"
msgstr "Despite the fact that AD is a superset of LDAP"
-#: ../../configuration/nat/nat44.rst:261
+#: ../../configuration/nat/nat44.rst:273
msgid "Destination Address"
msgstr "Destination Address"
-#: ../../configuration/nat/nat44.rst:492
+#: ../../configuration/nat/nat44.rst:512
msgid "Destination NAT"
msgstr "Destination NAT"
@@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r
msgstr "Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6."
#: ../../configuration/nat/nat44.rst:71
+#: ../../configuration/nat/nat64.rst:21
#: ../../configuration/nat/nat66.rst:18
msgid "Different NAT Types"
msgstr "Different NAT Types"
@@ -4350,7 +4225,8 @@ msgstr "Disable a BFD peer"
msgid "Disable a container."
msgstr "Disable a container."
-#: ../../configuration/firewall/general.rst:1283
+#: ../../configuration/firewall/ipv4.rst:930
+#: ../../configuration/firewall/ipv6.rst:939
msgid "Disable conntrack loose track option"
msgstr "Disable conntrack loose track option"
@@ -4363,29 +4239,6 @@ msgid "Disable dhcpv6-relay service."
msgstr "Disable dhcpv6-relay service."
#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
@@ -4397,6 +4250,10 @@ msgstr "Disable immediate session reset if peer's connected link goes down."
msgid "Disable password based authentication. Login via SSH keys only. This hardens security!"
msgstr "Disable password based authentication. Login via SSH keys only. This hardens security!"
+#: ../../configuration/protocols/pim.rst:167
+msgid "Disable sending and receiving PIM control packets on the interface."
+msgstr "Disable sending and receiving PIM control packets on the interface."
+
#: ../../configuration/service/ssh.rst:64
msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
@@ -4413,7 +4270,7 @@ msgstr "Disable this IPv4 static route entry."
msgid "Disable this IPv6 static route entry."
msgstr "Disable this IPv6 static route entry."
-#: ../../configuration/protocols/igmp.rst:228
+#: ../../configuration/protocols/igmp-proxy.rst:56
msgid "Disable this service."
msgstr "Disable this service."
@@ -4437,7 +4294,7 @@ msgstr "Disables interface-based IPv4 static route."
msgid "Disables interface-based IPv6 static route."
msgstr "Disables interface-based IPv6 static route."
-#: ../../configuration/protocols/igmp.rst:215
+#: ../../configuration/protocols/igmp-proxy.rst:43
msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
msgstr "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
@@ -4534,25 +4391,6 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege
msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows."
#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
msgid "Do not assign a link-local IPv6 address to this interface."
msgstr "Do not assign a link-local IPv6 address to this interface."
@@ -4565,25 +4403,6 @@ msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP se
msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses."
#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
msgid "Does not need to be used together with proxy_arp."
msgstr "Does not need to be used together with proxy_arp."
@@ -4591,8 +4410,7 @@ msgstr "Does not need to be used together with proxy_arp."
msgid "Domain"
msgstr "Domain"
-#: ../../configuration/firewall/general.rst:300
-#: ../../configuration/firewall/general-legacy.rst:255
+#: ../../configuration/firewall/groups.rst:127
msgid "Domain Groups"
msgstr "Domain Groups"
@@ -4600,7 +4418,7 @@ msgstr "Domain Groups"
msgid "Domain Name"
msgstr "Domain Name"
-#: ../../configuration/service/https.rst:59
+#: ../../configuration/service/https.rst:50
msgid "Domain name(s) for which to obtain certificate"
msgstr "Domain name(s) for which to obtain certificate"
@@ -4608,6 +4426,10 @@ msgstr "Domain name(s) for which to obtain certificate"
msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
+#: ../../configuration/pki/index.rst:259
+msgid "Domain names to apply, multiple domain-names can be specified."
+msgstr "Domain names to apply, multiple domain-names can be specified."
+
#: ../../configuration/system/name-server.rst:13
#: ../../configuration/system/name-server.rst:45
msgid "Domain search order"
@@ -4617,15 +4439,15 @@ msgstr "Domain search order"
msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
-#: ../../configuration/protocols/bgp.rst:1171
+#: ../../configuration/protocols/bgp.rst:1172
msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/protocols/bgp.rst:1125
+#: ../../configuration/protocols/bgp.rst:1126
msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/vpn/site2site_ipsec.rst:295
+#: ../../configuration/vpn/site2site_ipsec.rst:299
msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
@@ -4657,7 +4479,7 @@ msgstr "Drop rate"
msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
-#: ../../configuration/service/pppoe-server.rst:380
+#: ../../configuration/service/pppoe-server.rst:367
msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
@@ -4665,7 +4487,7 @@ msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgid "Dummy"
msgstr "Dummy"
-#: ../../configuration/nat/nat44.rst:692
+#: ../../configuration/nat/nat44.rst:716
msgid "Dummy interface"
msgstr "Dummy interface"
@@ -4677,11 +4499,15 @@ msgstr "Dummy interfaces can be used as interfaces that always stay up (in the s
msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
+#: ../../configuration/pki/index.rst:285
+msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/service/ssh.rst:113
msgid "Dynamic-protection"
msgstr "Dynamic-protection"
-#: ../../configuration/service/dns.rst:199
+#: ../../configuration/service/dns.rst:212
msgid "Dynamic DNS"
msgstr "Dynamic DNS"
@@ -4689,7 +4515,7 @@ msgstr "Dynamic DNS"
msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
-#: ../../configuration/nat/nat44.rst:731
+#: ../../configuration/nat/nat44.rst:753
msgid "ESP Phase:"
msgstr "ESP Phase:"
@@ -4757,10 +4583,14 @@ msgstr "Each site-to-site peer has the next options:"
msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
-#: ../../configuration/service/https.rst:63
+#: ../../configuration/service/https.rst:54
msgid "Email address to associate with certificate"
msgstr "Email address to associate with certificate"
+#: ../../configuration/pki/index.rst:265
+msgid "Email used for registration and recovery contact."
+msgstr "Email used for registration and recovery contact."
+
#: ../../configuration/trafficpolicy/index.rst:300
msgid "Embedding one policy into another one"
msgstr "Embedding one policy into another one"
@@ -4809,6 +4639,10 @@ msgstr "Enable DHCP failover configuration for this address pool."
msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
+#: ../../configuration/system/frr.rst:24
+msgid "Enable ICMP Router Discovery Protocol support"
+msgstr "Enable ICMP Router Discovery Protocol support"
+
#: ../../configuration/interfaces/bridge.rst:81
msgid "Enable IGMP and MLD querier."
msgstr "Enable IGMP and MLD querier."
@@ -4817,23 +4651,23 @@ msgstr "Enable IGMP and MLD querier."
msgid "Enable IGMP and MLD snooping."
msgstr "Enable IGMP and MLD snooping."
-#: ../../configuration/service/dhcp-server.rst:304
+#: ../../configuration/service/dhcp-server.rst:271
msgid "Enable IP forwarding on client"
msgstr "Enable IP forwarding on client"
-#: ../../configuration/protocols/isis.rst:311
+#: ../../configuration/protocols/isis.rst:339
msgid "Enable IS-IS"
msgstr "Enable IS-IS"
-#: ../../configuration/protocols/isis.rst:427
+#: ../../configuration/protocols/isis.rst:455
msgid "Enable IS-IS and IGP-LDP synchronization"
msgstr "Enable IS-IS and IGP-LDP synchronization"
-#: ../../configuration/protocols/isis.rst:386
+#: ../../configuration/protocols/isis.rst:414
msgid "Enable IS-IS and redistribute routes not natively in IS-IS"
msgstr "Enable IS-IS and redistribute routes not natively in IS-IS"
-#: ../../configuration/protocols/isis.rst:465
+#: ../../configuration/protocols/isis.rst:493
#: ../../configuration/protocols/segment-routing.rst:193
msgid "Enable IS-IS with Segment Routing (Experimental)"
msgstr "Enable IS-IS with Segment Routing (Experimental)"
@@ -4883,6 +4717,10 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k
msgid "Enable SNMP queries of the LLDP database"
msgstr "Enable SNMP queries of the LLDP database"
+#: ../../configuration/system/frr.rst:28
+msgid "Enable SNMP support for an individual routing daemon."
+msgstr "Enable SNMP support for an individual routing daemon."
+
#: ../../configuration/interfaces/bridge.rst:197
#: ../../configuration/interfaces/bridge.rst:232
msgid "Enable STP"
@@ -4900,6 +4738,14 @@ msgstr "Enable VHT TXOP Power Save Mode"
msgid "Enable VLAN-Aware Bridge"
msgstr "Enable VLAN-Aware Bridge"
+#: ../../configuration/system/frr.rst:13
+msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+
+#: ../../configuration/service/https.rst:46
+msgid "Enable automatic redirect from http to https."
+msgstr "Enable automatic redirect from http to https."
+
#: ../../configuration/vpn/dmvpn.rst:132
msgid "Enable creation of shortcut routes."
msgstr "Enable creation of shortcut routes."
@@ -4916,18 +4762,22 @@ msgstr "Enable given legacy protocol on this LLDP instance. Legacy protocols inc
msgid "Enable layer 7 HTTP health check"
msgstr "Enable layer 7 HTTP health check"
-#: ../../configuration/firewall/general.rst:177
-#: ../../configuration/firewall/general-legacy.rst:126
+#: ../../configuration/firewall/bridge.rst:157
+#: ../../configuration/firewall/ipv4.rst:206
+#: ../../configuration/firewall/ipv6.rst:206
+msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+
+#: ../../configuration/firewall/global-options.rst:114
msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:169
-#: ../../configuration/firewall/general-legacy.rst:119
+#: ../../configuration/firewall/global-options.rst:106
msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:426
-#: ../../configuration/firewall/general-legacy.rst:340
+#: ../../configuration/firewall/ipv4.rst:173
+#: ../../configuration/firewall/ipv6.rst:173
msgid "Enable or disable logging for the matched packet."
msgstr "Enable or disable logging for the matched packet."
@@ -4935,28 +4785,9 @@ msgstr "Enable or disable logging for the matched packet."
msgid "Enable ospf on an interface and set associated area."
msgstr "Enable ospf on an interface and set associated area."
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/pppoe.rst:228
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/sstp-client.rst:100
#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
@@ -5002,18 +4833,22 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic
msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
-#: ../../configuration/vrf/index.rst:459
+#: ../../configuration/vrf/index.rst:461
msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
-#: ../../configuration/vpn/sstp.rst:266
+#: ../../configuration/vpn/sstp.rst:277
msgid "Enables bandwidth shaping via RADIUS."
msgstr "Enables bandwidth shaping via RADIUS."
-#: ../../configuration/vrf/index.rst:481
+#: ../../configuration/vrf/index.rst:483
msgid "Enables import or export of routes between the current unicast VRF and VPN."
msgstr "Enables import or export of routes between the current unicast VRF and VPN."
+#: ../../configuration/interfaces/vxlan.rst:72
+msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+
#: ../../configuration/protocols/bfd.rst:30
msgid "Enables the echo transmission mode"
msgstr "Enables the echo transmission mode"
@@ -5022,7 +4857,7 @@ msgstr "Enables the echo transmission mode"
msgid "Enabling Advertisments"
msgstr "Enabling Advertisments"
-#: ../../configuration/interfaces/openvpn.rst:627
+#: ../../configuration/interfaces/openvpn.rst:679
msgid "Enabling OpenVPN DCO"
msgstr "Enabling OpenVPN DCO"
@@ -5030,11 +4865,11 @@ msgstr "Enabling OpenVPN DCO"
msgid "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
msgstr "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
-#: ../../configuration/protocols/igmp.rst:224
+#: ../../configuration/protocols/igmp-proxy.rst:52
msgid "Enabling this function increases the risk of bandwidth saturation."
msgstr "Enabling this function increases the risk of bandwidth saturation."
-#: ../../configuration/service/https.rst:37
+#: ../../configuration/service/https.rst:73
msgid "Enforce strict path checking"
msgstr "Enforce strict path checking"
@@ -5051,25 +4886,6 @@ msgid "Enterprise installations usually ship a kind of directory service which i
msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend."
#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
@@ -5090,15 +4906,6 @@ msgid "Ethernet"
msgstr "Ethernet"
#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
msgstr "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
@@ -5130,7 +4937,7 @@ msgstr "Event handler script"
msgid "Event handler that monitors the state of interface eth0."
msgstr "Event handler that monitors the state of interface eth0."
-#: ../../configuration/nat/nat44.rst:221
+#: ../../configuration/nat/nat44.rst:233
msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
msgstr "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
@@ -5162,441 +4969,90 @@ msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which
msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
+#: ../../configuration/firewall/bridge.rst:321
#: ../../configuration/highavailability/index.rst:397
#: ../../configuration/interfaces/bonding.rst:291
#: ../../configuration/interfaces/l2tpv3.rst:86
#: ../../configuration/interfaces/pppoe.rst:323
#: ../../configuration/interfaces/virtual-ethernet.rst:92
-#: ../../configuration/interfaces/vxlan.rst:166
+#: ../../configuration/interfaces/vxlan.rst:187
#: ../../configuration/interfaces/wwan.rst:294
#: ../../configuration/protocols/failover.rst:63
-#: ../../configuration/protocols/igmp.rst:35
-#: ../../configuration/protocols/igmp.rst:233
+#: ../../configuration/protocols/igmp-proxy.rst:61
+#: ../../configuration/protocols/pim.rst:217
#: ../../configuration/protocols/rpki.rst:156
#: ../../configuration/service/broadcast-relay.rst:55
#: ../../configuration/service/conntrack-sync.rst:186
#: ../../configuration/service/dhcp-relay.rst:85
-#: ../../configuration/service/dhcp-relay.rst:172
-#: ../../configuration/service/dhcp-server.rst:421
-#: ../../configuration/service/dns.rst:147
-#: ../../configuration/service/dns.rst:263
+#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:276
#: ../../configuration/service/eventhandler.rst:83
#: ../../configuration/service/ipoe-server.rst:150
-#: ../../configuration/service/mdns.rst:34
+#: ../../configuration/service/mdns.rst:50
#: ../../configuration/service/monitoring.rst:134
#: ../../configuration/service/snmp.rst:94
#: ../../configuration/service/snmp.rst:145
#: ../../configuration/service/tftp-server.rst:47
#: ../../configuration/system/acceleration.rst:58
-#: ../../configuration/system/login.rst:395
+#: ../../configuration/system/login.rst:397
#: ../../configuration/system/name-server.rst:28
#: ../../configuration/system/name-server.rst:63
#: ../../configuration/system/sflow.rst:49
+#: ../../configuration/system/updates.rst:21
#: ../../configuration/trafficpolicy/index.rst:530
#: ../../configuration/trafficpolicy/index.rst:1122
#: ../../configuration/vpn/dmvpn.rst:161
#: ../../configuration/vpn/openconnect.rst:97
-#: ../../configuration/vpn/sstp.rst:275
+#: ../../configuration/vpn/sstp.rst:286
#: ../../configuration/vrf/index.rst:99
#: ../../configuration/vrf/index.rst:232
msgid "Example"
msgstr "Example"
-#: ../../configuration/service/pppoe-server.rst:144
+#: ../../configuration/service/pppoe-server.rst:131
msgid "Example, from radius-server send command for disconnect client with username test"
msgstr "Example, from radius-server send command for disconnect client with username test"
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-eapol.txt:18
-#: ../../_include/interface-eapol.txt:33
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/pppoe.rst:127
#: ../../configuration/interfaces/pppoe.rst:140
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/sstp-client.rst:49
#: ../../configuration/interfaces/sstp-client.rst:62
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
+#: ../../configuration/nat/nat44.rst:170
+#: ../../configuration/nat/nat44.rst:185
+#: ../../configuration/nat/nat44.rst:199
+#: ../../configuration/nat/nat44.rst:220
+#: ../../configuration/nat/nat44.rst:256
+#: ../../configuration/nat/nat44.rst:278
+#: ../../configuration/nat/nat44.rst:425
+#: ../../configuration/nat/nat66.rst:78
+#: ../../configuration/nat/nat66.rst:96
+#: ../../configuration/protocols/static.rst:174
+#: ../../configuration/service/dns.rst:363
+#: ../../configuration/service/monitoring.rst:69
+#: ../../configuration/service/monitoring.rst:98
+#: ../../configuration/service/ssh.rst:165
+#: ../../configuration/service/ssh.rst:200
+#: ../../configuration/system/flow-accounting.rst:164
+#: ../../configuration/vpn/l2tp.rst:41
+#: ../../configuration/vpn/site2site_ipsec.rst:162
+#: ../../configuration/vpn/site2site_ipsec.rst:273
#: ../../_include/interface-address-with-dhcp.txt:22
+#: ../../_include/interface-address.txt:9
#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
#: ../../_include/interface-dhcp-options.txt:10
#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
+#: ../../_include/interface-dhcp-options.txt:39
+#: ../../_include/interface-dhcp-options.txt:51
+#: ../../_include/interface-dhcp-options.txt:62
+#: ../../_include/interface-dhcp-options.txt:77
+#: ../../_include/interface-dhcp-options.txt:91
#: ../../_include/interface-disable-flow-control.txt:19
#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
+#: ../../_include/interface-eapol.txt:18
+#: ../../_include/interface-eapol.txt:33
#: ../../_include/interface-ip.txt:27
#: ../../_include/interface-ip.txt:50
#: ../../_include/interface-ip.txt:144
@@ -5606,120 +5062,22 @@ msgstr "Example, from radius-server send command for disconnect client with user
#: ../../_include/interface-ipv6.txt:51
#: ../../_include/interface-ipv6.txt:83
#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
#: ../../_include/interface-mac.txt:7
#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
+#: ../../_include/interface-per-client-thread.txt:10
#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../configuration/nat/nat44.rst:153
-#: ../../configuration/nat/nat44.rst:163
-#: ../../configuration/nat/nat44.rst:173
-#: ../../configuration/nat/nat44.rst:187
-#: ../../configuration/nat/nat44.rst:208
-#: ../../configuration/nat/nat44.rst:244
-#: ../../configuration/nat/nat44.rst:266
-#: ../../configuration/nat/nat44.rst:411
-#: ../../configuration/nat/nat66.rst:78
-#: ../../configuration/nat/nat66.rst:96
-#: ../../configuration/protocols/static.rst:174
-#: ../../configuration/service/dns.rst:350
-#: ../../configuration/service/monitoring.rst:69
-#: ../../configuration/service/monitoring.rst:98
-#: ../../configuration/service/ssh.rst:165
-#: ../../configuration/service/ssh.rst:200
-#: ../../configuration/system/flow-accounting.rst:164
-#: ../../configuration/vpn/l2tp.rst:41
-#: ../../configuration/vpn/site2site_ipsec.rst:158
-#: ../../configuration/vpn/site2site_ipsec.rst:269
msgid "Example:"
msgstr "Example:"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
-#: ../../configuration/nat/nat44.rst:357
+#: ../../configuration/nat/nat44.rst:371
msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
msgstr "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
msgstr "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
@@ -5769,24 +5127,24 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is `
msgid "Example Configuration"
msgstr "Example Configuration"
-#: ../../configuration/service/dns.rst:365
+#: ../../configuration/service/dns.rst:378
msgid "Example IPv6 only:"
msgstr "Example IPv6 only:"
-#: ../../configuration/nat/nat44.rst:666
+#: ../../configuration/nat/nat44.rst:690
msgid "Example Network"
msgstr "Example Network"
-#: ../../configuration/firewall/general.rst:1495
-#: ../../configuration/firewall/general-legacy.rst:979
+#: ../../configuration/firewall/ipv4.rst:1130
+#: ../../configuration/firewall/ipv6.rst:1153
msgid "Example Partial Config"
msgstr "Example Partial Config"
-#: ../../configuration/protocols/ospf.rst:1346
+#: ../../configuration/protocols/ospf.rst:1348
msgid "Example configuration for WireGuard interfaces:"
msgstr "Example configuration for WireGuard interfaces:"
-#: ../../configuration/service/pppoe-server.rst:160
+#: ../../configuration/service/pppoe-server.rst:147
msgid "Example for changing rate-limit via RADIUS CoA."
msgstr "Example for changing rate-limit via RADIUS CoA."
@@ -5794,28 +5152,31 @@ msgstr "Example for changing rate-limit via RADIUS CoA."
msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
-#: ../../configuration/nat/nat44.rst:280
+#: ../../configuration/nat/nat44.rst:292
msgid "Example of redirection:"
msgstr "Example of redirection:"
-#: ../../configuration/firewall/general.rst:1278
+#: ../../configuration/firewall/ipv4.rst:925
+#: ../../configuration/firewall/ipv6.rst:934
msgid "Example synproxy"
msgstr "Example synproxy"
+#: ../../configuration/firewall/groups.rst:145
#: ../../configuration/interfaces/bridge.rst:187
#: ../../configuration/interfaces/macsec.rst:153
#: ../../configuration/interfaces/wireless.rst:541
#: ../../configuration/loadbalancing/reverse-proxy.rst:187
#: ../../configuration/policy/index.rst:46
-#: ../../configuration/protocols/bgp.rst:1095
-#: ../../configuration/protocols/isis.rst:308
+#: ../../configuration/protocols/bgp.rst:1096
+#: ../../configuration/protocols/isis.rst:336
#: ../../configuration/protocols/ospf.rst:834
-#: ../../configuration/service/pppoe-server.rst:356
+#: ../../configuration/service/pppoe-server.rst:343
#: ../../configuration/service/webproxy.rst:419
msgid "Examples"
msgstr "Examples"
-#: ../../configuration/vpn/site2site_ipsec.rst:153
+#: ../../configuration/nat/nat44.rst:154
+#: ../../configuration/vpn/site2site_ipsec.rst:157
msgid "Examples:"
msgstr "Examples:"
@@ -5847,11 +5208,15 @@ msgstr "Exit policy on match: go to rule <1-65535>"
msgid "Expedited forwarding (EF)"
msgstr "Expedited forwarding (EF)"
+#: ../../configuration/firewall/flowtables.rst:140
+msgid "Explanation"
+msgstr "Explanation"
+
#: ../../configuration/service/salt-minion.rst:33
msgid "Explicitly declare ID for this minion to use (default: hostname)"
msgstr "Explicitly declare ID for this minion to use (default: hostname)"
-#: ../../configuration/service/dhcp-relay.rst:176
+#: ../../configuration/service/dhcp-relay.rst:178
msgid "External DHCPv6 server is at 2001:db8::4"
msgstr "External DHCPv6 server is at 2001:db8::4"
@@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds
msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
+#: ../../configuration/system/frr.rst:5
+msgid "FRR"
+msgstr "FRR"
+
#: ../../configuration/protocols/ospf.rst:213
msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
msgstr "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
-#: ../../configuration/interfaces/vxlan.rst:138
+#: ../../configuration/interfaces/vxlan.rst:159
msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
@@ -5905,8 +5274,8 @@ msgstr "Facility Code"
#: ../../configuration/loadbalancing/wan.rst:218
#: ../../configuration/protocols/failover.rst:3
-#: ../../configuration/service/dhcp-server.rst:171
-#: ../../configuration/service/dhcp-server.rst:428
+#: ../../configuration/service/dhcp-server.rst:136
+#: ../../configuration/service/dhcp-server.rst:369
msgid "Failover"
msgstr "Failover"
@@ -5942,15 +5311,15 @@ msgstr "Features of the Current Implementation"
msgid "Field"
msgstr "Field"
-#: ../../configuration/service/dns.rst:228
+#: ../../configuration/service/dns.rst:241
msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
-#: ../../configuration/service/pppoe-server.rst:241
+#: ../../configuration/service/pppoe-server.rst:228
msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
-#: ../../configuration/service/pppoe-server.rst:167
+#: ../../configuration/service/pppoe-server.rst:154
msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
@@ -5982,6 +5351,14 @@ msgstr "Firewall"
msgid "Firewall-Legacy"
msgstr "Firewall-Legacy"
+#: ../../configuration/firewall/ipv4.rst:72
+msgid "Firewall - IPv4 Rules"
+msgstr "Firewall - IPv4 Rules"
+
+#: ../../configuration/firewall/ipv6.rst:72
+msgid "Firewall - IPv6 Rules"
+msgstr "Firewall - IPv6 Rules"
+
#: ../../configuration/firewall/general.rst:7
msgid "Firewall Configuration"
msgstr "Firewall Configuration"
@@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration"
msgid "Firewall Configuration (Deprecated)"
msgstr "Firewall Configuration (Deprecated)"
-#: ../../configuration/firewall/general.rst:495
+#: ../../configuration/firewall/bridge.rst:199
+#: ../../configuration/firewall/ipv4.rst:268
+#: ../../configuration/firewall/ipv6.rst:268
msgid "Firewall Description"
msgstr "Firewall Description"
@@ -5999,7 +5378,9 @@ msgstr "Firewall Description"
msgid "Firewall Exceptions"
msgstr "Firewall Exceptions"
-#: ../../configuration/firewall/general.rst:410
+#: ../../configuration/firewall/bridge.rst:149
+#: ../../configuration/firewall/ipv4.rst:196
+#: ../../configuration/firewall/ipv6.rst:196
msgid "Firewall Logs"
msgstr "Firewall Logs"
@@ -6007,6 +5388,14 @@ msgstr "Firewall Logs"
msgid "Firewall Rules"
msgstr "Firewall Rules"
+#: ../../configuration/firewall/groups.rst:7
+msgid "Firewall groups"
+msgstr "Firewall groups"
+
+#: ../../configuration/firewall/groups.rst:13
+msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+
#: ../../configuration/firewall/general.rst:186
msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
@@ -6023,10 +5412,14 @@ msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark``
msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
-#: ../../configuration/nat/nat44.rst:620
+#: ../../configuration/nat/nat44.rst:644
msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
msgstr "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
+#: ../../configuration/nat/nat44.rst:572
+msgid "Firewall rules for Destination NAT"
+msgstr "Firewall rules for Destination NAT"
+
#: ../../configuration/interfaces/wwan.rst:321
msgid "Firmware Update"
msgstr "Firmware Update"
@@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi
msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
msgstr "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
-#: ../../configuration/nat/nat44.rst:635
+#: ../../configuration/nat/nat44.rst:659
msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
@@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu
msgid "First steps"
msgstr "First steps"
-#: ../../configuration/vpn/openconnect.rst:171
+#: ../../configuration/vpn/openconnect.rst:178
msgid "First the OTP keys must be generated and sent to the user and to the configuration:"
msgstr "First the OTP keys must be generated and sent to the user and to the configuration:"
@@ -6103,10 +5496,30 @@ msgstr "Flow and packet-based balancing"
msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
+#: ../../configuration/firewall/flowtables.rst:57
+msgid "Flowtable Configuration"
+msgstr "Flowtable Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:7
+msgid "Flowtables Firewall Configuration"
+msgstr "Flowtables Firewall Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:32
+msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+
#: ../../configuration/loadbalancing/wan.rst:244
msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
+#: ../../configuration/service/ssh.rst:236
+msgid "Follow the SSH dynamic-protection log."
+msgstr "Follow the SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:228
+msgid "Follow the SSH server log."
+msgstr "Follow the SSH server log."
+
#: ../../configuration/vpn/openconnect.rst:102
msgid "Follow the instructions to generate CA cert (in configuration mode):"
msgstr "Follow the instructions to generate CA cert (in configuration mode):"
@@ -6115,6 +5528,10 @@ msgstr "Follow the instructions to generate CA cert (in configuration mode):"
msgid "Follow the instructions to generate server cert (in configuration mode):"
msgstr "Follow the instructions to generate server cert (in configuration mode):"
+#: ../../configuration/service/mdns.rst:91
+msgid "Follow the logs for mDNS repeater service."
+msgstr "Follow the logs for mDNS repeater service."
+
#: ../../configuration/interfaces/openvpn.rst:258
msgid "For Encryption:"
msgstr "For Encryption:"
@@ -6131,11 +5548,11 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router
msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
-#: ../../configuration/service/pppoe-server.rst:201
+#: ../../configuration/service/pppoe-server.rst:188
msgid "For Local Users"
msgstr "For Local Users"
-#: ../../configuration/service/pppoe-server.rst:236
+#: ../../configuration/service/pppoe-server.rst:223
msgid "For RADIUS users"
msgstr "For RADIUS users"
@@ -6147,11 +5564,11 @@ msgstr "For USB port information please refor to: :ref:`hardware_usb`."
msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
msgstr "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
-#: ../../configuration/nat/nat44.rst:263
+#: ../../configuration/nat/nat44.rst:275
msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
msgstr "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
-#: ../../configuration/nat/nat44.rst:228
+#: ../../configuration/nat/nat44.rst:240
msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
@@ -6163,7 +5580,7 @@ msgstr "For a headstart you can use the below example on how to build a bond,por
msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
-#: ../../configuration/nat/nat44.rst:248
+#: ../../configuration/nat/nat44.rst:260
msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
msgstr "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
@@ -6187,7 +5604,9 @@ msgstr "For example:"
msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
-#: ../../configuration/firewall/general.rst:320
+#: ../../configuration/firewall/bridge.rst:58
+#: ../../configuration/firewall/ipv4.rst:74
+#: ../../configuration/firewall/ipv6.rst:74
msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
@@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc
msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
msgstr "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
-#: ../../configuration/service/pppoe-server.rst:312
+#: ../../configuration/service/pppoe-server.rst:299
msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
-#: ../../configuration/interfaces/vxlan.rst:131
+#: ../../configuration/interfaces/vxlan.rst:152
msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
@@ -6235,7 +5654,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead
msgid "For outbound updates the order of preference is:"
msgstr "For outbound updates the order of preference is:"
-#: ../../configuration/firewall/general.rst:497
+#: ../../configuration/firewall/bridge.rst:201
+msgid "For reference, a description can be defined for every defined custom chain."
+msgstr "For reference, a description can be defined for every defined custom chain."
+
+#: ../../configuration/firewall/ipv4.rst:270
+#: ../../configuration/firewall/ipv6.rst:270
msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."
msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain."
@@ -6279,10 +5703,28 @@ msgstr "For the sake of demonstration, `example #1 in the official documentation
msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+
+#: ../../configuration/firewall/ipv4.rst:46
+#: ../../configuration/firewall/ipv6.rst:46
+msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+
#: ../../configuration/firewall/general.rst:69
msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
+#: ../../configuration/firewall/ipv4.rst:36
+#: ../../configuration/firewall/ipv6.rst:36
+msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+
#: ../../configuration/firewall/general.rst:62
msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
@@ -6315,6 +5757,14 @@ msgstr "From :rfc:`1930`:"
msgid "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
msgstr "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
+#: ../../configuration/firewall/bridge.rst:21
+#: ../../configuration/firewall/flowtables.rst:20
+#: ../../configuration/firewall/ipv4.rst:19
+#: ../../configuration/firewall/ipv6.rst:19
+#: ../../configuration/firewall/zone.rst:31
+msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+
#: ../../configuration/highavailability/index.rst:380
msgid "Fwmark"
msgstr "Fwmark"
@@ -6369,6 +5819,10 @@ msgstr "General"
msgid "General Configuration"
msgstr "General Configuration"
+#: ../../configuration/firewall/bridge.rst:291
+msgid "General commands for firewall configuration, counter and statiscits:"
+msgstr "General commands for firewall configuration, counter and statiscits:"
+
#: ../../configuration/interfaces/wireguard.rst:29
msgid "Generate Keypair"
msgstr "Generate Keypair"
@@ -6424,6 +5878,10 @@ msgstr "Get an overview over the encryption counters."
msgid "Get detailed information about LLDP neighbors."
msgstr "Get detailed information about LLDP neighbors."
+#: ../../configuration/nat/nat66.rst:160
+msgid "Get the DHCPv6-PD prefixes from both routers:"
+msgstr "Get the DHCPv6-PD prefixes from both routers:"
+
#: ../../configuration/protocols/rpki.rst:39
msgid "Getting started"
msgstr "Getting started"
@@ -6444,6 +5902,10 @@ msgstr "Gloabal"
msgid "Global Options"
msgstr "Global Options"
+#: ../../configuration/firewall/global-options.rst:7
+msgid "Global Options Firewall Configuration"
+msgstr "Global Options Firewall Configuration"
+
#: ../../configuration/highavailability/index.rst:224
msgid "Global options"
msgstr "Global options"
@@ -6465,7 +5927,6 @@ msgstr "Graceful Restart"
msgid "Gratuitous ARP"
msgstr "Gratuitous ARP"
-#: ../../configuration/firewall/general.rst:184
#: ../../configuration/firewall/general-legacy.rst:153
msgid "Groups"
msgstr "Groups"
@@ -6482,7 +5943,11 @@ msgstr "HQ's router requires the following steps to generate crypto materials fo
msgid "HTTP-API"
msgstr "HTTP-API"
-#: ../../configuration/service/dns.rst:304
+#: ../../configuration/service/https.rst:5
+msgid "HTTP API"
+msgstr "HTTP API"
+
+#: ../../configuration/service/dns.rst:317
msgid "HTTP based services"
msgstr "HTTP based services"
@@ -6499,11 +5964,11 @@ msgstr "HTTP client"
msgid "HT (High Throughput) capabilities (802.11n)"
msgstr "HT (High Throughput) capabilities (802.11n)"
-#: ../../configuration/nat/nat44.rst:398
+#: ../../configuration/nat/nat44.rst:412
msgid "Hairpin NAT/NAT Reflection"
msgstr "Hairpin NAT/NAT Reflection"
-#: ../../configuration/service/dhcp-server.rst:643
+#: ../../configuration/service/dhcp-server.rst:573
msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
@@ -6511,7 +5976,7 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe
msgid "Handling and monitoring"
msgstr "Handling and monitoring"
-#: ../../configuration/nat/nat44.rst:389
+#: ../../configuration/nat/nat44.rst:403
msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
@@ -6527,15 +5992,15 @@ msgstr "Health check scripts"
msgid "Health checks"
msgstr "Health checks"
-#: ../../configuration/nat/nat44.rst:602
+#: ../../configuration/nat/nat44.rst:626
msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
-#: ../../configuration/nat/nat44.rst:668
+#: ../../configuration/nat/nat44.rst:692
msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
msgstr "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
-#: ../../configuration/protocols/isis.rst:357
+#: ../../configuration/protocols/isis.rst:385
msgid "Here's the IP routes that are populated. Just the loopback:"
msgstr "Here's the IP routes that are populated. Just the loopback:"
@@ -6563,37 +6028,22 @@ msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:"
msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
-#: ../../configuration/protocols/isis.rst:523
+#: ../../configuration/firewall/groups.rst:150
+msgid "Here is an example were multiple groups are created:"
+msgstr "Here is an example were multiple groups are created:"
+
+#: ../../configuration/protocols/isis.rst:551
#: ../../configuration/protocols/ospf.rst:1036
#: ../../configuration/protocols/segment-routing.rst:251
#: ../../configuration/protocols/segment-routing.rst:330
msgid "Here is the routing tables showing the MPLS segment routing label operations:"
msgstr "Here is the routing tables showing the MPLS segment routing label operations:"
-#: ../../configuration/nat/nat44.rst:633
+#: ../../configuration/nat/nat44.rst:657
msgid "Here we provide two examples on how to apply NAT Load Balance."
msgstr "Here we provide two examples on how to apply NAT Load Balance."
#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
msgid "Hewlett-Packard call it Source-Port filtering or port-isolation"
msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation"
@@ -6624,7 +6074,7 @@ msgstr "Host Information"
msgid "Host name"
msgstr "Host name"
-#: ../../configuration/service/dhcp-server.rst:698
+#: ../../configuration/service/dhcp-server.rst:630
msgid "Host specific mapping shall be named ``client1``"
msgstr "Host specific mapping shall be named ``client1``"
@@ -6677,17 +6127,10 @@ msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in
msgstr "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network."
#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
msgstr "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
@@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard tha
msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
msgstr "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
-#: ../../configuration/protocols/igmp.rst:179
+#: ../../configuration/protocols/pim.rst:176
+msgid "IGMP - Internet Group Management Protocol)"
+msgstr "IGMP - Internet Group Management Protocol)"
+
+#: ../../configuration/protocols/igmp-proxy.rst:7
msgid "IGMP Proxy"
msgstr "IGMP Proxy"
-#: ../../configuration/nat/nat44.rst:726
+#: ../../configuration/nat/nat44.rst:748
msgid "IKE Phase:"
msgstr "IKE Phase:"
@@ -6711,11 +6158,11 @@ msgstr "IKE (Internet Key Exchange) Attributes"
msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
-#: ../../configuration/vpn/site2site_ipsec.rst:156
+#: ../../configuration/vpn/site2site_ipsec.rst:160
msgid "IKEv1"
msgstr "IKEv1"
-#: ../../configuration/vpn/site2site_ipsec.rst:267
+#: ../../configuration/vpn/site2site_ipsec.rst:271
msgid "IKEv2"
msgstr "IKEv2"
@@ -6739,11 +6186,11 @@ msgstr "IPIP6"
msgid "IPSec:"
msgstr "IPSec:"
-#: ../../configuration/nat/nat44.rst:722
+#: ../../configuration/nat/nat44.rst:744
msgid "IPSec IKE and ESP"
msgstr "IPSec IKE and ESP"
-#: ../../configuration/nat/nat44.rst:687
+#: ../../configuration/nat/nat44.rst:711
msgid "IPSec IKE and ESP Groups;"
msgstr "IPSec IKE and ESP Groups;"
@@ -6751,19 +6198,19 @@ msgstr "IPSec IKE and ESP Groups;"
msgid "IPSec IKEv2 Remote Access VPN"
msgstr "IPSec IKEv2 Remote Access VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN"
msgstr "IPSec IKEv2 site2site VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
-#: ../../configuration/nat/nat44.rst:758
+#: ../../configuration/nat/nat44.rst:780
msgid "IPSec VPN Tunnels"
msgstr "IPSec VPN Tunnels"
-#: ../../configuration/nat/nat44.rst:688
+#: ../../configuration/nat/nat44.rst:712
msgid "IPSec VPN tunnels."
msgstr "IPSec VPN tunnels."
@@ -6771,7 +6218,7 @@ msgstr "IPSec VPN tunnels."
msgid "IP address"
msgstr "IP address"
-#: ../../configuration/service/dhcp-server.rst:237
+#: ../../configuration/service/dhcp-server.rst:202
msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
@@ -6780,19 +6227,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named
msgid "IP address ``192.168.2.1/24``"
msgstr "IP address ``192.168.2.1/24``"
-#: ../../configuration/service/dhcp-server.rst:319
+#: ../../configuration/service/dhcp-server.rst:286
msgid "IP address for DHCP server identifier"
msgstr "IP address for DHCP server identifier"
-#: ../../configuration/service/dhcp-server.rst:309
+#: ../../configuration/service/dhcp-server.rst:276
msgid "IP address of NTP server"
msgstr "IP address of NTP server"
-#: ../../configuration/service/dhcp-server.rst:349
+#: ../../configuration/service/dhcp-server.rst:316
msgid "IP address of POP3 server"
msgstr "IP address of POP3 server"
-#: ../../configuration/service/dhcp-server.rst:344
+#: ../../configuration/service/dhcp-server.rst:311
msgid "IP address of SMTP server"
msgstr "IP address of SMTP server"
@@ -6808,7 +6255,7 @@ msgstr "IP address of route to match, based on prefix-list."
msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/dhcp-server.rst:379
+#: ../../configuration/service/dhcp-server.rst:346
msgid "IP address to exclude from DHCP lease range"
msgstr "IP address to exclude from DHCP lease range"
@@ -6884,19 +6331,23 @@ msgstr "IPsec"
msgid "IPsec policy matching GRE"
msgstr "IPsec policy matching GRE"
-#: ../../configuration/service/pppoe-server.rst:359
+#: ../../configuration/service/pppoe-server.rst:346
msgid "IPv4"
msgstr "IPv4"
-#: ../../configuration/interfaces/vxlan.rst:85
+#: ../../configuration/interfaces/vxlan.rst:106
msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
-#: ../../configuration/service/dhcp-server.rst:324
+#: ../../configuration/firewall/ipv4.rst:7
+msgid "IPv4 Firewall Configuration"
+msgstr "IPv4 Firewall Configuration"
+
+#: ../../configuration/service/dhcp-server.rst:291
msgid "IPv4 address of next bootstrap server"
msgstr "IPv4 address of next bootstrap server"
-#: ../../configuration/service/dhcp-server.rst:284
+#: ../../configuration/service/dhcp-server.rst:251
msgid "IPv4 address of router on the client's subnet"
msgstr "IPv4 address of router on the client's subnet"
@@ -6904,7 +6355,7 @@ msgstr "IPv4 address of router on the client's subnet"
msgid "IPv4 or IPv6 source address of NetFlow packets"
msgstr "IPv4 or IPv6 source address of NetFlow packets"
-#: ../../configuration/protocols/bgp.rst:1098
+#: ../../configuration/protocols/bgp.rst:1099
msgid "IPv4 peering"
msgstr "IPv4 peering"
@@ -6925,7 +6376,7 @@ msgid "IPv4 server"
msgstr "IPv4 server"
#: ../../configuration/interfaces/pppoe.rst:244
-#: ../../configuration/service/pppoe-server.rst:280
+#: ../../configuration/service/pppoe-server.rst:267
#: ../../configuration/system/ipv6.rst:3
msgid "IPv6"
msgstr "IPv6"
@@ -6942,11 +6393,15 @@ msgstr "IPv6 DHCPv6-PD Example"
msgid "IPv6 DNS addresses are optional."
msgstr "IPv6 DNS addresses are optional."
+#: ../../configuration/firewall/ipv6.rst:7
+msgid "IPv6 Firewall Configuration"
+msgstr "IPv6 Firewall Configuration"
+
#: ../../configuration/protocols/pim6.rst:5
msgid "IPv6 Multicast"
msgstr "IPv6 Multicast"
-#: ../../configuration/service/pppoe-server.rst:295
+#: ../../configuration/service/pppoe-server.rst:282
msgid "IPv6 Prefix Delegation"
msgstr "IPv6 Prefix Delegation"
@@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC and IA-PD"
msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
-#: ../../configuration/service/dhcp-server.rst:696
+#: ../../configuration/service/dhcp-server.rst:628
msgid "IPv6 address ``2001:db8::101`` shall be statically mapped"
msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped"
@@ -6978,11 +6433,11 @@ msgstr "IPv6 address of route to match, based on IPv6 prefix-list."
msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/pppoe-server.rst:283
+#: ../../configuration/service/pppoe-server.rst:270
msgid "IPv6 client's prefix assignment"
msgstr "IPv6 client's prefix assignment"
-#: ../../configuration/protocols/bgp.rst:1143
+#: ../../configuration/protocols/bgp.rst:1144
msgid "IPv6 peering"
msgstr "IPv6 peering"
@@ -6990,7 +6445,7 @@ msgstr "IPv6 peering"
msgid "IPv6 prefix."
msgstr "IPv6 prefix."
-#: ../../configuration/service/dhcp-server.rst:697
+#: ../../configuration/service/dhcp-server.rst:629
msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
@@ -7002,7 +6457,7 @@ msgstr "IPv6 relay"
msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
-#: ../../configuration/service/dhcp-server.rst:578
+#: ../../configuration/service/dhcp-server.rst:502
msgid "IPv6 server"
msgstr "IPv6 server"
@@ -7022,11 +6477,11 @@ msgstr "IS-IS Global Configuration"
msgid "IS-IS SR Configuration"
msgstr "IS-IS SR Configuration"
-#: ../../configuration/service/dhcp-server.rst:266
+#: ../../configuration/service/dhcp-server.rst:233
msgid "ISC-DHCP Option name"
msgstr "ISC-DHCP Option name"
-#: ../../configuration/vpn/openconnect.rst:226
+#: ../../configuration/vpn/openconnect.rst:233
msgid "Identity Based Configuration"
msgstr "Identity Based Configuration"
@@ -7043,10 +6498,17 @@ msgid "If CA is present, this certificate will be included in generated CRLs"
msgstr "If CA is present, this certificate will be included in generated CRLs"
#: ../../_include/interface-per-client-thread.txt:8
-#: ../../_include/interface-per-client-thread.txt:8
msgid "If CLI option is not specified, this feature is disabled."
msgstr "If CLI option is not specified, this feature is disabled."
+#: ../../configuration/protocols/pim.rst:35
+msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+
+#: ../../configuration/protocols/pim.rst:42
+msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+
#: ../../configuration/protocols/bgp.rst:225
msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
@@ -7072,7 +6534,9 @@ msgstr "If a response is heard, the lease is abandoned, and the server does not
msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
-#: ../../configuration/firewall/general.rst:329
+#: ../../configuration/firewall/bridge.rst:67
+#: ../../configuration/firewall/ipv4.rst:83
+#: ../../configuration/firewall/ipv6.rst:83
msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
@@ -7088,72 +6552,19 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918
msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
+#: ../../configuration/protocols/pim.rst:106
+msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
#: ../../_include/interface-ip.txt:72
msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
msgstr "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
msgid "If configured, reply only if the target IP address is local address configured on the incoming interface."
msgstr "If configured, reply only if the target IP address is local address configured on the incoming interface."
#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
msgstr "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
@@ -7161,7 +6572,7 @@ msgstr "If configured, try to avoid local addresses that are not in the target's
msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
-#: ../../configuration/nat/nat44.rst:542
+#: ../../configuration/nat/nat44.rst:564
msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
@@ -7169,7 +6580,15 @@ msgstr "If forwarding traffic to a different port than it is arriving on, you ma
msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
-#: ../../configuration/protocols/igmp.rst:221
+#: ../../configuration/firewall/index.rst:82
+msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:25
+msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+
+#: ../../configuration/protocols/igmp-proxy.rst:49
msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
@@ -7193,7 +6612,7 @@ msgstr "If multi-pathing is enabled, then check whether the routes not yet disti
msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
-#: ../../configuration/nat/nat44.rst:205
+#: ../../configuration/nat/nat44.rst:217
msgid "If no destination is specified the rule will match on any destination address and port."
msgstr "If no destination is specified the rule will match on any destination address and port."
@@ -7206,52 +6625,18 @@ msgid "If no option is specified, this defaults to `all`."
msgstr "If no option is specified, this defaults to `all`."
#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
msgstr "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
+#: ../../configuration/protocols/pim.rst:142
+msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+
#: ../../configuration/system/ip.rst:17
msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
@@ -7260,25 +6645,6 @@ msgid "If suffix is omitted, minutes are implied."
msgstr "If suffix is omitted, minutes are implied."
#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
msgstr "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
@@ -7318,6 +6684,14 @@ msgstr "If the average queue size is lower than the **min-threshold**, an arrivi
msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
+#: ../../configuration/firewall/index.rst:83
+msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:26
+msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+
#: ../../configuration/interfaces/bonding.rst:187
#: ../../configuration/interfaces/bonding.rst:216
msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash."
@@ -7339,7 +6713,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack
msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
-#: ../../configuration/vpn/site2site_ipsec.rst:237
+#: ../../configuration/vpn/site2site_ipsec.rst:241
msgid "If there is SNAT rules on eth1, need to add exclude rule"
msgstr "If there is SNAT rules on eth1, need to add exclude rule"
@@ -7348,7 +6722,7 @@ msgstr "If there is SNAT rules on eth1, need to add exclude rule"
msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
msgstr "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
-#: ../../configuration/service/dhcp-relay.rst:166
+#: ../../configuration/service/dhcp-relay.rst:168
msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
@@ -7356,53 +6730,15 @@ msgstr "If this is set the relay agent will insert the interface ID. This option
msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
-#: ../../configuration/vpn/sstp.rst:172
+#: ../../configuration/vpn/sstp.rst:183
msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
msgid "If this option is unset (default), reply for any local target IP address, configured on any interface."
msgstr "If this option is unset (default), reply for any local target IP address, configured on any interface."
@@ -7422,7 +6758,7 @@ msgstr "If unset, incoming connections to the RADIUS server will use the nearest
msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
-#: ../../configuration/nat/nat44.rst:788
+#: ../../configuration/nat/nat44.rst:810
msgid "If you've completed all the above steps you no doubt want to see if it's all working."
msgstr "If you've completed all the above steps you no doubt want to see if it's all working."
@@ -7473,6 +6809,10 @@ msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceilin
msgid "If you enable this, you will probably want to set diversity-factor and channel below."
msgstr "If you enable this, you will probably want to set diversity-factor and channel below."
+#: ../../configuration/protocols/pim.rst:54
+msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+
#: ../../configuration/interfaces/bonding.rst:312
msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
@@ -7493,6 +6833,10 @@ msgstr "If you have a lot of interfaces, and/or a lot of subnets, then enabling
msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
+#: ../../configuration/protocols/pim.rst:171
+msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+
#: ../../configuration/system/flow-accounting.rst:65
msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
@@ -7541,7 +6885,7 @@ msgstr "Ignore VRRP main interface faults"
msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
-#: ../../configuration/vpn/site2site_ipsec.rst:275
+#: ../../configuration/vpn/site2site_ipsec.rst:279
msgid "Imagine the following topology"
msgstr "Imagine the following topology"
@@ -7574,35 +6918,14 @@ msgid "In VyOS, a class is identified by a number you can choose when configurin
msgstr "In VyOS, a class is identified by a number you can choose when configuring it."
#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
msgid "In :rfc:`3069` it is called VLAN Aggregation"
msgstr "In :rfc:`3069` it is called VLAN Aggregation"
-#: ../../configuration/firewall/zone.rst:41
+#: ../../configuration/firewall/zone.rst:60
msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
@@ -7611,8 +6934,6 @@ msgid "In a minimal configuration, the following must be provided:"
msgstr "In a minimal configuration, the following must be provided:"
#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
@@ -7632,15 +6953,9 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service
msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
#: ../../configuration/pki/index.rst:144
#: ../../configuration/pki/index.rst:159
+#: ../../configuration/pki/pki_cli_import_help.txt:1
msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
@@ -7656,8 +6971,7 @@ msgstr "In addition you will specifiy the IP address or FQDN for the client wher
msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
-#: ../../configuration/firewall/general.rst:194
-#: ../../configuration/firewall/general-legacy.rst:170
+#: ../../configuration/firewall/groups.rst:21
msgid "In an **address group** a single IP address or IP address ranges are defined."
msgstr "In an **address group** a single IP address or IP address ranges are defined."
@@ -7681,6 +6995,10 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random
msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
+#: ../../configuration/firewall/bridge.rst:70
+msgid "In firewall bridge rules, the action can be:"
+msgstr "In firewall bridge rules, the action can be:"
+
#: ../../configuration/protocols/ospf.rst:339
msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
@@ -7693,7 +7011,7 @@ msgstr "In large deployments it is not reasonable to configure each user individ
msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
-#: ../../configuration/service/dhcp-server.rst:196
+#: ../../configuration/service/dhcp-server.rst:161
msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
msgstr "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
@@ -7721,42 +7039,35 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps
msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
-#: ../../configuration/service/dhcp-server.rst:691
+#: ../../configuration/service/dhcp-server.rst:623
msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
+#: ../../configuration/interfaces/vxlan.rst:82
+msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+
#: ../../configuration/trafficpolicy/index.rst:402
msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
+#: ../../configuration/protocols/pim.rst:87
+msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+
#: ../../configuration/interfaces/ethernet.rst:95
msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
-#: ../../configuration/nat/nat44.rst:382
+#: ../../configuration/firewall/flowtables.rst:59
+msgid "In order to use flowtables, the minimal configuration needed includes:"
+msgstr "In order to use flowtables, the minimal configuration needed includes:"
+
+#: ../../configuration/nat/nat44.rst:396
msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
msgstr "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
msgid "In other words it allows control of which cards (usually 1) will respond to an arp request."
msgstr "In other words it allows control of which cards (usually 1) will respond to an arp request."
@@ -7764,7 +7075,7 @@ msgstr "In other words it allows control of which cards (usually 1) will respond
msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
msgstr "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
-#: ../../configuration/nat/nat44.rst:507
+#: ../../configuration/nat/nat44.rst:527
msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
@@ -7812,15 +7123,15 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound
msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
-#: ../../configuration/service/pppoe-server.rst:272
+#: ../../configuration/service/pppoe-server.rst:259
msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
-#: ../../configuration/nat/nat44.rst:321
+#: ../../configuration/nat/nat44.rst:333
msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
-#: ../../configuration/system/login.rst:397
+#: ../../configuration/system/login.rst:399
msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
@@ -7832,7 +7143,7 @@ msgstr "In the following example, the IPs for the remote clients are defined in
msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
msgstr "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
-#: ../../configuration/protocols/igmp.rst:37
+#: ../../configuration/protocols/pim.rst:219
msgid "In the following example we can see a basic multicast setup:"
msgstr "In the following example we can see a basic multicast setup:"
@@ -7856,11 +7167,11 @@ msgstr "In this command tree, all hardware acceleration options will be handled.
msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
-#: ../../configuration/nat/nat44.rst:344
+#: ../../configuration/nat/nat44.rst:358
msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
-#: ../../configuration/nat/nat44.rst:498
+#: ../../configuration/nat/nat44.rst:518
msgid "In this example, we will be using the example Quick Start configuration above as a starting point."
msgstr "In this example, we will be using the example Quick Start configuration above as a starting point."
@@ -7880,10 +7191,38 @@ msgstr "In this example we will use the most complicated case: a setup where eac
msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
-#: ../../configuration/service/dns.rst:152
+#: ../../configuration/service/dns.rst:165
msgid "In this scenario:"
msgstr "In this scenario:"
+#: ../../configuration/firewall/ipv4.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/ipv6.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+
+#: ../../configuration/firewall/zone.rst:25
+msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:289
+msgid "In this section you can find all useful firewall op-mode commands."
+msgstr "In this section you can find all useful firewall op-mode commands."
+
#: ../../configuration/service/webproxy.rst:95
msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
msgstr "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
@@ -7896,7 +7235,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
-#: ../../configuration/firewall/zone.rst:24
+#: ../../configuration/firewall/zone.rst:43
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
@@ -7916,11 +7255,11 @@ msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octet
msgid "Indication"
msgstr "Indication"
-#: ../../configuration/service/dhcp-server.rst:84
+#: ../../configuration/service/dhcp-server.rst:64
msgid "Individual Client Subnet"
msgstr "Individual Client Subnet"
-#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:49
msgid "Inform client that the DNS server can be found at `<address>`."
msgstr "Inform client that the DNS server can be found at `<address>`."
@@ -7940,53 +7279,19 @@ msgstr "Informational messages"
msgid "Input from `eth0` network interface"
msgstr "Input from `eth0` network interface"
+#: ../../configuration/firewall/bridge.rst:390
+msgid "Inspect logs:"
+msgstr "Inspect logs:"
+
#: ../../configuration/vpn/pptp.rst:32
msgid "Install the client software via apt and execute pptpsetup to generate the configuration."
msgstr "Install the client software via apt and execute pptpsetup to generate the configuration."
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/pppoe.rst:218
#: ../../configuration/interfaces/pppoe.rst:264
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/sstp-client.rst:90
#: ../../_include/interface-ip.txt:15
#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
@@ -7995,21 +7300,6 @@ msgid "Instead of password only authentication, 2FA password authentication + OT
msgstr "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:"
#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
msgstr "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
@@ -8035,7 +7325,7 @@ msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 1
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../configuration/firewall/general.rst:239
+#: ../../configuration/firewall/groups.rst:66
msgid "Interface Groups"
msgstr "Interface Groups"
@@ -8043,7 +7333,7 @@ msgstr "Interface Groups"
msgid "Interface Routes"
msgstr "Interface Routes"
-#: ../../configuration/protocols/igmp.rst:235
+#: ../../configuration/protocols/igmp-proxy.rst:63
msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
msgstr "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
@@ -8059,11 +7349,16 @@ msgstr "Interface for DHCP Relay Agent to forward requests out."
msgid "Interface for DHCP Relay Agent to listen for requests."
msgstr "Interface for DHCP Relay Agent to listen for requests."
+#: ../../configuration/protocols/pim.rst:133
+#: ../../configuration/protocols/pim.rst:186
+msgid "Interface specific commands"
+msgstr "Interface specific commands"
+
#: ../../configuration/service/conntrack-sync.rst:71
msgid "Interface to use for syncing conntrack entries."
msgstr "Interface to use for syncing conntrack entries."
-#: ../../configuration/interfaces/vxlan.rst:93
+#: ../../configuration/interfaces/vxlan.rst:114
msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
msgstr "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
@@ -8133,6 +7428,10 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis
msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
+#: ../../configuration/firewall/flowtables.rst:167
+msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+
#: ../../configuration/system/option.rst:111
msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
@@ -8150,7 +7449,7 @@ msgstr "It generates the keypair, which includes the public and private parts. T
msgid "It helps to support as HELPER only for planned restarts."
msgstr "It helps to support as HELPER only for planned restarts."
-#: ../../configuration/firewall/zone.rst:87
+#: ../../configuration/firewall/zone.rst:106
msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
@@ -8158,7 +7457,7 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b
msgid "It is compatible with Cisco (R) AnyConnect (R) clients."
msgstr "It is compatible with Cisco (R) AnyConnect (R) clients."
-#: ../../configuration/service/dhcp-server.rst:660
+#: ../../configuration/service/dhcp-server.rst:590
msgid "It is connected to ``eth1``"
msgstr "It is connected to ``eth1``"
@@ -8170,11 +7469,15 @@ msgstr "It is highly recommended to use SSH key authentication. By default there
msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
msgstr "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
+#: ../../configuration/nat/nat44.rst:574
+msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+
#: ../../configuration/nat/nat44.rst:549
msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
-#: ../../configuration/vrf/index.rst:503
+#: ../../configuration/vrf/index.rst:505
msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
@@ -8190,7 +7493,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because
msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
-#: ../../configuration/vrf/index.rst:494
+#: ../../configuration/vrf/index.rst:496
msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
@@ -8211,22 +7514,6 @@ msgid "It uses a stochastic model to classify incoming packets into different fl
msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
@@ -8258,11 +7545,11 @@ msgstr "Key Generation"
msgid "Key Management"
msgstr "Key Management"
-#: ../../configuration/vpn/site2site_ipsec.rst:374
+#: ../../configuration/vpn/site2site_ipsec.rst:383
msgid "Key Parameters:"
msgstr "Key Parameters:"
-#: ../../configuration/firewall/zone.rst:31
+#: ../../configuration/firewall/zone.rst:50
msgid "Key Points:"
msgstr "Key Points:"
@@ -8319,7 +7606,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`."
msgid "L2TPv3 options"
msgstr "L2TPv3 options"
-#: ../../configuration/vrf/index.rst:397
+#: ../../configuration/vrf/index.rst:399
msgid "L3VPN VRFs"
msgstr "L3VPN VRFs"
@@ -8360,19 +7647,19 @@ msgstr "Label Distribution Protocol"
msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
-#: ../../configuration/service/dhcp-server.rst:663
+#: ../../configuration/service/dhcp-server.rst:593
msgid "Lease time will be left at the default value which is 24 hours"
msgstr "Lease time will be left at the default value which is 24 hours"
-#: ../../configuration/service/dhcp-server.rst:369
+#: ../../configuration/service/dhcp-server.rst:336
msgid "Lease timeout in seconds (default: 86400)"
msgstr "Lease timeout in seconds (default: 86400)"
-#: ../../configuration/firewall/index.rst:47
+#: ../../configuration/firewall/index.rst:167
msgid "Legacy Firewall"
msgstr "Legacy Firewall"
-#: ../../configuration/interfaces/vxlan.rst:112
+#: ../../configuration/interfaces/vxlan.rst:133
msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
@@ -8404,7 +7691,7 @@ msgstr "Level 4 balancing"
msgid "Lifetime associated with the default router in units of seconds"
msgstr "Lifetime associated with the default router in units of seconds"
-#: ../../configuration/service/https.rst:72
+#: ../../configuration/service/https.rst:63
msgid "Lifetime in days; default is 365"
msgstr "Lifetime in days; default is 365"
@@ -8436,7 +7723,7 @@ msgstr "Limiter"
msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
-#: ../../configuration/system/login.rst:379
+#: ../../configuration/system/login.rst:381
msgid "Limits"
msgstr "Limits"
@@ -8452,7 +7739,7 @@ msgstr "Link MTU value placed in RAs, exluded in RAs if unset"
msgid "Link aggregation"
msgstr "Link aggregation"
-#: ../../configuration/nat/nat44.rst:372
+#: ../../configuration/nat/nat44.rst:386
msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
@@ -8480,7 +7767,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h
msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
-#: ../../configuration/policy/route-map.rst:360
+#: ../../configuration/policy/route-map.rst:362
msgid "List of well-known communities"
msgstr "List of well-known communities"
@@ -8504,15 +7791,15 @@ msgstr "Load-balancing algorithms to be used for distributind requests among the
msgid "Load-balancing schedule algorithm:"
msgstr "Load-balancing schedule algorithm:"
-#: ../../configuration/nat/nat44.rst:632
+#: ../../configuration/nat/nat44.rst:656
msgid "Load Balance"
msgstr "Load Balance"
-#: ../../configuration/service/pppoe-server.rst:256
+#: ../../configuration/service/pppoe-server.rst:243
msgid "Load Balancing"
msgstr "Load Balancing"
-#: ../../configuration/system/login.rst:420
+#: ../../configuration/system/login.rst:422
msgid "Load the container image in op-mode."
msgstr "Load the container image in op-mode."
@@ -8529,7 +7816,7 @@ msgstr "Local Configuration:"
msgid "Local Configuration - Annotated:"
msgstr "Local Configuration - Annotated:"
-#: ../../configuration/service/dhcp-server.rst:178
+#: ../../configuration/service/dhcp-server.rst:143
msgid "Local IP `<address>` used when communicating to the failover peer."
msgstr "Local IP `<address>` used when communicating to the failover peer."
@@ -8609,7 +7896,7 @@ msgstr "Log syslog messages to file specified via `<filename>`, for an explanati
msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
-#: ../../configuration/system/conntrack.rst:187
+#: ../../configuration/system/conntrack.rst:224
msgid "Log the connection tracking events per protocol."
msgstr "Log the connection tracking events per protocol."
@@ -8617,7 +7904,9 @@ msgstr "Log the connection tracking events per protocol."
msgid "Logging"
msgstr "Logging"
-#: ../../configuration/firewall/general.rst:412
+#: ../../configuration/firewall/bridge.rst:151
+#: ../../configuration/firewall/ipv4.rst:198
+#: ../../configuration/firewall/ipv6.rst:198
msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
@@ -8629,14 +7918,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact,
msgid "Login/User Management"
msgstr "Login/User Management"
-#: ../../configuration/system/login.rst:361
+#: ../../configuration/system/login.rst:363
msgid "Login Banner"
msgstr "Login Banner"
-#: ../../configuration/system/login.rst:381
+#: ../../configuration/system/login.rst:383
msgid "Login limits"
msgstr "Login limits"
+#: ../../configuration/protocols/isis.rst:306
+msgid "Loop Free Alternate (LFA)"
+msgstr "Loop Free Alternate (LFA)"
+
#: ../../configuration/interfaces/loopback.rst:7
msgid "Loopback"
msgstr "Loopback"
@@ -8660,8 +7953,7 @@ msgstr "MAC/PHY information"
msgid "MACVLAN - Pseudo Ethernet"
msgstr "MACVLAN - Pseudo Ethernet"
-#: ../../configuration/firewall/general.rst:282
-#: ../../configuration/firewall/general-legacy.rst:240
+#: ../../configuration/firewall/groups.rst:109
msgid "MAC Groups"
msgstr "MAC Groups"
@@ -8701,52 +7993,14 @@ msgstr "MPLS"
msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
msgstr "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/pppoe.rst:215
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/sstp-client.rst:87
#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
#: ../../configuration/interfaces/pppoe.rst:261
#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
@@ -8758,11 +8012,19 @@ msgstr "MTU"
msgid "Mail system"
msgstr "Mail system"
+#: ../../configuration/firewall/index.rst:20
+msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+
+#: ../../configuration/firewall/index.rst:91
+msgid "Main structure VyOS firewall cli is shown next:"
+msgstr "Main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/firewall/general.rst:20
msgid "Main structure is shown next:"
msgstr "Main structure is shown next:"
-#: ../../configuration/service/pppoe-server.rst:308
+#: ../../configuration/service/pppoe-server.rst:295
msgid "Maintenance mode"
msgstr "Maintenance mode"
@@ -8786,11 +8048,15 @@ msgstr "Mandatory Settings"
msgid "Manual Neighbor Configuration"
msgstr "Manual Neighbor Configuration"
-#: ../../configuration/interfaces/vxlan.rst:150
+#: ../../configuration/pki/index.rst:336
+msgid "Manually trigger certificate renewal. This will be done twice a day."
+msgstr "Manually trigger certificate renewal. This will be done twice a day."
+
+#: ../../configuration/interfaces/vxlan.rst:171
msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
-#: ../../configuration/vpn/sstp.rst:212
+#: ../../configuration/vpn/sstp.rst:223
msgid "Mark RADIUS server as offline for this given `<time>` in seconds."
msgstr "Mark RADIUS server as offline for this given `<time>` in seconds."
@@ -8810,7 +8076,8 @@ msgstr "Match BGP large communities."
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
-#: ../../configuration/firewall/general.rst:710
+#: ../../configuration/firewall/ipv4.rst:440
+#: ../../configuration/firewall/ipv6.rst:447
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
@@ -8822,18 +8089,18 @@ msgstr "Match RPKI validation result."
msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
-#: ../../configuration/firewall/general.rst:1091
-#: ../../configuration/firewall/general-legacy.rst:671
+#: ../../configuration/firewall/ipv4.rst:773
+#: ../../configuration/firewall/ipv6.rst:783
msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
-#: ../../configuration/firewall/general.rst:1158
-#: ../../configuration/firewall/general-legacy.rst:709
+#: ../../configuration/firewall/ipv4.rst:831
+#: ../../configuration/firewall/ipv6.rst:840
msgid "Match against the state of a packet."
msgstr "Match against the state of a packet."
-#: ../../configuration/firewall/general.rst:924
-#: ../../configuration/firewall/general-legacy.rst:590
+#: ../../configuration/firewall/ipv4.rst:620
+#: ../../configuration/firewall/ipv6.rst:630
msgid "Match based on dscp value."
msgstr "Match based on dscp value."
@@ -8841,18 +8108,28 @@ msgstr "Match based on dscp value."
msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
-#: ../../configuration/firewall/general.rst:937
-#: ../../configuration/firewall/general-legacy.rst:597
+#: ../../configuration/firewall/ipv4.rst:631
+#: ../../configuration/firewall/ipv6.rst:641
msgid "Match based on fragment criteria."
msgstr "Match based on fragment criteria."
-#: ../../configuration/firewall/general.rst:956
-#: ../../configuration/firewall/general-legacy.rst:604
+#: ../../configuration/firewall/ipv4.rst:642
+msgid "Match based on icmp code and type."
+msgstr "Match based on icmp code and type."
+
+#: ../../configuration/firewall/ipv4.rst:653
+msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:663
+msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:652
#: ../../configuration/policy/route.rst:131
msgid "Match based on icmp|icmpv6 code and type."
msgstr "Match based on icmp|icmpv6 code and type."
-#: ../../configuration/firewall/general.rst:975
#: ../../configuration/firewall/general-legacy.rst:610
msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
@@ -8869,8 +8146,20 @@ msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. Fo
msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1013
-#: ../../configuration/firewall/general-legacy.rst:630
+#: ../../configuration/firewall/bridge.rst:239
+#: ../../configuration/firewall/ipv4.rst:663
+#: ../../configuration/firewall/ipv6.rst:673
+msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:248
+#: ../../configuration/firewall/ipv4.rst:674
+#: ../../configuration/firewall/ipv6.rst:684
+msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:707
+#: ../../configuration/firewall/ipv6.rst:717
msgid "Match based on ipsec criteria."
msgstr "Match based on ipsec criteria."
@@ -8878,53 +8167,77 @@ msgstr "Match based on ipsec criteria."
msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1064
-#: ../../configuration/firewall/general-legacy.rst:656
+#: ../../configuration/firewall/bridge.rst:256
+#: ../../configuration/firewall/ipv4.rst:684
+#: ../../configuration/firewall/ipv6.rst:694
+msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:265
+#: ../../configuration/firewall/ipv4.rst:695
+#: ../../configuration/firewall/ipv6.rst:705
+msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:750
+#: ../../configuration/firewall/ipv6.rst:760
#: ../../configuration/policy/route.rst:176
msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
-#: ../../configuration/firewall/general.rst:1078
-#: ../../configuration/firewall/general-legacy.rst:664
+#: ../../configuration/firewall/ipv4.rst:762
+#: ../../configuration/firewall/ipv6.rst:772
#: ../../configuration/policy/route.rst:184
msgid "Match based on packet type criteria."
msgstr "Match based on packet type criteria."
-#: ../../configuration/firewall/general.rst:1039
-#: ../../configuration/firewall/general-legacy.rst:644
+#: ../../configuration/firewall/ipv4.rst:729
+#: ../../configuration/firewall/ipv6.rst:739
msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
-#: ../../configuration/firewall/general.rst:1026
-#: ../../configuration/firewall/general-legacy.rst:637
+#: ../../configuration/firewall/ipv4.rst:718
+#: ../../configuration/firewall/ipv6.rst:728
msgid "Match based on the maximum number of packets to allow in excess of rate."
msgstr "Match based on the maximum number of packets to allow in excess of rate."
-#: ../../configuration/firewall/general.rst:1124
-#: ../../configuration/firewall/general-legacy.rst:689
+#: ../../configuration/firewall/bridge.rst:273
+msgid "Match based on vlan ID. Range is also supported."
+msgstr "Match based on vlan ID. Range is also supported."
+
+#: ../../configuration/firewall/bridge.rst:280
+msgid "Match based on vlan priority(pcp). Range is also supported."
+msgstr "Match based on vlan priority(pcp). Range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:801
+#: ../../configuration/firewall/ipv6.rst:810
msgid "Match bases on recently seen sources."
msgstr "Match bases on recently seen sources."
-#: ../../configuration/firewall/general.rst:562
-#: ../../configuration/firewall/general-legacy.rst:394
+#: ../../configuration/firewall/ipv4.rst:325
+#: ../../configuration/firewall/ipv6.rst:325
msgid "Match criteria based on connection mark."
msgstr "Match criteria based on connection mark."
-#: ../../configuration/firewall/general.rst:549
-#: ../../configuration/firewall/general-legacy.rst:387
+#: ../../configuration/firewall/ipv4.rst:314
+#: ../../configuration/firewall/ipv6.rst:314
msgid "Match criteria based on nat connection status."
msgstr "Match criteria based on nat connection status."
-#: ../../configuration/firewall/general.rst:586
+#: ../../configuration/firewall/ipv4.rst:345
+#: ../../configuration/firewall/ipv6.rst:345
msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
+#: ../../configuration/firewall/bridge.rst:232
+msgid "Match criteria based on source and/or destination mac-address."
+msgstr "Match criteria based on source and/or destination mac-address."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:58
msgid "Match domain name"
msgstr "Match domain name"
-#: ../../configuration/firewall/general.rst:1234
-#: ../../configuration/firewall/general-legacy.rst:732
+#: ../../configuration/firewall/ipv6.rst:894
#: ../../configuration/policy/route.rst:234
msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
@@ -8937,19 +8250,19 @@ msgstr "Match local preference."
msgid "Match route metric."
msgstr "Match route metric."
-#: ../../configuration/firewall/general.rst:1222
-#: ../../configuration/firewall/general-legacy.rst:726
+#: ../../configuration/firewall/ipv4.rst:885
#: ../../configuration/policy/route.rst:229
msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
-#: ../../configuration/firewall/general.rst:1259
-#: ../../configuration/firewall/general-legacy.rst:742
+#: ../../configuration/firewall/ipv4.rst:906
+#: ../../configuration/firewall/ipv6.rst:915
msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
-#: ../../configuration/firewall/general.rst:534
-#: ../../configuration/firewall/general-legacy.rst:378
+#: ../../configuration/firewall/bridge.rst:219
+#: ../../configuration/firewall/ipv4.rst:301
+#: ../../configuration/firewall/ipv6.rst:301
#: ../../configuration/policy/route.rst:38
msgid "Matching criteria"
msgstr "Matching criteria"
@@ -8966,7 +8279,7 @@ msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets"
msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
-#: ../../configuration/vpn/sstp.rst:148
+#: ../../configuration/vpn/sstp.rst:159
msgid "Maximum number of IPv4 nameservers"
msgstr "Maximum number of IPv4 nameservers"
@@ -8978,7 +8291,11 @@ msgstr "Maximum number of authenticator processes to spawn. If you start too few
msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
-#: ../../configuration/vpn/sstp.rst:239
+#: ../../configuration/service/dns.rst:148
+msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+
+#: ../../configuration/vpn/sstp.rst:250
msgid "Maximum number of tries to send Access-Request/Accounting-Request queries"
msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries"
@@ -9010,6 +8327,26 @@ msgstr "Metris version, the default is ``2``"
msgid "Min and max intervals between unsolicited multicast RAs"
msgstr "Min and max intervals between unsolicited multicast RAs"
+#: ../../configuration/firewall/flowtables.rst:106
+msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+
+#: ../../configuration/protocols/pim.rst:49
+msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+
+#: ../../configuration/protocols/pim.rst:59
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
+#: ../../configuration/protocols/pim.rst:98
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+
+#: ../../configuration/protocols/pim.rst:82
+msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+
#: ../../configuration/interfaces/wireless.rst:22
msgid "Monitor, the system passively monitors any kind of wireless traffic"
msgstr "Monitor, the system passively monitors any kind of wireless traffic"
@@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN
msgid "Mount a volume into the container"
msgstr "Mount a volume into the container"
-#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:235
msgid "Multi"
msgstr "Multi"
@@ -9046,16 +8383,15 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa
msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
-#: ../../configuration/service/dhcp-server.rst:392
+#: ../../configuration/service/dhcp-server.rst:359
msgid "Multi: can be specified multiple times."
msgstr "Multi: can be specified multiple times."
-#: ../../configuration/interfaces/vxlan.rst:89
-#: ../../configuration/protocols/igmp.rst:7
+#: ../../configuration/interfaces/vxlan.rst:110
msgid "Multicast"
msgstr "Multicast"
-#: ../../configuration/interfaces/vxlan.rst:209
+#: ../../configuration/interfaces/vxlan.rst:230
msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
msgstr "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
@@ -9063,11 +8399,15 @@ msgstr "Multicast-routing is required for the leaves to forward traffic between
msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
msgstr "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
-#: ../../configuration/interfaces/vxlan.rst:105
+#: ../../configuration/service/mdns.rst:8
+msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+
+#: ../../configuration/interfaces/vxlan.rst:126
msgid "Multicast VXLAN"
msgstr "Multicast VXLAN"
-#: ../../configuration/interfaces/vxlan.rst:99
+#: ../../configuration/interfaces/vxlan.rst:120
msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
@@ -9075,7 +8415,7 @@ msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built
msgid "Multicast group to use for syncing conntrack entries."
msgstr "Multicast group to use for syncing conntrack entries."
-#: ../../configuration/protocols/igmp.rst:26
+#: ../../configuration/protocols/pim.rst:22
msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
@@ -9083,8 +8423,8 @@ msgstr "Multicast receivers will talk IGMP to their local router, so, besides ha
msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
-#: ../../configuration/service/dhcp-server.rst:59
-#: ../../configuration/service/dhcp-server.rst:106
+#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:92
msgid "Multiple DNS servers can be defined."
msgstr "Multiple DNS servers can be defined."
@@ -9096,7 +8436,7 @@ msgstr "Multiple RPKI caching instances can be supplied and they need a preferen
msgid "Multiple Uplinks"
msgstr "Multiple Uplinks"
-#: ../../configuration/interfaces/vxlan.rst:144
+#: ../../configuration/interfaces/vxlan.rst:165
msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
@@ -9108,7 +8448,7 @@ msgstr "Multiple aliases can pe specified per host-name."
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
-#: ../../configuration/system/conntrack.rst:122
+#: ../../configuration/system/conntrack.rst:150
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
@@ -9125,12 +8465,12 @@ msgstr "Multiple networks/client IP addresses can be configured."
msgid "Multiple servers can be specified."
msgstr "Multiple servers can be specified."
-#: ../../configuration/service/dns.rst:361
+#: ../../configuration/service/dns.rst:374
msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"
msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!"
-#: ../../configuration/firewall/general.rst:770
-#: ../../configuration/firewall/general-legacy.rst:515
+#: ../../configuration/firewall/ipv4.rst:494
+#: ../../configuration/firewall/ipv6.rst:500
msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
@@ -9147,18 +8487,18 @@ msgstr "Multiple users can connect to the same serial device but only one is all
msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
-#: ../../configuration/service/dhcp-server.rst:274
-#: ../../configuration/service/dhcp-server.rst:280
-#: ../../configuration/service/dhcp-server.rst:285
-#: ../../configuration/service/dhcp-server.rst:305
-#: ../../configuration/service/dhcp-server.rst:320
-#: ../../configuration/service/dhcp-server.rst:325
-#: ../../configuration/service/dhcp-server.rst:330
-#: ../../configuration/service/dhcp-server.rst:335
-#: ../../configuration/service/dhcp-server.rst:340
-#: ../../configuration/service/dhcp-server.rst:360
-#: ../../configuration/service/dhcp-server.rst:365
-#: ../../configuration/service/dhcp-server.rst:370
+#: ../../configuration/service/dhcp-server.rst:241
+#: ../../configuration/service/dhcp-server.rst:247
+#: ../../configuration/service/dhcp-server.rst:252
+#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:337
msgid "N"
msgstr "N"
@@ -9175,19 +8515,31 @@ msgstr "NAT, Routing, Firewall Interaction"
msgid "NAT44"
msgstr "NAT44"
+#: ../../configuration/nat/nat64.rst:5
+msgid "NAT64"
+msgstr "NAT64"
+
+#: ../../configuration/nat/nat64.rst:62
+msgid "NAT64 client configuration:"
+msgstr "NAT64 client configuration:"
+
+#: ../../configuration/nat/nat64.rst:44
+msgid "NAT64 server configuration:"
+msgstr "NAT64 server configuration:"
+
#: ../../configuration/nat/nat66.rst:5
msgid "NAT66(NPTv6)"
msgstr "NAT66(NPTv6)"
-#: ../../configuration/nat/nat44.rst:706
+#: ../../configuration/nat/nat44.rst:730
msgid "NAT Configuration"
msgstr "NAT Configuration"
-#: ../../configuration/nat/nat44.rst:287
+#: ../../configuration/nat/nat44.rst:299
msgid "NAT Load Balance"
msgstr "NAT Load Balance"
-#: ../../configuration/nat/nat44.rst:293
+#: ../../configuration/nat/nat44.rst:305
msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
@@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it
msgid "NAT Ruleset"
msgstr "NAT Ruleset"
-#: ../../configuration/nat/nat44.rst:686
+#: ../../configuration/nat/nat44.rst:710
msgid "NAT (specifically, Source NAT);"
msgstr "NAT (specifically, Source NAT);"
-#: ../../configuration/nat/nat44.rst:624
+#: ../../configuration/nat/nat44.rst:648
msgid "NAT before VPN"
msgstr "NAT before VPN"
-#: ../../configuration/nat/nat44.rst:677
-#: ../../configuration/nat/nat44.rst:677
+#: ../../configuration/nat/nat44.rst:701
msgid "NAT before VPN Topology"
msgstr "NAT before VPN Topology"
@@ -9236,7 +8587,7 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i
msgid "Name Server"
msgstr "Name Server"
-#: ../../configuration/service/dhcp-server.rst:389
+#: ../../configuration/service/dhcp-server.rst:356
msgid "Name of static mapping"
msgstr "Name of static mapping"
@@ -9244,11 +8595,11 @@ msgstr "Name of static mapping"
msgid "Name of the single table Only if set group-metrics single-table."
msgstr "Name of the single table Only if set group-metrics single-table."
-#: ../../configuration/service/dhcp-server.rst:329
+#: ../../configuration/service/dhcp-server.rst:296
msgid "Name or IPv4 address of TFTP server"
msgstr "Name or IPv4 address of TFTP server"
-#: ../../configuration/service/dhcp-server.rst:314
+#: ../../configuration/service/dhcp-server.rst:281
msgid "NetBIOS over TCP/IP name server"
msgstr "NetBIOS over TCP/IP name server"
@@ -9276,7 +8627,7 @@ msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the
msgid "NetFlow v5 example:"
msgstr "NetFlow v5 example:"
-#: ../../configuration/firewall/index.rst:16
+#: ../../configuration/firewall/index.rst:13
msgid "Netfilter based"
msgstr "Netfilter based"
@@ -9302,8 +8653,7 @@ msgstr "Network Control"
msgid "Network Emulator"
msgstr "Network Emulator"
-#: ../../configuration/firewall/general.rst:215
-#: ../../configuration/firewall/general-legacy.rst:191
+#: ../../configuration/firewall/groups.rst:42
msgid "Network Groups"
msgstr "Network Groups"
@@ -9315,7 +8665,7 @@ msgstr "Network ID (SSID) ``Enterprise-TEST``"
msgid "Network ID (SSID) ``TEST``"
msgstr "Network ID (SSID) ``TEST``"
-#: ../../configuration/protocols/igmp.rst:None
+#: ../../configuration/protocols/pim.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -9339,7 +8689,7 @@ msgstr "New user will use SHA/AES for authentication and privacy"
msgid "Next-hop interface for the route"
msgstr "Next-hop interface for the route"
-#: ../../configuration/vpn/openconnect.rst:205
+#: ../../configuration/vpn/openconnect.rst:212
msgid "Next it is necessary to configure 2FA for OpenConnect:"
msgstr "Next it is necessary to configure 2FA for OpenConnect:"
@@ -9428,7 +8778,7 @@ msgstr "Now we add the option to the scope, adapt to your setup"
msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
-#: ../../configuration/vpn/openconnect.rst:212
+#: ../../configuration/vpn/openconnect.rst:219
msgid "Now when connecting the user will first be asked for the password and then the OTP key."
msgstr "Now when connecting the user will first be asked for the password and then the OTP key."
@@ -9480,7 +8830,7 @@ msgstr "OTP-key generation"
msgid "Offloading"
msgstr "Offloading"
-#: ../../configuration/service/dhcp-server.rst:278
+#: ../../configuration/service/dhcp-server.rst:245
msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
@@ -9555,6 +8905,10 @@ msgstr "On the initiator, we need to set the remote-id option so that it can ide
msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
msgstr "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
+#: ../../configuration/protocols/pim.rst:120
+msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+
#: ../../configuration/vpn/rsa-keys.rst:57
msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
@@ -9564,25 +8918,6 @@ msgid "Once a class has a filter configured, you will also have to define what y
msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring."
#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
@@ -9606,6 +8941,10 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil
msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
+#: ../../configuration/firewall/flowtables.rst:38
+msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+
#: ../../configuration/service/pppoe-server.rst:63
msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
@@ -9614,11 +8953,11 @@ msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-addres
msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
-#: ../../configuration/service/pppoe-server.rst:224
+#: ../../configuration/service/pppoe-server.rst:211
msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
-#: ../../configuration/vpn/openconnect.rst:250
+#: ../../configuration/vpn/openconnect.rst:257
msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
@@ -9626,7 +8965,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c
msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
-#: ../../configuration/vpn/sstp.rst:295
+#: ../../configuration/vpn/sstp.rst:307
msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
@@ -9651,11 +8990,6 @@ msgid "One of the uses of Fair Queue might be the mitigation of Denial of Servic
msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks."
#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
@@ -9663,8 +8997,12 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgid "Only VRRP is supported. Required option."
msgstr "Only VRRP is supported. Required option."
-#: ../../configuration/firewall/general.rst:731
-#: ../../configuration/firewall/general-legacy.rst:490
+#: ../../configuration/service/https.rst:18
+msgid "Only allow certain IP addresses or prefixes to access the https webserver."
+msgstr "Only allow certain IP addresses or prefixes to access the https webserver."
+
+#: ../../configuration/firewall/ipv4.rst:459
+#: ../../configuration/firewall/ipv6.rst:466
msgid "Only in the source criteria, you can specify a mac-address."
msgstr "Only in the source criteria, you can specify a mac-address."
@@ -9672,22 +9010,7 @@ msgstr "Only in the source criteria, you can specify a mac-address."
msgid "Only one SRGB and default SPF Algorithm is supported"
msgstr "Only one SRGB and default SPF Algorithm is supported"
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
+#: ../../_include/interface-dhcp-options.txt:48
msgid "Only request an address from the DHCP server but do not request a default gateway."
msgstr "Only request an address from the DHCP server but do not request a default gateway."
@@ -9703,6 +9026,10 @@ msgstr "Only request an address from the SSTP server but do not install any defa
msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
+#: ../../configuration/interfaces/vxlan.rst:96
+msgid "Only works with a VXLAN device with external flag set."
+msgstr "Only works with a VXLAN device with external flag set."
+
#: ../../configuration/highavailability/index.rst:457
msgid "Op-mode check virtual-server status"
msgstr "Op-mode check virtual-server status"
@@ -9715,15 +9042,15 @@ msgstr "OpenConnect"
msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
-#: ../../configuration/vpn/openconnect.rst:274
+#: ../../configuration/vpn/openconnect.rst:281
msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
msgstr "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
-#: ../../configuration/vpn/openconnect.rst:267
+#: ../../configuration/vpn/openconnect.rst:274
msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
msgstr "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
-#: ../../configuration/vpn/openconnect.rst:228
+#: ../../configuration/vpn/openconnect.rst:235
msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
@@ -9778,27 +9105,34 @@ msgstr "Operating Modes"
#: ../../configuration/interfaces/virtual-ethernet.rst:55
#: ../../configuration/interfaces/wireless.rst:416
#: ../../configuration/interfaces/wwan.rst:79
-#: ../../configuration/pki/index.rst:252
-#: ../../configuration/protocols/igmp.rst:245
+#: ../../configuration/pki/index.rst:290
+#: ../../configuration/protocols/igmp-proxy.rst:73
#: ../../configuration/protocols/static.rst:183
#: ../../configuration/service/conntrack-sync.rst:103
#: ../../configuration/service/console-server.rst:76
#: ../../configuration/service/dhcp-relay.rst:124
-#: ../../configuration/service/dhcp-relay.rst:199
-#: ../../configuration/service/dns.rst:182
+#: ../../configuration/service/dhcp-relay.rst:201
+#: ../../configuration/service/dns.rst:195
#: ../../configuration/service/lldp.rst:71
+#: ../../configuration/service/mdns.rst:79
#: ../../configuration/service/ssh.rst:145
#: ../../configuration/service/webproxy.rst:330
#: ../../configuration/system/default-route.rst:25
#: ../../configuration/system/flow-accounting.rst:175
#: ../../configuration/vrf/index.rst:111
-#: ../../configuration/vrf/index.rst:321
-#: ../../configuration/vrf/index.rst:501
+#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:503
msgid "Operation"
msgstr "Operation"
-#: ../../configuration/firewall/general.rst:1307
-#: ../../configuration/firewall/general-legacy.rst:778
+#: ../../configuration/firewall/groups.rst:186
+#: ../../configuration/firewall/zone.rst:128
+msgid "Operation-mode"
+msgstr "Operation-mode"
+
+#: ../../configuration/firewall/bridge.rst:284
+#: ../../configuration/firewall/ipv4.rst:954
+#: ../../configuration/firewall/ipv6.rst:962
msgid "Operation-mode Firewall"
msgstr "Operation-mode Firewall"
@@ -9806,8 +9140,8 @@ msgstr "Operation-mode Firewall"
msgid "Operation Commands"
msgstr "Operation Commands"
-#: ../../configuration/service/dhcp-server.rst:512
-#: ../../configuration/service/dhcp-server.rst:732
+#: ../../configuration/service/dhcp-server.rst:412
+#: ../../configuration/service/dhcp-server.rst:664
#: ../../configuration/system/acceleration.rst:42
msgid "Operation Mode"
msgstr "Operation Mode"
@@ -9825,7 +9159,7 @@ msgstr "Operational Commands"
#: ../../configuration/protocols/bgp.rst:950
#: ../../configuration/protocols/mpls.rst:218
#: ../../configuration/protocols/ospf.rst:609
-#: ../../configuration/protocols/ospf.rst:1266
+#: ../../configuration/protocols/ospf.rst:1268
#: ../../configuration/protocols/rip.rst:193
msgid "Operational Mode Commands"
msgstr "Operational Mode Commands"
@@ -9843,11 +9177,11 @@ msgstr "Option"
msgid "Option 43 for UniFI"
msgstr "Option 43 for UniFI"
-#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:234
msgid "Option description"
msgstr "Option description"
-#: ../../configuration/service/dhcp-server.rst:265
+#: ../../configuration/service/dhcp-server.rst:232
msgid "Option number"
msgstr "Option number"
@@ -9886,15 +9220,19 @@ msgstr "Optional/default settings"
msgid "Optional Configuration"
msgstr "Optional Configuration"
+#: ../../configuration/protocols/pim.rst:123
+msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+
#: ../../configuration/container/index.rst:47
msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
#: ../../configuration/interfaces/openvpn.rst:631
#: ../../configuration/service/dhcp-relay.rst:53
-#: ../../configuration/service/dhcp-relay.rst:158
-#: ../../configuration/service/dhcp-server.rst:257
-#: ../../configuration/vpn/sstp.rst:219
+#: ../../configuration/service/dhcp-relay.rst:160
+#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/vpn/sstp.rst:230
msgid "Options"
msgstr "Options"
@@ -9918,11 +9256,11 @@ msgstr "Or **binary** prefixes."
msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
-#: ../../configuration/service/pppoe-server.rst:251
+#: ../../configuration/service/pppoe-server.rst:238
msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
-#: ../../configuration/nat/nat44.rst:512
+#: ../../configuration/nat/nat44.rst:532
msgid "Our configuration commands would be:"
msgstr "Our configuration commands would be:"
@@ -9962,9 +9300,14 @@ msgstr "Over UDP"
msgid "Override static-mapping's name-server with a custom one that will be sent only to this host."
msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host."
-#: ../../configuration/firewall/general.rst:11
-#: ../../configuration/firewall/general-legacy.rst:15
+#: ../../configuration/firewall/bridge.rst:13
+#: ../../configuration/firewall/flowtables.rst:13
+#: ../../configuration/firewall/global-options.rst:11
+#: ../../configuration/firewall/ipv4.rst:11
+#: ../../configuration/firewall/ipv6.rst:11
+#: ../../configuration/firewall/zone.rst:11
#: ../../configuration/nat/nat44.rst:68
+#: ../../configuration/nat/nat64.rst:18
#: ../../configuration/nat/nat66.rst:15
msgid "Overview"
msgstr "Overview"
@@ -9973,8 +9316,8 @@ msgstr "Overview"
msgid "Overview and basic concepts"
msgstr "Overview and basic concepts"
-#: ../../configuration/firewall/general.rst:1461
-#: ../../configuration/firewall/general-legacy.rst:908
+#: ../../configuration/firewall/groups.rst:190
+#: ../../configuration/firewall/ipv6.rst:1117
msgid "Overview of defined groups. You see the type, the members, and where the group is used."
msgstr "Overview of defined groups. You see the type, the members, and where the group is used."
@@ -9994,14 +9337,22 @@ msgstr "PC2 is in VRF ``blue`` which is the development department"
msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
-#: ../../configuration/interfaces/vxlan.rst:109
+#: ../../configuration/interfaces/vxlan.rst:130
msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
msgstr "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
-#: ../../configuration/interfaces/vxlan.rst:120
+#: ../../configuration/interfaces/vxlan.rst:141
msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
msgstr "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
+#: ../../configuration/protocols/pim.rst:31
+msgid "PIM-SM - PIM Sparse Mode"
+msgstr "PIM-SM - PIM Sparse Mode"
+
+#: ../../configuration/protocols/pim6.rst:5
+msgid "PIM6 - Protocol Independent Multicast for IPv6"
+msgstr "PIM6 - Protocol Independent Multicast for IPv6"
+
#: ../../configuration/protocols/igmp.rst:16
msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) must be configured in every interfa
msgid "PIM and IGMP"
msgstr "PIM and IGMP"
+#: ../../configuration/protocols/pim.rst:7
+msgid "PIM – Protocol Independent Multicast"
+msgstr "PIM – Protocol Independent Multicast"
+
#: ../../configuration/protocols/pim6.rst:9
msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10022,7 +9377,7 @@ msgstr "PKI"
msgid "PPDU"
msgstr "PPDU"
-#: ../../configuration/vpn/sstp.rst:163
+#: ../../configuration/vpn/sstp.rst:174
msgid "PPP Settings"
msgstr "PPP Settings"
@@ -10054,11 +9409,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a
msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
msgstr "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
-#: ../../configuration/vpn/sstp.rst:155
+#: ../../configuration/vpn/sstp.rst:166
msgid "Path to `<file>` pointing to the certificate authority certificate."
msgstr "Path to `<file>` pointing to the certificate authority certificate."
-#: ../../configuration/vpn/sstp.rst:159
+#: ../../configuration/vpn/sstp.rst:170
msgid "Path to `<file>` pointing to the servers certificate (public portion)."
msgstr "Path to `<file>` pointing to the servers certificate (public portion)."
@@ -10102,7 +9457,7 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and
msgid "Per default every packet is sampled (that is, the sampling rate is 1)."
msgstr "Per default every packet is sampled (that is, the sampling rate is 1)."
-#: ../../configuration/service/pppoe-server.rst:336
+#: ../../configuration/service/pppoe-server.rst:323
msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
@@ -10127,29 +9482,6 @@ msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` wi
msgstr "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted."
#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
msgid "Place interface in given VRF instance."
msgstr "Place interface in given VRF instance."
@@ -10157,6 +9489,14 @@ msgstr "Place interface in given VRF instance."
msgid "Play an audible beep to the system speaker when system is ready."
msgstr "Play an audible beep to the system speaker when system is ready."
+#: ../../configuration/firewall/index.rst:137
+msgid "Please, refer to appropiate section for more information about firewall configuration:"
+msgstr "Please, refer to appropiate section for more information about firewall configuration:"
+
+#: ../../configuration/firewall/index.rst:138
+msgid "Please, refer to appropriate section for more information about firewall configuration:"
+msgstr "Please, refer to appropriate section for more information about firewall configuration:"
+
#: ../../configuration/service/ipoe-server.rst:23
msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
@@ -10173,24 +9513,11 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec
msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
-#: ../../configuration/service/dhcp-server.rst:423
+#: ../../configuration/service/dhcp-server.rst:364
msgid "Please see the :ref:`dhcp-dns-quick-start` configuration."
msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration."
#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
msgid "Please take a look at the Contributing Guide for our :ref:`documentation`."
msgstr "Please take a look at the Contributing Guide for our :ref:`documentation`."
@@ -10230,12 +9557,11 @@ msgstr "Policy Sections"
msgid "Policy for checking targets"
msgstr "Policy for checking targets"
-#: ../../configuration/system/conntrack.rst:152
+#: ../../configuration/system/conntrack.rst:57
msgid "Policy to track previously established connections."
msgstr "Policy to track previously established connections."
-#: ../../configuration/firewall/general.rst:257
-#: ../../configuration/firewall/general-legacy.rst:215
+#: ../../configuration/firewall/groups.rst:84
msgid "Port Groups"
msgstr "Port Groups"
@@ -10245,7 +9571,7 @@ msgstr "Port Groups"
msgid "Port Mirror (SPAN)"
msgstr "Port Mirror (SPAN)"
-#: ../../configuration/vpn/sstp.rst:231
+#: ../../configuration/vpn/sstp.rst:242
msgid "Port for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Port for Dynamic Authorization Extension server (DM/CoA)"
@@ -10261,16 +9587,11 @@ msgstr "Port number used by connection, default is ``9273``"
msgid "Port number used by connection."
msgstr "Port number used by connection."
-#: ../../configuration/service/https.rst:46
+#: ../../configuration/service/https.rst:37
msgid "Port to listen for HTTPS requests; default 443"
msgstr "Port to listen for HTTPS requests; default 443"
#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
@@ -10335,7 +9656,7 @@ msgstr "Preference associated with the default router"
msgid "Prefix Conversion"
msgstr "Prefix Conversion"
-#: ../../configuration/service/dhcp-server.rst:634
+#: ../../configuration/service/dhcp-server.rst:564
msgid "Prefix Delegation"
msgstr "Prefix Delegation"
@@ -10387,11 +9708,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's
msgid "Principle of SNMP Communication"
msgstr "Principle of SNMP Communication"
-#: ../../configuration/vrf/index.rst:530
+#: ../../configuration/vrf/index.rst:532
msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination."
msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination."
-#: ../../configuration/vrf/index.rst:509
+#: ../../configuration/vrf/index.rst:511
msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
@@ -10409,25 +9730,6 @@ msgid "Priority Queue, as other non-shaping policies, is only useful if your out
msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP."
#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
@@ -10455,8 +9757,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp."
msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
-#: ../../configuration/firewall/general.rst:212
-#: ../../configuration/firewall/general-legacy.rst:188
+#: ../../configuration/firewall/groups.rst:39
msgid "Provide a IPv4 or IPv6 address group description"
msgstr "Provide a IPv4 or IPv6 address group description"
@@ -10464,39 +9765,43 @@ msgstr "Provide a IPv4 or IPv6 address group description"
msgid "Provide a IPv4 or IPv6 network group description."
msgstr "Provide a IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:515
-#: ../../configuration/firewall/general-legacy.rst:334
+#: ../../configuration/firewall/ipv4.rst:285
+#: ../../configuration/firewall/ipv6.rst:285
#: ../../configuration/policy/route.rst:30
msgid "Provide a description for each rule."
msgstr "Provide a description for each rule."
-#: ../../configuration/firewall/general.rst:314
+#: ../../configuration/firewall/flowtables.rst:75
+msgid "Provide a description to the flow table."
+msgstr "Provide a description to the flow table."
+
+#: ../../configuration/firewall/groups.rst:141
msgid "Provide a domain group description."
msgstr "Provide a domain group description."
-#: ../../configuration/firewall/general.rst:297
+#: ../../configuration/firewall/groups.rst:124
msgid "Provide a mac group description."
msgstr "Provide a mac group description."
-#: ../../configuration/firewall/general.rst:279
-#: ../../configuration/firewall/general-legacy.rst:237
+#: ../../configuration/firewall/groups.rst:106
msgid "Provide a port group description."
msgstr "Provide a port group description."
-#: ../../configuration/firewall/general-legacy.rst:281
#: ../../configuration/policy/route.rst:20
msgid "Provide a rule-set description."
msgstr "Provide a rule-set description."
-#: ../../configuration/firewall/general.rst:503
+#: ../../configuration/firewall/bridge.rst:205
+#: ../../configuration/firewall/ipv4.rst:275
+#: ../../configuration/firewall/ipv6.rst:275
msgid "Provide a rule-set description to a custom firewall chain."
msgstr "Provide a rule-set description to a custom firewall chain."
-#: ../../configuration/firewall/general.rst:236
+#: ../../configuration/firewall/groups.rst:63
msgid "Provide an IPv4 or IPv6 network group description."
msgstr "Provide an IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:254
+#: ../../configuration/firewall/groups.rst:81
msgid "Provide an interface group description"
msgstr "Provide an interface group description"
@@ -10509,7 +9814,6 @@ msgid "Provides a backbone area coherence by virtual link establishment."
msgstr "Provides a backbone area coherence by virtual link establishment."
#: ../../_include/interface-per-client-thread.txt:4
-#: ../../_include/interface-per-client-thread.txt:4
msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
@@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64"
msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64"
#: ../../configuration/system/login.rst:234
-#: ../../configuration/vpn/sstp.rst:196
+#: ../../configuration/vpn/sstp.rst:207
msgid "RADIUS"
msgstr "RADIUS"
@@ -10604,7 +9908,7 @@ msgstr "RADIUS authentication"
msgid "RADIUS bandwidth shaping attribute"
msgstr "RADIUS bandwidth shaping attribute"
-#: ../../configuration/service/pppoe-server.rst:125
+#: ../../configuration/service/pppoe-server.rst:112
msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
@@ -10624,7 +9928,7 @@ msgstr "RADIUS source address"
msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
-#: ../../configuration/service/dhcp-server.rst:289
+#: ../../configuration/service/dhcp-server.rst:256
msgid "RFC 868 time server IPv4 address"
msgstr "RFC 868 time server IPv4 address"
@@ -10740,11 +10044,11 @@ msgstr "Recommended for larger installations."
msgid "Redirect HTTP to HTTPS"
msgstr "Redirect HTTP to HTTPS"
-#: ../../configuration/nat/nat44.rst:417
+#: ../../configuration/nat/nat44.rst:431
msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
-#: ../../configuration/nat/nat44.rst:413
+#: ../../configuration/nat/nat44.rst:427
msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
@@ -10755,7 +10059,7 @@ msgstr "Redirect URL to a new location"
#: ../../configuration/protocols/babel.rst:154
#: ../../configuration/protocols/bgp.rst:557
#: ../../configuration/protocols/ospf.rst:564
-#: ../../configuration/protocols/ospf.rst:1249
+#: ../../configuration/protocols/ospf.rst:1251
#: ../../configuration/protocols/rip.rst:136
msgid "Redistribution Configuration"
msgstr "Redistribution Configuration"
@@ -10764,7 +10068,7 @@ msgstr "Redistribution Configuration"
msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
-#: ../../configuration/service/dns.rst:265
+#: ../../configuration/service/dns.rst:278
msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
@@ -10790,22 +10094,7 @@ msgstr "Regular expression to match against an AS path. For example \"64501 6450
msgid "Regular expression to match against an extended community list, where text could be:"
msgstr "Regular expression to match against an extended community list, where text could be:"
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
+#: ../../_include/interface-dhcp-options.txt:71
msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
@@ -10858,7 +10147,7 @@ msgstr "Remote ``InfluxDB`` bucket name"
msgid "Remote database name."
msgstr "Remote database name."
-#: ../../configuration/service/dhcp-server.rst:182
+#: ../../configuration/service/dhcp-server.rst:147
msgid "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
msgstr "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
@@ -10883,25 +10172,10 @@ msgid "Replay protection"
msgstr "Replay protection"
#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
msgstr "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
-#: ../../configuration/service/dhcp-relay.rst:175
+#: ../../configuration/service/dhcp-relay.rst:177
msgid "Requests are forwarded through ``eth2`` as the `upstream interface`"
msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`"
@@ -10917,11 +10191,12 @@ msgstr "Requirements"
msgid "Requirements:"
msgstr "Requirements:"
-#: ../../configuration/firewall/general.rst:1279
+#: ../../configuration/firewall/ipv4.rst:926
+#: ../../configuration/firewall/ipv6.rst:935
msgid "Requirements to enable synproxy:"
msgstr "Requirements to enable synproxy:"
-#: ../../configuration/protocols/bgp.rst:1063
+#: ../../configuration/protocols/bgp.rst:1064
#: ../../configuration/protocols/mpls.rst:248
msgid "Reset"
msgstr "Reset"
@@ -10930,11 +10205,11 @@ msgstr "Reset"
msgid "Reset OpenVPN"
msgstr "Reset OpenVPN"
-#: ../../configuration/system/ipv6.rst:176
+#: ../../configuration/system/ipv6.rst:150
msgid "Reset commands"
msgstr "Reset commands"
-#: ../../configuration/service/dns.rst:186
+#: ../../configuration/service/dns.rst:199
msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
@@ -10946,7 +10221,7 @@ msgstr "Restart"
msgid "Restart DHCP relay service"
msgstr "Restart DHCP relay service"
-#: ../../configuration/service/dhcp-relay.rst:203
+#: ../../configuration/service/dhcp-relay.rst:205
msgid "Restart DHCPv6 relay agent immediately."
msgstr "Restart DHCPv6 relay agent immediately."
@@ -10954,11 +10229,15 @@ msgstr "Restart DHCPv6 relay agent immediately."
msgid "Restart a given container"
msgstr "Restart a given container"
-#: ../../configuration/service/dhcp-server.rst:528
+#: ../../configuration/service/mdns.rst:83
+msgid "Restart mDNS repeater service."
+msgstr "Restart mDNS repeater service."
+
+#: ../../configuration/service/dhcp-server.rst:428
msgid "Restart the DHCP server"
msgstr "Restart the DHCP server"
-#: ../../configuration/protocols/igmp.rst:249
+#: ../../configuration/protocols/igmp-proxy.rst:77
msgid "Restart the IGMP proxy process."
msgstr "Restart the IGMP proxy process."
@@ -10966,7 +10245,7 @@ msgstr "Restart the IGMP proxy process."
msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
-#: ../../configuration/service/dns.rst:191
+#: ../../configuration/service/dns.rst:204
msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
@@ -11012,7 +10291,7 @@ msgstr "Route Aggregation Configuration"
msgid "Route Dampening"
msgstr "Route Dampening"
-#: ../../configuration/protocols/bgp.rst:1188
+#: ../../configuration/protocols/bgp.rst:1189
msgid "Route Filtering"
msgstr "Route Filtering"
@@ -11052,7 +10331,7 @@ msgstr "Route and Route6 Policy"
msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
-#: ../../configuration/protocols/bgp.rst:1190
+#: ../../configuration/protocols/bgp.rst:1191
msgid "Route filter can be applied using a route-map:"
msgstr "Route filter can be applied using a route-map:"
@@ -11084,11 +10363,11 @@ msgstr "Router Lifetime"
msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
-#: ../../configuration/vrf/index.rst:423
+#: ../../configuration/vrf/index.rst:425
msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
-#: ../../configuration/protocols/isis.rst:413
+#: ../../configuration/protocols/isis.rst:441
msgid "Routes on Node 2:"
msgstr "Routes on Node 2:"
@@ -11120,13 +10399,13 @@ msgstr "Routing"
msgid "Routing tables that will be used in this example are:"
msgstr "Routing tables that will be used in this example are:"
-#: ../../configuration/firewall/general-legacy.rst:270
#: ../../configuration/policy/route.rst:10
msgid "Rule-Sets"
msgstr "Rule-Sets"
-#: ../../configuration/firewall/general.rst:1310
-#: ../../configuration/firewall/general-legacy.rst:781
+#: ../../configuration/firewall/bridge.rst:287
+#: ../../configuration/firewall/ipv4.rst:957
+#: ../../configuration/firewall/ipv6.rst:965
msgid "Rule-set overview"
msgstr "Rule-set overview"
@@ -11138,6 +10417,10 @@ msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forw
msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
+#: ../../configuration/firewall/flowtables.rst:151
+msgid "Rule 110 is hit, so connection is accepted."
+msgstr "Rule 110 is hit, so connection is accepted."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:257
msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
@@ -11146,7 +10429,9 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat
msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
-#: ../../configuration/firewall/general.rst:519
+#: ../../configuration/firewall/bridge.rst:208
+#: ../../configuration/firewall/ipv4.rst:288
+#: ../../configuration/firewall/ipv6.rst:288
msgid "Rule Status"
msgstr "Rule Status"
@@ -11162,7 +10447,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba
msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
-#: ../../configuration/service/dns.rst:378
+#: ../../configuration/service/dns.rst:391
msgid "Running Behind NAT"
msgstr "Running Behind NAT"
@@ -11170,6 +10455,10 @@ msgstr "Running Behind NAT"
msgid "SNAT"
msgstr "SNAT"
+#: ../../configuration/nat/nat64.rst:26
+msgid "SNAT64"
+msgstr "SNAT64"
+
#: ../../configuration/nat/nat66.rst:23
msgid "SNAT66"
msgstr "SNAT66"
@@ -11219,8 +10508,6 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se
msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used."
#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
@@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames"
msgstr "SSID to be used in IEEE 802.11 management frames"
#: ../../configuration/vpn/openconnect.rst:24
-#: ../../configuration/vpn/sstp.rst:151
+#: ../../configuration/vpn/sstp.rst:162
msgid "SSL Certificates"
msgstr "SSL Certificates"
@@ -11306,7 +10593,7 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut
msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
-#: ../../configuration/interfaces/vxlan.rst:153
+#: ../../configuration/interfaces/vxlan.rst:174
msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below."
msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below."
@@ -11326,11 +10613,11 @@ msgstr "Script execution"
msgid "Scripting"
msgstr "Scripting"
-#: ../../configuration/nat/nat44.rst:652
+#: ../../configuration/nat/nat44.rst:676
msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
-#: ../../configuration/vpn/sstp.rst:235
+#: ../../configuration/vpn/sstp.rst:246
msgid "Secret for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)"
@@ -11343,6 +10630,10 @@ msgstr "Security"
msgid "Security/authentication messages"
msgstr "Security/authentication messages"
+#: ../../configuration/protocols/pim.rst:109
+msgid "See :rfc:`7761#section-4.1` for details."
+msgstr "See :rfc:`7761#section-4.1` for details."
+
#: ../../configuration/system/ip.rst:52
msgid "See below the different parameters available for the IPv4 **show** command:"
msgstr "See below the different parameters available for the IPv4 **show** command:"
@@ -11371,11 +10662,15 @@ msgstr "Segment routing (SR) is used by the IGP protocols to interconnect networ
msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
msgstr "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
+#: ../../configuration/service/https.rst:50
+msgid "Select TLS version used."
+msgstr "Select TLS version used."
+
#: ../../configuration/interfaces/macsec.rst:34
msgid "Select cipher suite used for cryptographic operations. This setting is mandatory."
msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory."
-#: ../../configuration/vrf/index.rst:466
+#: ../../configuration/vrf/index.rst:468
msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
@@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the
msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)."
#: ../../configuration/interfaces/openvpn.rst:325
-#: ../../configuration/vpn/sstp.rst:199
+#: ../../configuration/vpn/sstp.rst:210
msgid "Server"
msgstr "Server"
@@ -11432,7 +10727,7 @@ msgstr "Server Side"
msgid "Server configuration"
msgstr "Server configuration"
-#: ../../configuration/service/https.rst:50
+#: ../../configuration/service/https.rst:41
msgid "Server names for virtual hosts it can be exact, wildcard or regex."
msgstr "Server names for virtual hosts it can be exact, wildcard or regex."
@@ -11457,19 +10752,19 @@ msgstr "Set BGP community-list to exactly match."
msgid "Set BGP local preference attribute."
msgstr "Set BGP local preference attribute."
-#: ../../configuration/policy/route-map.rst:334
+#: ../../configuration/policy/route-map.rst:336
msgid "Set BGP origin code."
msgstr "Set BGP origin code."
-#: ../../configuration/policy/route-map.rst:339
+#: ../../configuration/policy/route-map.rst:341
msgid "Set BGP originator ID attribute."
msgstr "Set BGP originator ID attribute."
-#: ../../configuration/policy/route-map.rst:357
+#: ../../configuration/policy/route-map.rst:359
msgid "Set BGP weight attribute"
msgstr "Set BGP weight attribute"
-#: ../../configuration/nat/nat44.rst:176
+#: ../../configuration/nat/nat44.rst:188
msgid "Set DNAT rule 20 to only NAT UDP packets"
msgstr "Set DNAT rule 20 to only NAT UDP packets"
@@ -11481,19 +10776,19 @@ msgstr "Set IPSec inbound match criterias, where:"
msgid "Set IP fragment match, where:"
msgstr "Set IP fragment match, where:"
-#: ../../configuration/policy/route-map.rst:329
+#: ../../configuration/policy/route-map.rst:331
msgid "Set OSPF external metric-type."
msgstr "Set OSPF external metric-type."
-#: ../../configuration/nat/nat44.rst:175
+#: ../../configuration/nat/nat44.rst:187
msgid "Set SNAT rule 20 to only NAT TCP and UDP packets"
msgstr "Set SNAT rule 20 to only NAT TCP and UDP packets"
-#: ../../configuration/nat/nat44.rst:189
+#: ../../configuration/nat/nat44.rst:201
msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
msgstr "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
-#: ../../configuration/nat/nat44.rst:191
+#: ../../configuration/nat/nat44.rst:203
msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
@@ -11501,11 +10796,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne
msgid "Set SSL certeficate <name> for service <name>"
msgstr "Set SSL certeficate <name> for service <name>"
-#: ../../configuration/firewall/general.rst:1271
+#: ../../configuration/firewall/ipv4.rst:918
+#: ../../configuration/firewall/ipv6.rst:927
msgid "Set TCP-MSS (maximum segment size) for the connection"
msgstr "Set TCP-MSS (maximum segment size) for the connection"
-#: ../../configuration/service/dns.rst:267
+#: ../../configuration/service/dns.rst:280
msgid "Set TTL to 300 seconds"
msgstr "Set TTL to 300 seconds"
@@ -11517,51 +10813,31 @@ msgstr "Set Virtual Tunnel Interface"
msgid "Set a container description"
msgstr "Set a container description"
-#: ../../configuration/system/conntrack.rst:114
+#: ../../configuration/system/conntrack.rst:113
+msgid "Set a destination and/or source address. Accepted input for ipv4:"
+msgstr "Set a destination and/or source address. Accepted input for ipv4:"
+
+#: ../../configuration/system/conntrack.rst:142
msgid "Set a destination and/or source port. Accepted input:"
msgstr "Set a destination and/or source port. Accepted input:"
#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
-#: ../../configuration/system/login.rst:385
+#: ../../configuration/system/login.rst:387
msgid "Set a limit on the maximum number of concurrent logged-in users on the system."
msgstr "Set a limit on the maximum number of concurrent logged-in users on the system."
-#: ../../configuration/firewall/zone.rst:79
+#: ../../configuration/firewall/zone.rst:98
msgid "Set a meaningful description."
msgstr "Set a meaningful description."
-#: ../../configuration/service/https.rst:18
+#: ../../configuration/service/https.rst:63
msgid "Set a named api key. Every key has the same, full permissions on the system."
msgstr "Set a named api key. Every key has the same, full permissions on the system."
-#: ../../configuration/system/conntrack.rst:92
+#: ../../configuration/system/conntrack.rst:106
msgid "Set a rule description."
msgstr "Set a rule description."
@@ -11693,7 +10969,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa
msgid "Set inbound interface to match."
msgstr "Set inbound interface to match."
-#: ../../configuration/firewall/zone.rst:65
+#: ../../configuration/firewall/zone.rst:84
msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
@@ -11737,7 +11013,7 @@ msgstr "Set maximum `<size>` of DHCP packets including relay agent information.
msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
msgstr "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
-#: ../../configuration/service/dhcp-relay.rst:162
+#: ../../configuration/service/dhcp-relay.rst:164
msgid "Set maximum hop count before packets are discarded, default: 10"
msgstr "Set maximum hop count before packets are discarded, default: 10"
@@ -11779,7 +11055,7 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP
msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
-#: ../../configuration/policy/route-map.rst:348
+#: ../../configuration/policy/route-map.rst:350
msgid "Set prefixes to table."
msgstr "Set prefixes to table."
@@ -11820,7 +11096,7 @@ msgstr "Set some metric to routes learned from a particular neighbor."
msgid "Set source-address to your local IP (LAN)."
msgstr "Set source-address to your local IP (LAN)."
-#: ../../configuration/policy/route-map.rst:344
+#: ../../configuration/policy/route-map.rst:346
msgid "Set source IP/IPv6 address for route."
msgstr "Set source IP/IPv6 address for route."
@@ -11829,7 +11105,7 @@ msgstr "Set source IP/IPv6 address for route."
msgid "Set source address or prefix to match."
msgstr "Set source address or prefix to match."
-#: ../../configuration/policy/route-map.rst:352
+#: ../../configuration/policy/route-map.rst:354
msgid "Set tag value for routing protocol."
msgstr "Set tag value for routing protocol."
@@ -11850,8 +11126,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel."
msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
-#: ../../configuration/firewall/general.rst:162
-#: ../../configuration/firewall/general-legacy.rst:112
+#: ../../configuration/firewall/global-options.rst:99
msgid "Set the IPv4 source validation mode. The following system parameter will be altered:"
msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:"
@@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2."
msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
msgstr "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
+#: ../../configuration/protocols/pim.rst:153
+msgid "Set the PIM hello and hold interval for a interface."
+msgstr "Set the PIM hello and hold interval for a interface."
+
#: ../../configuration/protocols/segment-routing.rst:56
#: ../../configuration/protocols/segment-routing.rst:134
msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535."
@@ -11896,6 +11175,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to
msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
+#: ../../configuration/protocols/pim.rst:147
+msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+
#: ../../configuration/interfaces/pppoe.rst:148
msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
@@ -11920,22 +11203,7 @@ msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instan
msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
+#: ../../_include/interface-dhcp-options.txt:60
msgid "Set the distance for the default gateway sent by the DHCP server."
msgstr "Set the distance for the default gateway sent by the DHCP server."
@@ -11951,15 +11219,15 @@ msgstr "Set the distance for the default gateway sent by the SSTP server."
msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
-#: ../../configuration/firewall/general-legacy.rst:136
+#: ../../configuration/firewall/global-options.rst:127
msgid "Set the global setting for an established connection."
msgstr "Set the global setting for an established connection."
-#: ../../configuration/firewall/general-legacy.rst:142
+#: ../../configuration/firewall/global-options.rst:137
msgid "Set the global setting for invalid packets."
msgstr "Set the global setting for invalid packets."
-#: ../../configuration/firewall/general-legacy.rst:148
+#: ../../configuration/firewall/global-options.rst:147
msgid "Set the global setting for related connections."
msgstr "Set the global setting for related connections."
@@ -11975,7 +11243,7 @@ msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...25
msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
-#: ../../configuration/system/conntrack.rst:147
+#: ../../configuration/system/conntrack.rst:52
msgid "Set the maximum number of TCP half-open connections."
msgstr "Set the maximum number of TCP half-open connections."
@@ -11995,7 +11263,7 @@ msgstr "Set the native VLAN ID flag of the interface. When a data packet without
msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value"
msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value"
-#: ../../configuration/system/conntrack.rst:157
+#: ../../configuration/system/conntrack.rst:62
msgid "Set the number of TCP maximum retransmit attempts."
msgstr "Set the number of TCP maximum retransmit attempts."
@@ -12027,6 +11295,10 @@ msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the
msgid "Set the restart behavior of the container."
msgstr "Set the restart behavior of the container."
+#: ../../configuration/policy/route-map.rst:323
+msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+
#: ../../configuration/policy/route.rst:269
msgid "Set the routing table to forward packet with."
msgstr "Set the routing table to forward packet with."
@@ -12043,11 +11315,11 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes
msgid "Set the source IP of forwarded packets, otherwise original senders address is used."
msgstr "Set the source IP of forwarded packets, otherwise original senders address is used."
-#: ../../configuration/system/conntrack.rst:83
+#: ../../configuration/system/conntrack.rst:97
msgid "Set the timeout in secounds for a protocol or state."
msgstr "Set the timeout in secounds for a protocol or state."
-#: ../../configuration/system/conntrack.rst:141
+#: ../../configuration/system/conntrack.rst:175
msgid "Set the timeout in secounds for a protocol or state in a custom rule."
msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
@@ -12056,7 +11328,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
-#: ../../configuration/firewall/general.rst:1275
+#: ../../configuration/firewall/ipv4.rst:922
+#: ../../configuration/firewall/ipv6.rst:931
msgid "Set the window scale factor for TCP window scaling"
msgstr "Set the window scale factor for TCP window scaling"
@@ -12068,7 +11341,7 @@ msgstr "Set window of concurrently valid codes."
msgid "Sets the image name in the hub registry"
msgstr "Sets the image name in the hub registry"
-#: ../../configuration/interfaces/vxlan.rst:299
+#: ../../configuration/interfaces/vxlan.rst:320
msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
msgstr "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
@@ -12076,7 +11349,7 @@ msgstr "Sets the interface to listen for multicast packets on. Could be a loopba
msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
msgstr "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
-#: ../../configuration/interfaces/vxlan.rst:306
+#: ../../configuration/interfaces/vxlan.rst:327
msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
@@ -12084,7 +11357,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates
msgid "Setting VRRP group priority"
msgstr "Setting VRRP group priority"
-#: ../../configuration/service/dhcp-server.rst:264
+#: ../../configuration/service/dhcp-server.rst:231
msgid "Setting name"
msgstr "Setting name"
@@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:"
msgid "Setting up tunnel:"
msgstr "Setting up tunnel:"
-#: ../../configuration/service/dhcp-server.rst:432
+#: ../../configuration/service/dhcp-server.rst:373
msgid "Setup DHCP failover for network 192.0.2.0/24"
msgstr "Setup DHCP failover for network 192.0.2.0/24"
@@ -12132,7 +11405,7 @@ msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server."
msgid "Setup the `<timeout>` in seconds when querying the TACACS server."
msgstr "Setup the `<timeout>` in seconds when querying the TACACS server."
-#: ../../configuration/service/dns.rst:314
+#: ../../configuration/service/dns.rst:327
msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
@@ -12172,7 +11445,7 @@ msgstr "Short GI capabilities for 20 and 40 MHz"
msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
-#: ../../configuration/vrf/index.rst:486
+#: ../../configuration/vrf/index.rst:488
msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
@@ -12181,16 +11454,17 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the
msgid "Show"
msgstr "Show"
-#: ../../configuration/service/dhcp-server.rst:516
+#: ../../configuration/service/dhcp-server.rst:416
msgid "Show DHCP server daemon log file"
msgstr "Show DHCP server daemon log file"
-#: ../../configuration/service/dhcp-server.rst:736
+#: ../../configuration/service/dhcp-server.rst:668
msgid "Show DHCPv6 server daemon log file"
msgstr "Show DHCPv6 server daemon log file"
-#: ../../configuration/firewall/general.rst:1482
-#: ../../configuration/firewall/general-legacy.rst:965
+#: ../../configuration/firewall/bridge.rst:306
+#: ../../configuration/firewall/ipv4.rst:1115
+#: ../../configuration/firewall/ipv6.rst:1138
msgid "Show Firewall log"
msgstr "Show Firewall log"
@@ -12198,6 +11472,22 @@ msgstr "Show Firewall log"
msgid "Show LLDP neighbors connected via interface `<interface>`."
msgstr "Show LLDP neighbors connected via interface `<interface>`."
+#: ../../configuration/service/ssh.rst:232
+msgid "Show SSH dynamic-protection log."
+msgstr "Show SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:224
+msgid "Show SSH server log."
+msgstr "Show SSH server log."
+
+#: ../../configuration/service/ssh.rst:248
+msgid "Show SSH server public key fingerprints, including a visual ASCII art representation."
+msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation."
+
+#: ../../configuration/service/ssh.rst:244
+msgid "Show SSH server public key fingerprints."
+msgstr "Show SSH server public key fingerprints."
+
#: ../../configuration/loadbalancing/wan.rst:271
msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
msgstr "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
@@ -12242,15 +11532,15 @@ msgstr "Show WWAN module signal strength."
msgid "Show a list available container networks"
msgstr "Show a list available container networks"
-#: ../../configuration/pki/index.rst:259
+#: ../../configuration/pki/index.rst:297
msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
-#: ../../configuration/pki/index.rst:294
+#: ../../configuration/pki/index.rst:332
msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
-#: ../../configuration/pki/index.rst:277
+#: ../../configuration/pki/index.rst:315
msgid "Show a list of installed certificates"
msgstr "Show a list of installed certificates"
@@ -12356,44 +11646,52 @@ msgstr "Show info about the Wireguard service. It also shows the latest handshak
msgid "Show information about physical `<interface>`"
msgstr "Show information about physical `<interface>`"
+#: ../../configuration/service/ssh.rst:240
+msgid "Show list of IPs currently blocked by SSH dynamic-protection."
+msgstr "Show list of IPs currently blocked by SSH dynamic-protection."
+
+#: ../../configuration/service/mdns.rst:87
+msgid "Show logs for mDNS repeater service."
+msgstr "Show logs for mDNS repeater service."
+
#: ../../configuration/container/index.rst:159
msgid "Show logs from a given container"
msgstr "Show logs from a given container"
-#: ../../configuration/service/dhcp-server.rst:520
+#: ../../configuration/service/dhcp-server.rst:420
msgid "Show logs from all DHCP client processes."
msgstr "Show logs from all DHCP client processes."
-#: ../../configuration/service/dhcp-server.rst:740
+#: ../../configuration/service/dhcp-server.rst:672
msgid "Show logs from all DHCPv6 client processes."
msgstr "Show logs from all DHCPv6 client processes."
-#: ../../configuration/service/dhcp-server.rst:524
+#: ../../configuration/service/dhcp-server.rst:424
msgid "Show logs from specific `interface` DHCP client process."
msgstr "Show logs from specific `interface` DHCP client process."
-#: ../../configuration/service/dhcp-server.rst:744
+#: ../../configuration/service/dhcp-server.rst:676
msgid "Show logs from specific `interface` DHCPv6 client process."
msgstr "Show logs from specific `interface` DHCPv6 client process."
-#: ../../configuration/pki/index.rst:273
+#: ../../configuration/pki/index.rst:311
msgid "Show only information for specified Certificate Authority."
msgstr "Show only information for specified Certificate Authority."
-#: ../../configuration/pki/index.rst:290
+#: ../../configuration/pki/index.rst:328
msgid "Show only information for specified certificate."
msgstr "Show only information for specified certificate."
-#: ../../configuration/service/dhcp-server.rst:562
-#: ../../configuration/service/dhcp-server.rst:767
+#: ../../configuration/service/dhcp-server.rst:478
+#: ../../configuration/service/dhcp-server.rst:699
msgid "Show only leases in the specified pool."
msgstr "Show only leases in the specified pool."
-#: ../../configuration/service/dhcp-server.rst:776
+#: ../../configuration/service/dhcp-server.rst:708
msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
-#: ../../configuration/service/dhcp-server.rst:571
+#: ../../configuration/service/dhcp-server.rst:496
msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
@@ -12405,19 +11703,23 @@ msgstr "Show routing table entry for the default route."
msgid "Show specific MACsec interface information"
msgstr "Show specific MACsec interface information"
-#: ../../configuration/vpn/site2site_ipsec.rst:217
+#: ../../configuration/vpn/site2site_ipsec.rst:221
msgid "Show status of new setup:"
msgstr "Show status of new setup:"
-#: ../../configuration/service/dhcp-server.rst:547
+#: ../../configuration/service/dhcp-server.rst:447
msgid "Show statuses of all active leases:"
msgstr "Show statuses of all active leases:"
-#: ../../configuration/service/dhcp-server.rst:532
+#: ../../configuration/service/dhcp-server.rst:465
+msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+
+#: ../../configuration/service/dhcp-server.rst:432
msgid "Show the DHCP server statistics:"
msgstr "Show the DHCP server statistics:"
-#: ../../configuration/service/dhcp-server.rst:543
+#: ../../configuration/service/dhcp-server.rst:443
msgid "Show the DHCP server statistics for the specified pool."
msgstr "Show the DHCP server statistics for the specified pool."
@@ -12437,11 +11739,22 @@ msgstr "Show the list of all active containers."
msgid "Show the local container images."
msgstr "Show the local container images."
-#: ../../configuration/firewall/general.rst:1486
#: ../../configuration/firewall/general-legacy.rst:969
msgid "Show the logs of a specific Rule-Set."
msgstr "Show the logs of a specific Rule-Set."
+#: ../../configuration/firewall/bridge.rst:316
+msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv4.rst:1125
+msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv6.rst:1148
+msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
#: ../../configuration/protocols/failover.rst:75
#: ../../configuration/protocols/failover.rst:101
msgid "Show the route"
@@ -12455,7 +11768,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP"
msgid "Showing BFD monitored static routes"
msgstr "Showing BFD monitored static routes"
-#: ../../configuration/service/dhcp-server.rst:752
+#: ../../configuration/service/dhcp-server.rst:684
msgid "Shows status of all assigned leases:"
msgstr "Shows status of all assigned leases:"
@@ -12483,7 +11796,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)"
msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
-#: ../../configuration/vpn/site2site_ipsec.rst:418
+#: ../../configuration/vpn/site2site_ipsec.rst:427
msgid "Similar combinations are applicable for the dead-peer-detection."
msgstr "Similar combinations are applicable for the dead-peer-detection."
@@ -12519,7 +11832,11 @@ msgstr "Since the RADIUS server would be a single point of failure, multiple RAD
msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
-#: ../../configuration/interfaces/vxlan.rst:136
+#: ../../configuration/service/mdns.rst:14
+msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+
+#: ../../configuration/interfaces/vxlan.rst:157
msgid "Single VXLAN device (SVD)"
msgstr "Single VXLAN device (SVD)"
@@ -12540,6 +11857,10 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor
msgid "Site to Site VPN"
msgstr "Site to Site VPN"
+#: ../../configuration/pki/index.rst:275
+msgid "Size of the RSA key."
+msgstr "Size of the RSA key."
+
#: ../../configuration/interfaces/bonding.rst:47
msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
@@ -12548,27 +11869,15 @@ msgstr "Slave selection for outgoing traffic is done according to the transmit h
msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
+#: ../../configuration/nat/nat44.rst:579
+msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+
#: ../../configuration/service/snmp.rst:245
msgid "SolarWinds"
msgstr "SolarWinds"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
@@ -12580,15 +11889,18 @@ msgstr "Some IT environments require the use of a proxy to connect to the Intern
msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
-#: ../../configuration/nat/nat44.rst:626
+#: ../../configuration/nat/nat44.rst:650
msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
-#: ../../configuration/firewall/general.rst:86
#: ../../configuration/firewall/general-legacy.rst:38
msgid "Some firewall settings are global and have an affect on the whole system."
msgstr "Some firewall settings are global and have an affect on the whole system."
+#: ../../configuration/firewall/global-options.rst:13
+msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+
#: ../../configuration/trafficpolicy/index.rst:327
msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
@@ -12621,15 +11933,15 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their
msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
-#: ../../configuration/service/dhcp-server.rst:771
+#: ../../configuration/service/dhcp-server.rst:703
msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
-#: ../../configuration/service/dhcp-server.rst:566
+#: ../../configuration/service/dhcp-server.rst:491
msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
-#: ../../configuration/nat/nat44.rst:226
+#: ../../configuration/nat/nat44.rst:238
msgid "Source Address"
msgstr "Source Address"
@@ -12637,7 +11949,7 @@ msgstr "Source Address"
msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
-#: ../../configuration/vpn/sstp.rst:257
+#: ../../configuration/vpn/sstp.rst:268
msgid "Source IPv4 address used in all RADIUS server queires."
msgstr "Source IPv4 address used in all RADIUS server queires."
@@ -12662,6 +11974,10 @@ msgid "Source protocol to match."
msgstr "Source protocol to match."
#: ../../configuration/vpn/ipsec.rst:225
+msgid "Source tunnel from dummy interface"
+msgstr "Source tunnel from dummy interface"
+
+#: ../../configuration/vpn/ipsec.rst:225
msgid "Source tunnel from loopbacks"
msgstr "Source tunnel from loopbacks"
@@ -12685,15 +12001,15 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings"
msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
-#: ../../configuration/vpn/sstp.rst:227
+#: ../../configuration/vpn/sstp.rst:238
msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
-#: ../../configuration/vpn/sstp.rst:183
+#: ../../configuration/vpn/sstp.rst:194
msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
-#: ../../configuration/vrf/index.rst:475
+#: ../../configuration/vrf/index.rst:477
msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
@@ -12705,6 +12021,10 @@ msgstr "Specifies an upstream network `<interface>` from which replies from `<se
msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
+#: ../../configuration/interfaces/vxlan.rst:89
+msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+
#: ../../configuration/interfaces/bonding.rst:40
msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
@@ -12737,7 +12057,7 @@ msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algori
msgid "Specifies the base DN under which the users are located."
msgstr "Specifies the base DN under which the users are located."
-#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:239
msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
@@ -12774,31 +12094,35 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4
msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
-#: ../../configuration/vrf/index.rst:450
+#: ../../configuration/vrf/index.rst:452
msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
-#: ../../configuration/vrf/index.rst:443
+#: ../../configuration/vrf/index.rst:445
msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
-#: ../../configuration/vpn/sstp.rst:270
+#: ../../configuration/vpn/sstp.rst:281
msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
-#: ../../configuration/vpn/sstp.rst:177
+#: ../../configuration/vpn/sstp.rst:188
msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
-#: ../../configuration/interfaces/vxlan.rst:72
+#: ../../configuration/interfaces/vxlan.rst:77
msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
+#: ../../configuration/interfaces/vxlan.rst:94
+msgid "Specifies whether the VXLAN device is capable of vni filtering."
+msgstr "Specifies whether the VXLAN device is capable of vni filtering."
+
#: ../../configuration/protocols/ospf.rst:268
msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
-#: ../../configuration/vpn/sstp.rst:261
+#: ../../configuration/vpn/sstp.rst:272
msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
@@ -12806,23 +12130,27 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat
msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
-#: ../../configuration/firewall/general.rst:663
-#: ../../configuration/firewall/general-legacy.rst:455
+#: ../../configuration/firewall/ipv4.rst:401
+#: ../../configuration/firewall/ipv6.rst:408
msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
-#: ../../configuration/service/dhcp-server.rst:620
+#: ../../configuration/service/dhcp-server.rst:550
msgid "Specify a NIS+ server address for DHCPv6 clients."
msgstr "Specify a NIS+ server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:615
+#: ../../configuration/service/dhcp-server.rst:545
msgid "Specify a NIS server address for DHCPv6 clients."
msgstr "Specify a NIS server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:625
+#: ../../configuration/service/dhcp-server.rst:555
msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
+#: ../../configuration/protocols/pim.rst:129
+msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+
#: ../../configuration/system/task-scheduler.rst:33
msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed."
msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed."
@@ -12870,42 +12198,10 @@ msgid "Specify the LDAP server to connect to."
msgstr "Specify the LDAP server to connect to."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
@@ -12929,7 +12225,7 @@ msgstr "Specify the systems `<timezone>` as the Region/Location that best define
msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
msgstr "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
-#: ../../configuration/service/dns.rst:256
+#: ../../configuration/service/dns.rst:269
msgid "Specify timeout / update interval to check if IP address changed."
msgstr "Specify timeout / update interval to check if IP address changed."
@@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed."
msgid "Specify timeout interval for keepalive message in seconds."
msgstr "Specify timeout interval for keepalive message in seconds."
-#: ../../configuration/interfaces/vxlan.rst:170
+#: ../../configuration/interfaces/vxlan.rst:191
msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
@@ -12953,7 +12249,11 @@ msgstr "Spoke"
msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
-#: ../../configuration/nat/nat44.rst:791
+#: ../../configuration/service/https.rst:56
+msgid "Start Webserver in given VRF."
+msgstr "Start Webserver in given VRF."
+
+#: ../../configuration/nat/nat44.rst:813
msgid "Start by checking for IPSec SAs (Security Associations) with:"
msgstr "Start by checking for IPSec SAs (Security Associations) with:"
@@ -12961,6 +12261,10 @@ msgstr "Start by checking for IPSec SAs (Security Associations) with:"
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
+#: ../../configuration/firewall/zone.rst:13
+msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+
#: ../../configuration/firewall/index.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
@@ -12981,7 +12285,7 @@ msgstr "Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functiona
msgid "Static"
msgstr "Static"
-#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/service/dhcp-server.rst:189
msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
msgstr "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
@@ -13009,13 +12313,13 @@ msgstr "Static Routing or other dynamic routing protocols can be used over the v
msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
-#: ../../configuration/service/dhcp-server.rst:209
-#: ../../configuration/service/dhcp-server.rst:689
+#: ../../configuration/service/dhcp-server.rst:174
+#: ../../configuration/service/dhcp-server.rst:621
msgid "Static mappings"
msgstr "Static mappings"
-#: ../../configuration/service/dhcp-server.rst:557
-#: ../../configuration/service/dhcp-server.rst:762
+#: ../../configuration/service/dhcp-server.rst:460
+#: ../../configuration/service/dhcp-server.rst:694
msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
@@ -13059,6 +12363,10 @@ msgstr "Supported Modules"
msgid "Supported channel width set."
msgstr "Supported channel width set."
+#: ../../configuration/system/frr.rst:30
+msgid "Supported daemons:"
+msgstr "Supported daemons:"
+
#: ../../configuration/service/router-advert.rst:11
msgid "Supported interface types:"
msgstr "Supported interface types:"
@@ -13096,15 +12404,18 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect
msgid "Sync groups"
msgstr "Sync groups"
-#: ../../configuration/firewall/general.rst:1264
+#: ../../configuration/firewall/ipv4.rst:911
+#: ../../configuration/firewall/ipv6.rst:920
msgid "Synproxy"
msgstr "Synproxy"
-#: ../../configuration/firewall/general.rst:1265
+#: ../../configuration/firewall/ipv4.rst:912
+#: ../../configuration/firewall/ipv6.rst:921
msgid "Synproxy connections"
msgstr "Synproxy connections"
-#: ../../configuration/firewall/general.rst:1282
+#: ../../configuration/firewall/ipv4.rst:929
+#: ../../configuration/firewall/ipv6.rst:938
msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
@@ -13177,7 +12488,7 @@ msgstr "System is unusable - a panic condition"
msgid "TACACS+"
msgstr "TACACS+"
-#: ../../configuration/system/login.rst:416
+#: ../../configuration/system/login.rst:418
msgid "TACACS Example"
msgstr "TACACS Example"
@@ -13226,6 +12537,14 @@ msgstr "Telegraf output plugin prometheus-client_"
msgid "Telegraf output plugin splunk_. HTTP Event Collector."
msgstr "Telegraf output plugin splunk_. HTTP Event Collector."
+#: ../../configuration/protocols/pim.rst:157
+msgid "Tell PIM that we would not like to use this interface to process bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process bootstrap messages."
+
+#: ../../configuration/protocols/pim.rst:162
+msgid "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+
#: ../../configuration/service/router-advert.rst:1
msgid "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
@@ -13234,7 +12553,7 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a
msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
-#: ../../configuration/vpn/sstp.rst:216
+#: ../../configuration/vpn/sstp.rst:227
msgid "Temporary disable this RADIUS server."
msgstr "Temporary disable this RADIUS server."
@@ -13266,15 +12585,19 @@ msgstr "Test disconnecting given connection-oriented interface. `<interface>` ca
msgid "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
msgstr "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
-#: ../../configuration/vpn/sstp.rst:293
+#: ../../configuration/nat/nat64.rst:70
+msgid "Test from the IPv6 only client:"
+msgstr "Test from the IPv6 only client:"
+
+#: ../../configuration/vpn/sstp.rst:305
msgid "Testing SSTP"
msgstr "Testing SSTP"
-#: ../../configuration/nat/nat44.rst:786
+#: ../../configuration/nat/nat44.rst:808
msgid "Testing and Validation"
msgstr "Testing and Validation"
-#: ../../configuration/interfaces/vxlan.rst:125
+#: ../../configuration/interfaces/vxlan.rst:146
msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
@@ -13282,7 +12605,7 @@ msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 wil
msgid "That is how it is possible to do the so-called \"ingress shaping\"."
msgstr "That is how it is possible to do the so-called \"ingress shaping\"."
-#: ../../configuration/nat/nat44.rst:806
+#: ../../configuration/nat/nat44.rst:828
msgid "That looks good - we defined 2 tunnels and they're both up and running."
msgstr "That looks good - we defined 2 tunnels and they're both up and running."
@@ -13290,7 +12613,7 @@ msgstr "That looks good - we defined 2 tunnels and they're both up and running."
msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
-#: ../../configuration/nat/nat44.rst:724
+#: ../../configuration/nat/nat44.rst:746
msgid "The ASP has documented their IPSec requirements:"
msgstr "The ASP has documented their IPSec requirements:"
@@ -13307,21 +12630,6 @@ msgid "The CLNS address consists of the following parts:"
msgstr "The CLNS address consists of the following parts:"
#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
@@ -13341,7 +12649,7 @@ msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tr
msgid "The HTTP service listen on TCP port 80."
msgstr "The HTTP service listen on TCP port 80."
-#: ../../configuration/nat/nat44.rst:505
+#: ../../configuration/nat/nat44.rst:525
msgid "The IP address of the internal system we wish to forward traffic to."
msgstr "The IP address of the internal system we wish to forward traffic to."
@@ -13365,7 +12673,7 @@ msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which
msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
-#: ../../configuration/vpn/openconnect.rst:287
+#: ../../configuration/vpn/openconnect.rst:294
msgid "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
msgstr "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
@@ -13393,18 +12701,22 @@ msgstr "The VXLAN specification was originally created by VMware, Arista Network
msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
-#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:173
msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
-#: ../../configuration/service/dns.rst:158
+#: ../../configuration/service/dns.rst:171
msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
-#: ../../configuration/service/dns.rst:162
+#: ../../configuration/service/dns.rst:175
msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
+#: ../../configuration/pki/index.rst:254
+msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+
#: ../../configuration/container/index.rst:7
msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
@@ -13466,14 +12778,19 @@ msgstr "The ``source-address`` must be configured on one of VyOS interface. Best
msgid "The `show bridge` operational command can be used to display configured bridges:"
msgstr "The `show bridge` operational command can be used to display configured bridges:"
-#: ../../configuration/vpn/openconnect.rst:246
+#: ../../configuration/vpn/openconnect.rst:253
msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
-#: ../../configuration/firewall/general.rst:332
+#: ../../configuration/firewall/ipv4.rst:86
+#: ../../configuration/firewall/ipv6.rst:86
msgid "The action can be :"
msgstr "The action can be :"
+#: ../../configuration/pki/index.rst:271
+msgid "The address the server listens to during http-01 challenge"
+msgstr "The address the server listens to during http-01 challenge"
+
#: ../../configuration/protocols/bgp.rst:775
msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
msgstr "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
@@ -13483,25 +12800,6 @@ msgid "The allocated address block is 100.64.0.0/10."
msgstr "The allocated address block is 100.64.0.0/10."
#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
msgid "The amount of Duplicate Address Detection probes to send."
msgstr "The amount of Duplicate Address Detection probes to send."
@@ -13525,7 +12823,7 @@ msgstr "The bonding interface provides a method for aggregating multiple network
msgid "The case of ingress shaping"
msgstr "The case of ingress shaping"
-#: ../../configuration/service/pppoe-server.rst:398
+#: ../../configuration/service/pppoe-server.rst:385
msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
@@ -13541,7 +12839,7 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then
msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
-#: ../../configuration/service/pppoe-server.rst:244
+#: ../../configuration/service/pppoe-server.rst:231
msgid "The command below enables it, assuming the RADIUS connection has been setup and is working."
msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working."
@@ -13557,9 +12855,9 @@ msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote syst
msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
-#: ../../configuration/service/dhcp-server.rst:244
-#: ../../configuration/service/dhcp-server.rst:670
-#: ../../configuration/service/dhcp-server.rst:712
+#: ../../configuration/service/dhcp-server.rst:210
+#: ../../configuration/service/dhcp-server.rst:601
+#: ../../configuration/service/dhcp-server.rst:644
msgid "The configuration will look as follows:"
msgstr "The configuration will look as follows:"
@@ -13579,7 +12877,7 @@ msgstr "The connection tracking expect table contains one entry for each expecte
msgid "The connection tracking table contains one entry for each connection being tracked by the system."
msgstr "The connection tracking table contains one entry for each connection being tracked by the system."
-#: ../../configuration/service/pppoe-server.rst:238
+#: ../../configuration/service/pppoe-server.rst:225
msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
@@ -13607,30 +12905,18 @@ msgstr "The default hostname used is `vyos`."
msgid "The default is 1492."
msgstr "The default is 1492."
-#: ../../configuration/service/dhcp-server.rst:596
+#: ../../configuration/service/dhcp-server.rst:526
msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
msgstr "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
-#: ../../configuration/interfaces/vxlan.rst:336
+#: ../../configuration/interfaces/vxlan.rst:357
msgid "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
msgstr "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
+#: ../../configuration/protocols/pim.rst:52
+msgid "The default time is 60 seconds."
+msgstr "The default time is 60 seconds."
+
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
msgid "The default value corresponds to 64."
msgstr "The default value corresponds to 64."
@@ -13643,7 +12929,15 @@ msgstr "The default value is 0. This will cause the carrier to be asserted (for
msgid "The default value is 300 seconds."
msgstr "The default value is 300 seconds."
-#: ../../configuration/service/dhcp-server.rst:113
+#: ../../configuration/protocols/pim.rst:214
+msgid "The default value is 3."
+msgstr "The default value is 3."
+
+#: ../../configuration/protocols/pim.rst:68
+msgid "The default value is 3 packets."
+msgstr "The default value is 3 packets."
+
+#: ../../configuration/service/dhcp-server.rst:99
msgid "The default value is 86400 seconds which corresponds to one day."
msgstr "The default value is 86400 seconds which corresponds to one day."
@@ -13655,25 +12949,29 @@ msgstr "The default value is slow."
msgid "The default values for the minimum-threshold depend on IP precedence:"
msgstr "The default values for the minimum-threshold depend on IP precedence:"
-#: ../../configuration/interfaces/vxlan.rst:313
+#: ../../configuration/interfaces/vxlan.rst:334
msgid "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
msgstr "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
-#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/interfaces/vxlan.rst:98
+msgid "The device can only receive packets with VNIs configured in the VNI filtering table."
+msgstr "The device can only receive packets with VNIs configured in the VNI filtering table."
+
+#: ../../configuration/service/dhcp-server.rst:165
msgid "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
msgstr "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
-#: ../../configuration/service/dhcp-server.rst:36
-#: ../../configuration/service/dhcp-server.rst:138
+#: ../../configuration/service/dhcp-server.rst:31
+#: ../../configuration/service/dhcp-server.rst:124
msgid "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
msgstr "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
-#: ../../configuration/service/dhcp-server.rst:45
-#: ../../configuration/service/dhcp-server.rst:145
+#: ../../configuration/service/dhcp-server.rst:40
+#: ../../configuration/service/dhcp-server.rst:131
msgid "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
msgstr "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
-#: ../../configuration/nat/nat44.rst:694
+#: ../../configuration/nat/nat44.rst:718
msgid "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
msgstr "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
@@ -13689,11 +12987,11 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co
msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
-#: ../../configuration/service/pppoe-server.rst:382
+#: ../../configuration/service/pppoe-server.rst:369
msgid "The example below covers a dual-stack configuration via pppoe-server."
msgstr "The example below covers a dual-stack configuration via pppoe-server."
-#: ../../configuration/service/pppoe-server.rst:361
+#: ../../configuration/service/pppoe-server.rst:348
msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
@@ -13705,7 +13003,7 @@ msgstr "The example configuration below will assign an IP to the client on the i
msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
-#: ../../configuration/nat/nat44.rst:319
+#: ../../configuration/nat/nat44.rst:331
msgid "The external IP address to translate to"
msgstr "The external IP address to translate to"
@@ -13730,23 +13028,18 @@ msgid "The first and arguably cleaner option is to make your IPsec policy match
msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses."
#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
msgid "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
msgstr "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
+#: ../../configuration/protocols/pim.rst:93
+msgid "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+msgstr "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+
#: ../../configuration/vpn/dmvpn.rst:63
msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
-#: ../../configuration/vpn/sstp.rst:299
+#: ../../configuration/vpn/sstp.rst:311
msgid "The following PPP configuration tests MSCHAP-v2:"
msgstr "The following PPP configuration tests MSCHAP-v2:"
@@ -13810,6 +13103,10 @@ msgstr "The following example topology was built using EVE-NG."
msgid "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
msgstr "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
+#: ../../configuration/nat/nat64.rst:40
+msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+
#: ../../configuration/interfaces/wwan.rst:309
msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
@@ -13839,7 +13136,7 @@ msgid "The forwarding delay time is the time spent in each of the listening and
msgstr "The forwarding delay time is the time spent in each of the listening and learning states before the Forwarding state is entered. This delay is so that when a new bridge comes onto a busy network it looks at some traffic before participating."
#: ../../configuration/service/dhcp-relay.rst:98
-#: ../../configuration/service/dhcp-relay.rst:184
+#: ../../configuration/service/dhcp-relay.rst:186
msgid "The generated configuration will look like:"
msgstr "The generated configuration will look like:"
@@ -13871,7 +13168,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w
msgid "The hostname or IP address of the master"
msgstr "The hostname or IP address of the master"
-#: ../../configuration/service/dhcp-server.rst:700
+#: ../../configuration/service/dhcp-server.rst:632
msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
@@ -13880,12 +13177,10 @@ msgid "The individual spoke configurations only differ in the local IP address o
msgstr "The individual spoke configurations only differ in the local IP address on the ``tun10`` interface. See the above diagram for the individual IP addresses."
#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
-#: ../../configuration/nat/nat44.rst:503
+#: ../../configuration/nat/nat44.rst:523
msgid "The interface traffic will be coming in on;"
msgstr "The interface traffic will be coming in on;"
@@ -13893,7 +13188,7 @@ msgstr "The interface traffic will be coming in on;"
msgid "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
msgstr "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
-#: ../../configuration/nat/nat44.rst:317
+#: ../../configuration/nat/nat44.rst:329
msgid "The internal IP addresses we want to translate"
msgstr "The internal IP addresses we want to translate"
@@ -13937,6 +13232,14 @@ msgstr "The local site will have a subnet of 10.0.0.0/16."
msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
+#: ../../configuration/firewall/index.rst:20
+msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+
+#: ../../configuration/firewall/index.rst:92
+msgid "The main structure VyOS firewall cli is shown next:"
+msgstr "The main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/interfaces/bonding.rst:271
msgid "The maximum number of targets that can be specified is 16. The default value is no IP address."
msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address."
@@ -13961,7 +13264,7 @@ msgstr "The minimal echo receive transmission interval that this system is capab
msgid "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
msgstr "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
-#: ../../configuration/interfaces/vxlan.rst:292
+#: ../../configuration/interfaces/vxlan.rst:313
msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
@@ -14010,12 +13313,10 @@ msgid "The optional parameter register specifies that Registration Request shoul
msgstr "The optional parameter register specifies that Registration Request should be sent to this peer on startup."
#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
msgid "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
msgstr "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
-#: ../../configuration/nat/nat44.rst:318
+#: ../../configuration/nat/nat44.rst:330
msgid "The outgoing interface to perform the translation on"
msgstr "The outgoing interface to perform the translation on"
@@ -14051,11 +13352,11 @@ msgstr "The prefix and ASN that originated it match a signed ROA. These are prob
msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
-#: ../../configuration/service/dhcp-server.rst:434
+#: ../../configuration/service/dhcp-server.rst:375
msgid "The primary DHCP server uses address `192.168.189.252`"
msgstr "The primary DHCP server uses address `192.168.189.252`"
-#: ../../configuration/service/dhcp-server.rst:193
+#: ../../configuration/service/dhcp-server.rst:158
msgid "The primary and secondary statements determines whether the server is primary or secondary."
msgstr "The primary and secondary statements determines whether the server is primary or secondary."
@@ -14067,7 +13368,7 @@ msgstr "The primary option is only valid for active-backup, transmit-load-balanc
msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
msgstr "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
-#: ../../configuration/service/dhcp-server.rst:609
+#: ../../configuration/service/dhcp-server.rst:539
msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
@@ -14075,7 +13376,7 @@ msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus
msgid "The prompt is adjusted to reflect this change in both config and op-mode."
msgstr "The prompt is adjusted to reflect this change in both config and op-mode."
-#: ../../configuration/nat/nat44.rst:504
+#: ../../configuration/nat/nat44.rst:524
msgid "The protocol and port we wish to forward;"
msgstr "The protocol and port we wish to forward;"
@@ -14124,7 +13425,7 @@ msgstr "The remote user will use the openconnect client to connect to the router
msgid "The required config file may look like this:"
msgstr "The required config file may look like this:"
-#: ../../configuration/nat/nat44.rst:683
+#: ../../configuration/nat/nat44.rst:707
msgid "The required configuration can be broken down into 4 major pieces:"
msgstr "The required configuration can be broken down into 4 major pieces:"
@@ -14160,7 +13461,7 @@ msgstr "The router should discard DHCP packages already containing relay agent i
msgid "The sFlow accounting based on hsflowd https://sflow.net/"
msgstr "The sFlow accounting based on hsflowd https://sflow.net/"
-#: ../../configuration/vpn/openconnect.rst:263
+#: ../../configuration/vpn/openconnect.rst:270
msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
@@ -14172,7 +13473,7 @@ msgstr "The scheme above doesn't work when one of the routers has a dynamic exte
msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
msgstr "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
-#: ../../configuration/service/dhcp-server.rst:435
+#: ../../configuration/service/dhcp-server.rst:376
msgid "The secondary DHCP server uses address `192.168.189.253`"
msgstr "The secondary DHCP server uses address `192.168.189.253`"
@@ -14184,7 +13485,7 @@ msgstr "The security approach in SNMPv3 targets:"
msgid "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
msgstr "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
-#: ../../configuration/interfaces/vxlan.rst:168
+#: ../../configuration/interfaces/vxlan.rst:189
msgid "The setup is this: Leaf2 - Spine1 - Leaf3"
msgstr "The setup is this: Leaf2 - Spine1 - Leaf3"
@@ -14197,11 +13498,6 @@ msgid "The speed (baudrate) of the console device. Supported values are:"
msgstr "The speed (baudrate) of the console device. Supported values are:"
#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
@@ -14221,7 +13517,7 @@ msgstr "The table consists of following data:"
msgid "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
msgstr "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
-#: ../../configuration/nat/nat44.rst:233
+#: ../../configuration/nat/nat44.rst:245
msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
@@ -14245,22 +13541,7 @@ msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for mult
msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
+#: ../../_include/interface-dhcp-options.txt:36
msgid "The vendor-class-id option can be used to request a specific class of vendor options from the server."
msgstr "The vendor-class-id option can be used to request a specific class of vendor options from the server."
@@ -14276,7 +13557,7 @@ msgstr "The window size must be between 1 and 21."
msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
-#: ../../configuration/nat/nat44.rst:597
+#: ../../configuration/nat/nat44.rst:621
msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
@@ -14300,16 +13581,22 @@ msgstr "There's a variety of client GUI frontends for any platform"
msgid "There are 3 default NTP server set. You are able to change them."
msgstr "There are 3 default NTP server set. You are able to change them."
-#: ../../configuration/firewall/general.rst:536
-#: ../../configuration/firewall/general-legacy.rst:380
+#: ../../configuration/firewall/ipv4.rst:269
+#: ../../configuration/firewall/ipv6.rst:269
msgid "There are a lot of matching criteria against which the package can be tested."
msgstr "There are a lot of matching criteria against which the package can be tested."
+#: ../../configuration/firewall/bridge.rst:221
+#: ../../configuration/firewall/ipv4.rst:303
+#: ../../configuration/firewall/ipv6.rst:303
+msgid "There are a lot of matching criteria against which the packet can be tested."
+msgstr "There are a lot of matching criteria against which the packet can be tested."
+
#: ../../configuration/policy/route.rst:40
msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
-#: ../../configuration/system/ipv6.rst:91
+#: ../../configuration/system/ipv6.rst:92
msgid "There are different parameters for getting prefix-list information:"
msgstr "There are different parameters for getting prefix-list information:"
@@ -14362,33 +13649,9 @@ msgid "There is also a GRE over IPv6 encapsulation available, it is called: ``ip
msgstr "There is also a GRE over IPv6 encapsulation available, it is called: ``ip6gre``."
#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
msgid "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
msgstr "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
-#: ../../configuration/protocols/igmp.rst:93
#: ../../configuration/protocols/pim6.rst:27
msgid "These are the commands for a basic setup."
msgstr "These are the commands for a basic setup."
@@ -14413,6 +13676,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u
msgid "They can be **decimal** prefixes."
msgstr "They can be **decimal** prefixes."
+#: ../../configuration/firewall/flowtables.rst:102
+msgid "Things to be considred in this setup:"
+msgstr "Things to be considred in this setup:"
+
#: ../../configuration/interfaces/l2tpv3.rst:54
msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
@@ -14438,6 +13705,10 @@ msgstr "This algorithm will place all traffic to a particular network peer on th
msgid "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
msgstr "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
+#: ../../configuration/system/frr.rst:17
+msgid "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+msgstr "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+
#: ../../configuration/service/dns.rst:41
msgid "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
msgstr "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
@@ -14503,7 +13774,7 @@ msgstr "This command allows to specify the distribution type for the network con
msgid "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
msgstr "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
-#: ../../configuration/protocols/ospf.rst:1259
+#: ../../configuration/protocols/ospf.rst:1261
msgid "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -14734,23 +14005,27 @@ msgstr "This command disables route reflection between route reflector clients.
msgid "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
msgstr "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
-#: ../../configuration/protocols/bgp.rst:1008
+#: ../../configuration/protocols/isis.rst:318
+msgid "This command disables the load sharing across multiple LFA backups."
+msgstr "This command disables the load sharing across multiple LFA backups."
+
+#: ../../configuration/protocols/bgp.rst:1009
msgid "This command displays BGP dampened routes."
msgstr "This command displays BGP dampened routes."
-#: ../../configuration/protocols/bgp.rst:1031
+#: ../../configuration/protocols/bgp.rst:1032
msgid "This command displays BGP received-routes that are accepted after filtering."
msgstr "This command displays BGP received-routes that are accepted after filtering."
-#: ../../configuration/protocols/bgp.rst:1021
+#: ../../configuration/protocols/bgp.rst:1022
msgid "This command displays BGP routes advertised to a neighbor."
msgstr "This command displays BGP routes advertised to a neighbor."
-#: ../../configuration/protocols/bgp.rst:1016
+#: ../../configuration/protocols/bgp.rst:1017
msgid "This command displays BGP routes allowed by the specified AS Path access list."
msgstr "This command displays BGP routes allowed by the specified AS Path access list."
-#: ../../configuration/protocols/bgp.rst:1025
+#: ../../configuration/protocols/bgp.rst:1026
msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
msgstr "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
@@ -14763,17 +14038,17 @@ msgid "This command displays RIP routes."
msgstr "This command displays RIP routes."
#: ../../configuration/protocols/ospf.rst:785
-#: ../../configuration/protocols/ospf.rst:1304
+#: ../../configuration/protocols/ospf.rst:1306
msgid "This command displays a database contents for a specific link advertisement type."
msgstr "This command displays a database contents for a specific link advertisement type."
#: ../../configuration/protocols/ospf.rst:752
-#: ../../configuration/protocols/ospf.rst:1299
+#: ../../configuration/protocols/ospf.rst:1301
msgid "This command displays a summary table with a database contents (LSA)."
msgstr "This command displays a summary table with a database contents (LSA)."
#: ../../configuration/protocols/ospf.rst:747
-#: ../../configuration/protocols/ospf.rst:1294
+#: ../../configuration/protocols/ospf.rst:1296
msgid "This command displays a table of paths to area boundary and autonomous system boundary routers."
msgstr "This command displays a table of paths to area boundary and autonomous system boundary routers."
@@ -14781,35 +14056,35 @@ msgstr "This command displays a table of paths to area boundary and autonomous s
msgid "This command displays all entries in BGP routing table."
msgstr "This command displays all entries in BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1035
+#: ../../configuration/protocols/bgp.rst:1036
msgid "This command displays dampened routes received from BGP neighbor."
msgstr "This command displays dampened routes received from BGP neighbor."
-#: ../../configuration/protocols/ospf.rst:1309
+#: ../../configuration/protocols/ospf.rst:1311
msgid "This command displays external information redistributed into OSPFv3"
msgstr "This command displays external information redistributed into OSPFv3"
-#: ../../configuration/protocols/bgp.rst:1039
+#: ../../configuration/protocols/bgp.rst:1040
msgid "This command displays information about BGP routes whose AS path matches the specified regular expression."
msgstr "This command displays information about BGP routes whose AS path matches the specified regular expression."
-#: ../../configuration/protocols/bgp.rst:1012
+#: ../../configuration/protocols/bgp.rst:1013
msgid "This command displays information about flapping BGP routes."
msgstr "This command displays information about flapping BGP routes."
-#: ../../configuration/protocols/bgp.rst:976
+#: ../../configuration/protocols/bgp.rst:977
msgid "This command displays information about the particular entry in the BGP routing table."
msgstr "This command displays information about the particular entry in the BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1003
+#: ../../configuration/protocols/bgp.rst:1004
msgid "This command displays routes that are permitted by the BGP community list."
msgstr "This command displays routes that are permitted by the BGP community list."
-#: ../../configuration/protocols/bgp.rst:996
+#: ../../configuration/protocols/bgp.rst:997
msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
msgstr "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
-#: ../../configuration/protocols/bgp.rst:992
+#: ../../configuration/protocols/bgp.rst:993
msgid "This command displays routes with classless interdomain routing (CIDR)."
msgstr "This command displays routes with classless interdomain routing (CIDR)."
@@ -14817,11 +14092,11 @@ msgstr "This command displays routes with classless interdomain routing (CIDR)."
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
-#: ../../configuration/protocols/ospf.rst:1283
+#: ../../configuration/protocols/ospf.rst:1285
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
-#: ../../configuration/protocols/ospf.rst:1289
+#: ../../configuration/protocols/ospf.rst:1291
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
@@ -14829,12 +14104,12 @@ msgstr "This command displays the OSPF routing table, as determined by the most
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
-#: ../../configuration/protocols/ospf.rst:1279
+#: ../../configuration/protocols/ospf.rst:1281
msgid "This command displays the neighbor DR choice information."
msgstr "This command displays the neighbor DR choice information."
#: ../../configuration/protocols/ospf.rst:623
-#: ../../configuration/protocols/ospf.rst:1274
+#: ../../configuration/protocols/ospf.rst:1276
msgid "This command displays the neighbors information in a detailed form, not just a summary table."
msgstr "This command displays the neighbors information in a detailed form, not just a summary table."
@@ -14843,7 +14118,7 @@ msgid "This command displays the neighbors information in a detailed form for a
msgstr "This command displays the neighbors information in a detailed form for a neighbor whose IP address is specified."
#: ../../configuration/protocols/ospf.rst:613
-#: ../../configuration/protocols/ospf.rst:1270
+#: ../../configuration/protocols/ospf.rst:1272
msgid "This command displays the neighbors status."
msgstr "This command displays the neighbors status."
@@ -14851,7 +14126,7 @@ msgstr "This command displays the neighbors status."
msgid "This command displays the neighbors status for a neighbor on the specified interface."
msgstr "This command displays the neighbors status for a neighbor on the specified interface."
-#: ../../configuration/protocols/bgp.rst:1044
+#: ../../configuration/protocols/bgp.rst:1045
msgid "This command displays the status of all BGP connections."
msgstr "This command displays the status of all BGP connections."
@@ -14863,6 +14138,10 @@ msgstr "This command enable/disables summarisation for the configured address ra
msgid "This command enable logging neighbor up/down changes and reset reason."
msgstr "This command enable logging neighbor up/down changes and reset reason."
+#: ../../configuration/protocols/isis.rst:311
+msgid "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+
#: ../../configuration/protocols/isis.rst:70
msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
@@ -14946,6 +14225,10 @@ msgstr "This command is only allowed for eBGP peers."
msgid "This command is only allowed for eBGP peers. It is not applicable for peer groups."
msgstr "This command is only allowed for eBGP peers. It is not applicable for peer groups."
+#: ../../configuration/protocols/pim.rst:70
+msgid "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+msgstr "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+
#: ../../configuration/protocols/rip.rst:106
msgid "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
msgstr "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
@@ -15006,7 +14289,7 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
msgstr "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
-#: ../../configuration/protocols/ospf.rst:1253
+#: ../../configuration/protocols/ospf.rst:1255
msgid "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -15014,19 +14297,19 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
msgstr "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
-#: ../../configuration/protocols/bgp.rst:1067
+#: ../../configuration/protocols/bgp.rst:1068
msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1087
+#: ../../configuration/protocols/bgp.rst:1088
msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1074
+#: ../../configuration/protocols/bgp.rst:1075
msgid "This command resets all BGP connections of given router."
msgstr "This command resets all BGP connections of given router."
-#: ../../configuration/protocols/bgp.rst:1083
+#: ../../configuration/protocols/bgp.rst:1084
msgid "This command resets all external BGP peers of given router."
msgstr "This command resets all external BGP peers of given router."
@@ -15431,56 +14714,18 @@ msgstr "This command summarizes intra area paths from specified area into one su
msgid "This command to ensure not advertise the summary lsa for the matched external LSAs."
msgstr "This command to ensure not advertise the summary lsa for the matched external LSAs."
-#: ../../configuration/protocols/bgp.rst:1078
+#: ../../configuration/protocols/bgp.rst:1079
msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
msgstr "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/pppoe.rst:212
#: ../../configuration/interfaces/pppoe.rst:258
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/sstp-client.rst:84
#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
@@ -15494,6 +14739,10 @@ msgstr "This command will change the hold down value for IGP-LDP synchronization
msgid "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
msgstr "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
+#: ../../configuration/protocols/isis.rst:324
+msgid "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+msgstr "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+
#: ../../configuration/protocols/isis.rst:134
msgid "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
msgstr "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
@@ -15510,25 +14759,32 @@ msgstr "This command will generate a default-route in L1 database."
msgid "This command will generate a default-route in L2 database."
msgstr "This command will generate a default-route in L2 database."
-#: ../../configuration/firewall/general.rst:1457
-#: ../../configuration/firewall/general-legacy.rst:904
+#: ../../configuration/firewall/ipv6.rst:1113
msgid "This command will give an overview of a rule in a single rule-set"
msgstr "This command will give an overview of a rule in a single rule-set"
+#: ../../configuration/firewall/ipv4.rst:1091
+msgid "This command will give an overview of a rule in a single rule-set, plus information for default action."
+msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action."
+
#: ../../configuration/firewall/general-legacy.rst:940
msgid "This command will give an overview of a rule in a single rule-set."
msgstr "This command will give an overview of a rule in a single rule-set."
-#: ../../configuration/firewall/general.rst:1435
-#: ../../configuration/firewall/general-legacy.rst:932
+#: ../../configuration/firewall/ipv4.rst:1072
+#: ../../configuration/firewall/ipv6.rst:1088
msgid "This command will give an overview of a single rule-set."
msgstr "This command will give an overview of a single rule-set."
+#: ../../configuration/protocols/isis.rst:330
+msgid "This command will limit LFA backup computation up to the specified prefix priority."
+msgstr "This command will limit LFA backup computation up to the specified prefix priority."
+
#: ../../configuration/protocols/bgp.rst:268
msgid "This command would allow the dynamic update of capabilities over an established BGP session."
msgstr "This command would allow the dynamic update of capabilities over an established BGP session."
-#: ../../configuration/interfaces/vxlan.rst:272
+#: ../../configuration/interfaces/vxlan.rst:293
msgid "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
@@ -15548,7 +14804,12 @@ msgstr "This configuration listen on port 80 and redirect incoming requests to H
msgid "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
msgstr "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
-#: ../../configuration/service/dhcp-server.rst:78
+#: ../../configuration/service/dhcp-server.rst:76
+#: ../../configuration/service/dhcp-server.rst:520
+msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+
+#: ../../configuration/service/dhcp-server.rst:58
msgid "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
msgstr "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
@@ -15572,30 +14833,11 @@ msgstr "This defaults to 1812."
msgid "This defaults to 2007."
msgstr "This defaults to 2007."
-#: ../../configuration/service/dns.rst:258
+#: ../../configuration/service/dns.rst:271
msgid "This defaults to 300 seconds."
msgstr "This defaults to 300 seconds."
#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
msgid "This defaults to 30 seconds."
msgstr "This defaults to 30 seconds."
@@ -15611,6 +14853,14 @@ msgstr "This defaults to 5."
msgid "This defaults to UDP"
msgstr "This defaults to UDP"
+#: ../../configuration/service/https.rst:52
+msgid "This defaults to both 1.2 and 1.3."
+msgstr "This defaults to both 1.2 and 1.3."
+
+#: ../../configuration/pki/index.rst:283
+msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/interfaces/wireless.rst:101
msgid "This defaults to phy0."
msgstr "This defaults to phy0."
@@ -15635,7 +14885,7 @@ msgstr "This enables :rfc:`3137` support, where the OSPF process describes its t
msgid "This enables the greenfield option which sets the ``[GF]`` option"
msgstr "This enables the greenfield option which sets the ``[GF]`` option"
-#: ../../configuration/nat/nat44.rst:546
+#: ../../configuration/nat/nat44.rst:568
msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
@@ -15647,28 +14897,28 @@ msgstr "This example shows how to target an MSS clamp (in our example to 1360 by
msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
-#: ../../configuration/service/dns.rst:391
+#: ../../configuration/service/dns.rst:404
msgid "This functionality is controlled by adding the following configuration:"
msgstr "This functionality is controlled by adding the following configuration:"
-#: ../../configuration/firewall/general.rst:626
-#: ../../configuration/firewall/general-legacy.rst:431
+#: ../../configuration/firewall/ipv4.rst:376
+#: ../../configuration/firewall/ipv6.rst:378
msgid "This functions for both individual addresses and address groups."
msgstr "This functions for both individual addresses and address groups."
-#: ../../configuration/protocols/isis.rst:449
+#: ../../configuration/protocols/isis.rst:477
#: ../../configuration/protocols/ospf.rst:968
msgid "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
msgstr "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
-#: ../../configuration/protocols/isis.rst:501
+#: ../../configuration/protocols/isis.rst:529
#: ../../configuration/protocols/ospf.rst:1018
#: ../../configuration/protocols/segment-routing.rst:229
#: ../../configuration/protocols/segment-routing.rst:312
msgid "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
msgstr "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
-#: ../../configuration/protocols/isis.rst:339
+#: ../../configuration/protocols/isis.rst:367
msgid "This gives us the following neighborships, Level 1 and Level 2:"
msgstr "This gives us the following neighborships, Level 1 and Level 2:"
@@ -15680,11 +14930,11 @@ msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolu
msgid "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
msgstr "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
-#: ../../configuration/service/dhcp-server.rst:96
+#: ../../configuration/service/dhcp-server.rst:82
msgid "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
msgstr "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
-#: ../../configuration/service/dhcp-server.rst:103
+#: ../../configuration/service/dhcp-server.rst:89
msgid "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
msgstr "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
@@ -15696,6 +14946,11 @@ msgstr "This is a mandatory command. Sets regular expression to match against lo
msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable."
msgstr "This is a mandatory command. Sets the full path to the script. The script file must be executable."
+#: ../../configuration/pki/index.rst:261
+#: ../../configuration/pki/index.rst:267
+msgid "This is a mandatory option"
+msgstr "This is a mandatory option"
+
#: ../../configuration/protocols/rpki.rst:117
#: ../../configuration/protocols/rpki.rst:124
msgid "This is a mandatory setting."
@@ -15726,29 +14981,10 @@ msgid "This is an optional command because the event handler will be automatical
msgstr "This is an optional command because the event handler will be automatically created after any of the next commands."
#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
msgid "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
msgstr "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
-#: ../../configuration/protocols/igmp.rst:208
+#: ../../configuration/protocols/igmp-proxy.rst:36
msgid "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
msgstr "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
@@ -15777,13 +15013,13 @@ msgstr "This is the LAN extension use case. The eth0 port of the distant VPN pee
msgid "This is the LCD model used in your system."
msgstr "This is the LCD model used in your system."
-#: ../../configuration/service/dhcp-server.rst:40
-#: ../../configuration/service/dhcp-server.rst:49
-#: ../../configuration/service/dhcp-server.rst:56
+#: ../../configuration/service/dhcp-server.rst:35
+#: ../../configuration/service/dhcp-server.rst:44
+#: ../../configuration/service/dhcp-server.rst:51
msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
msgstr "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
-#: ../../configuration/service/dhcp-server.rst:232
+#: ../../configuration/service/dhcp-server.rst:197
msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
msgstr "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
@@ -15795,7 +15031,7 @@ msgstr "This is the name of the physical interface used to connect to your LCD d
msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
-#: ../../configuration/service/dhcp-server.rst:230
+#: ../../configuration/service/dhcp-server.rst:195
msgid "This is useful, for example, in combination with hostfile update."
msgstr "This is useful, for example, in combination with hostfile update."
@@ -15808,25 +15044,6 @@ msgid "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.
msgstr "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones."
#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
msgid "This method automatically disables IPv6 traffic forwarding on the interface in question."
msgstr "This method automatically disables IPv6 traffic forwarding on the interface in question."
@@ -15847,11 +15064,11 @@ msgstr "This mode provides load balancing and fault tolerance."
msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
-#: ../../configuration/service/dhcp-server.rst:133
+#: ../../configuration/service/dhcp-server.rst:119
msgid "This option can be specified multiple times."
msgstr "This option can be specified multiple times."
-#: ../../configuration/protocols/igmp.rst:211
+#: ../../configuration/protocols/igmp-proxy.rst:39
msgid "This option can be supplied multiple times."
msgstr "This option can be supplied multiple times."
@@ -15863,7 +15080,15 @@ msgstr "This option is mandatory in Access-Point mode."
msgid "This option is required when running a DMVPN spoke."
msgstr "This option is required when running a DMVPN spoke."
-#: ../../configuration/system/login.rst:388
+#: ../../_include/interface-dhcp-options.txt:86
+msgid "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+msgstr "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+
+#: ../../_include/interface-dhcp-options.txt:31
+msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+
+#: ../../configuration/system/login.rst:390
msgid "This option must be used with ``timeout`` option."
msgstr "This option must be used with ``timeout`` option."
@@ -15876,6 +15101,10 @@ msgstr "This option only affects 802.3ad mode."
msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
+#: ../../configuration/pki/index.rst:277
+msgid "This options defaults to 2048"
+msgstr "This options defaults to 2048"
+
#: ../../configuration/protocols/ospf.rst:326
msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
@@ -15892,7 +15121,9 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer
msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:360
+#: ../../configuration/firewall/bridge.rst:90
+#: ../../configuration/firewall/ipv4.rst:114
+#: ../../configuration/firewall/ipv6.rst:114
msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
@@ -15905,7 +15136,7 @@ msgstr "This requires two files, one to create the device (XXX.netdev) and one t
msgid "This results in the active configuration:"
msgstr "This results in the active configuration:"
-#: ../../configuration/service/dhcp-server.rst:88
+#: ../../configuration/service/dhcp-server.rst:68
msgid "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
msgstr "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
@@ -15918,19 +15149,6 @@ msgid "This section describes the system's host information and how to configure
msgstr "This section describes the system's host information and how to configure them, it covers the following topics:"
#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
msgid "This section needs improvements, examples and explanations."
msgstr "This section needs improvements, examples and explanations."
@@ -15938,10 +15156,17 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:392
+#: ../../configuration/firewall/ipv4.rst:142
+#: ../../configuration/firewall/ipv6.rst:142
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+#: ../../configuration/firewall/bridge.rst:132
+#: ../../configuration/firewall/ipv4.rst:179
+#: ../../configuration/firewall/ipv6.rst:179
+msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+
#: ../../configuration/interfaces/openvpn.rst:278
msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
@@ -15958,13 +15183,11 @@ msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amou
msgid "This setting defaults to 1500 and is valid between 10 and 60000."
msgstr "This setting defaults to 1500 and is valid between 10 and 60000."
-#: ../../configuration/firewall/general.rst:121
-#: ../../configuration/firewall/general-legacy.rst:73
+#: ../../configuration/firewall/global-options.rst:58
msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:129
-#: ../../configuration/firewall/general-legacy.rst:81
+#: ../../configuration/firewall/global-options.rst:66
msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
@@ -15973,21 +15196,6 @@ msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-
msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:"
#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
@@ -15995,30 +15203,11 @@ msgstr "This statement specifies dhcp6c to only exchange informational configura
msgid "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
msgstr "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
-#: ../../configuration/nat/nat44.rst:409
+#: ../../configuration/nat/nat44.rst:423
msgid "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
msgid "This technology is known by different names:"
msgstr "This technology is known by different names:"
@@ -16026,7 +15215,7 @@ msgstr "This technology is known by different names:"
msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
-#: ../../configuration/interfaces/vxlan.rst:173
+#: ../../configuration/interfaces/vxlan.rst:194
msgid "This topology was built using GNS3."
msgstr "This topology was built using GNS3."
@@ -16042,26 +15231,37 @@ msgstr "This will configure a static ARP entry always resolving `<address>` to `
msgid "This will match TCP traffic with source port 80."
msgstr "This will match TCP traffic with source port 80."
-#: ../../configuration/service/dns.rst:282
+#: ../../configuration/service/dns.rst:295
msgid "This will render the following ddclient_ configuration entry:"
msgstr "This will render the following ddclient_ configuration entry:"
-#: ../../configuration/firewall/general.rst:1314
-#: ../../configuration/firewall/general-legacy.rst:785
+#: ../../configuration/firewall/ipv6.rst:969
msgid "This will show you a basic firewall overview"
msgstr "This will show you a basic firewall overview"
+#: ../../configuration/firewall/ipv4.rst:961
+msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+
+#: ../../configuration/firewall/zone.rst:149
+msgid "This will show you a basic summary of a particular zone."
+msgstr "This will show you a basic summary of a particular zone."
+
+#: ../../configuration/firewall/zone.rst:132
+msgid "This will show you a basic summary of zones configuration."
+msgstr "This will show you a basic summary of zones configuration."
+
#: ../../configuration/firewall/general-legacy.rst:936
msgid "This will show you a rule-set statistic since the last boot."
msgstr "This will show you a rule-set statistic since the last boot."
-#: ../../configuration/firewall/general.rst:1479
-#: ../../configuration/firewall/general-legacy.rst:900
+#: ../../configuration/firewall/ipv4.rst:1112
+#: ../../configuration/firewall/ipv6.rst:1135
msgid "This will show you a statistic of all rule-sets since the last boot."
msgstr "This will show you a statistic of all rule-sets since the last boot."
-#: ../../configuration/firewall/general.rst:1377
-#: ../../configuration/firewall/general-legacy.rst:851
+#: ../../configuration/firewall/ipv4.rst:1016
+#: ../../configuration/firewall/ipv6.rst:1032
msgid "This will show you a summary of rule-sets and groups"
msgstr "This will show you a summary of rule-sets and groups"
@@ -16069,7 +15269,7 @@ msgstr "This will show you a summary of rule-sets and groups"
msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
-#: ../../configuration/nat/nat44.rst:566
+#: ../../configuration/nat/nat44.rst:590
msgid "This would generate the following configuration:"
msgstr "This would generate the following configuration:"
@@ -16105,8 +15305,8 @@ msgstr "Time in seconds that the prefix will remain valid (default: 30 days)"
msgid "Time is in minutes and defaults to 60."
msgstr "Time is in minutes and defaults to 60."
-#: ../../configuration/firewall/general.rst:1211
-#: ../../configuration/firewall/general-legacy.rst:722
+#: ../../configuration/firewall/ipv4.rst:874
+#: ../../configuration/firewall/ipv6.rst:883
#: ../../configuration/policy/route.rst:225
msgid "Time to match the defined rule."
msgstr "Time to match the defined rule."
@@ -16115,11 +15315,11 @@ msgstr "Time to match the defined rule."
msgid "Timeout in seconds between health target checks."
msgstr "Timeout in seconds between health target checks."
-#: ../../configuration/vpn/sstp.rst:223
+#: ../../configuration/vpn/sstp.rst:234
msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
-#: ../../configuration/vpn/sstp.rst:243
+#: ../../configuration/vpn/sstp.rst:254
msgid "Timeout to wait response from server (seconds)"
msgstr "Timeout to wait response from server (seconds)"
@@ -16136,7 +15336,15 @@ msgstr "To activate the VLAN aware bridge, you must activate this setting to use
msgid "To allow VPN-clients access via your external address, a NAT rule is required:"
msgstr "To allow VPN-clients access via your external address, a NAT rule is required:"
-#: ../../configuration/vpn/site2site_ipsec.rst:253
+#: ../../configuration/service/mdns.rst:68
+msgid "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+msgstr "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+
+#: ../../configuration/service/mdns.rst:60
+msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+
+#: ../../configuration/vpn/site2site_ipsec.rst:257
msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
msgstr "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
@@ -16152,16 +15360,45 @@ msgstr "To auto update the blacklist files"
msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
+#: ../../configuration/service/pppoe-server.rst:59
+msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+
#: ../../configuration/firewall/general-legacy.rst:314
msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
-#: ../../configuration/firewall/general.rst:401
-#: ../../configuration/firewall/general-legacy.rst:295
+#: ../../configuration/firewall/bridge.rst:140
+#: ../../configuration/firewall/ipv4.rst:187
+#: ../../configuration/firewall/ipv6.rst:187
msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
-#: ../../configuration/firewall/general.rst:374
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
+msgid "To be used only when action is set to ``jump``. Use this command to specify jump target."
+msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target."
+
+#: ../../configuration/firewall/bridge.rst:120
+#: ../../configuration/firewall/ipv4.rst:163
+#: ../../configuration/firewall/ipv6.rst:163
+msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+
+#: ../../configuration/firewall/bridge.rst:111
+#: ../../configuration/firewall/ipv4.rst:150
+#: ../../configuration/firewall/ipv6.rst:150
+msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+
+#: ../../configuration/firewall/bridge.rst:103
+#: ../../configuration/firewall/ipv4.rst:138
+#: ../../configuration/firewall/ipv6.rst:138
+msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
msgid "To be used only when action is set to jump. Use this command to specify jump target."
msgstr "To be used only when action is set to jump. Use this command to specify jump target."
@@ -16177,11 +15414,11 @@ msgstr "To bypass the proxy for every request that is directed to a specific des
msgid "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
msgstr "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
-#: ../../configuration/firewall/index.rst:58
+#: ../../configuration/firewall/index.rst:179
msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
-#: ../../configuration/firewall/index.rst:79
+#: ../../configuration/firewall/index.rst:173
msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
@@ -16209,7 +15446,7 @@ msgstr "To configure your LCD display you must first identify the used hardware,
msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
-#: ../../configuration/system/login.rst:375
+#: ../../configuration/system/login.rst:377
msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
@@ -16221,7 +15458,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports."
msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
-#: ../../configuration/firewall/zone.rst:61
+#: ../../configuration/firewall/zone.rst:80
msgid "To define a zone setup either one with interfaces or a local zone."
msgstr "To define a zone setup either one with interfaces or a local zone."
@@ -16233,7 +15470,7 @@ msgstr "To disable advertisements without deleting the configuration:"
msgid "To display the configured OTP user key, use the command:"
msgstr "To display the configured OTP user key, use the command:"
-#: ../../configuration/vpn/openconnect.rst:219
+#: ../../configuration/vpn/openconnect.rst:226
msgid "To display the configured OTP user settings, use the command:"
msgstr "To display the configured OTP user settings, use the command:"
@@ -16254,7 +15491,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to
msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
-#: ../../configuration/service/https.rst:23
+#: ../../configuration/service/https.rst:68
msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
@@ -16262,6 +15499,14 @@ msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`mon
msgid "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
msgstr "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
+#: ../../configuration/service/mdns.rst:23
+msgid "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+msgstr "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+
+#: ../../configuration/vpn/openconnect.rst:168
+msgid "To enable the HTTP security headers in the configuration file, use the command:"
+msgstr "To enable the HTTP security headers in the configuration file, use the command:"
+
#: ../../configuration/loadbalancing/wan.rst:115
msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
@@ -16282,7 +15527,7 @@ msgstr "To generate the CA, the server private key and certificates the followin
msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
-#: ../../configuration/service/dhcp-server.rst:636
+#: ../../configuration/service/dhcp-server.rst:566
msgid "To hand out individual prefixes to your clients the following configuration is used:"
msgstr "To hand out individual prefixes to your clients the following configuration is used:"
@@ -16290,7 +15535,7 @@ msgstr "To hand out individual prefixes to your clients the following configurat
msgid "To know more about scripting, check the :ref:`command-scripting` section."
msgstr "To know more about scripting, check the :ref:`command-scripting` section."
-#: ../../configuration/service/mdns.rst:36
+#: ../../configuration/service/mdns.rst:52
msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
msgstr "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
@@ -16304,34 +15549,18 @@ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip osp
msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
msgid "To request a /56 prefix from your ISP use:"
msgstr "To request a /56 prefix from your ISP use:"
-#: ../../configuration/service/dhcp-server.rst:748
+#: ../../configuration/service/dhcp-server.rst:680
msgid "To restart the DHCPv6 server"
msgstr "To restart the DHCPv6 server"
-#: ../../configuration/nat/nat44.rst:315
+#: ../../configuration/nat/nat44.rst:327
msgid "To setup SNAT, we need to know:"
msgstr "To setup SNAT, we need to know:"
-#: ../../configuration/nat/nat44.rst:501
+#: ../../configuration/nat/nat44.rst:521
msgid "To setup a destination NAT rule we need to gather:"
msgstr "To setup a destination NAT rule we need to gather:"
@@ -16343,11 +15572,11 @@ msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary
msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
-#: ../../configuration/service/pppoe-server.rst:106
+#: ../../configuration/service/pppoe-server.rst:93
msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
msgstr "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
-#: ../../configuration/service/dns.rst:308
+#: ../../configuration/service/dns.rst:321
msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
msgstr "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
@@ -16355,15 +15584,15 @@ msgstr "To use such a service, one must define a login, password, one or multipl
msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
-#: ../../configuration/service/https.rst:86
+#: ../../configuration/service/https.rst:77
msgid "To use this full configuration we asume a public accessible hostname."
msgstr "To use this full configuration we asume a public accessible hostname."
-#: ../../configuration/interfaces/vxlan.rst:175
+#: ../../configuration/interfaces/vxlan.rst:196
msgid "Topology:"
msgstr "Topology:"
-#: ../../configuration/interfaces/vxlan.rst:107
+#: ../../configuration/interfaces/vxlan.rst:128
msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
@@ -16379,7 +15608,7 @@ msgstr "Track option to track non VRRP interface states. VRRP changes status to
msgid "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
msgstr "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
-#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:175
msgid "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
msgstr "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
@@ -16399,7 +15628,7 @@ msgstr "Traffic Filters are used to control which packets will have the defined
msgid "Traffic Policy"
msgstr "Traffic Policy"
-#: ../../configuration/firewall/zone.rst:37
+#: ../../configuration/firewall/zone.rst:56
msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member."
msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member."
@@ -16411,10 +15640,19 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece
msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
-#: ../../configuration/firewall/general.rst:1281
+#: ../../configuration/protocols/pim.rst:18
+msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+
+#: ../../configuration/firewall/ipv4.rst:928
+#: ../../configuration/firewall/ipv6.rst:937
msgid "Traffic must be symmetric"
msgstr "Traffic must be symmetric"
+#: ../../configuration/firewall/bridge.rst:34
+msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+
#: ../../configuration/highavailability/index.rst:322
msgid "Transition scripts"
msgstr "Transition scripts"
@@ -16427,11 +15665,11 @@ msgstr "Transition scripts can help you implement various fixups, such as starti
msgid "Transparent Proxy"
msgstr "Transparent Proxy"
+#: ../../configuration/interfaces/openvpn.rst:701
#: ../../configuration/interfaces/tunnel.rst:227
msgid "Troubleshooting"
msgstr "Troubleshooting"
-#: ../../configuration/protocols/igmp.rst:119
#: ../../configuration/protocols/pim6.rst:41
msgid "Tuning commands"
msgstr "Tuning commands"
@@ -16448,6 +15686,10 @@ msgstr "Tunnel keys"
msgid "Two environment variables are available:"
msgstr "Two environment variables are available:"
+#: ../../configuration/firewall/flowtables.rst:104
+msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+
#: ../../configuration/service/ssh.rst:188
msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
@@ -16460,7 +15702,7 @@ msgstr "Two routers connected both via eth1 through an untrusted switch"
msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
-#: ../../configuration/nat/nat44.rst:594
+#: ../../configuration/nat/nat44.rst:618
msgid "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
msgstr "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
@@ -16504,7 +15746,7 @@ msgstr "USB to serial converters will handle most of their work in software so y
msgid "UUCP subsystem"
msgstr "UUCP subsystem"
-#: ../../configuration/interfaces/vxlan.rst:81
+#: ../../configuration/interfaces/vxlan.rst:102
msgid "Unicast"
msgstr "Unicast"
@@ -16512,7 +15754,7 @@ msgstr "Unicast"
msgid "Unicast VRRP"
msgstr "Unicast VRRP"
-#: ../../configuration/interfaces/vxlan.rst:319
+#: ../../configuration/interfaces/vxlan.rst:340
msgid "Unicast VXLAN"
msgstr "Unicast VXLAN"
@@ -16540,11 +15782,15 @@ msgstr "Update"
msgid "Update container image"
msgstr "Update container image"
-#: ../../configuration/firewall/general.rst:1540
-#: ../../configuration/firewall/general-legacy.rst:1050
+#: ../../configuration/firewall/ipv4.rst:1175
+#: ../../configuration/firewall/ipv6.rst:1191
msgid "Update geoip database"
msgstr "Update geoip database"
+#: ../../configuration/system/updates.rst:3
+msgid "Updates"
+msgstr "Updates"
+
#: ../../configuration/protocols/rpki.rst:99
msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
@@ -16566,7 +15812,11 @@ msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in
msgid "Use 802.11n protocol"
msgstr "Use 802.11n protocol"
-#: ../../configuration/service/dns.rst:352
+#: ../../configuration/service/https.rst:23
+msgid "Use CA certificate from PKI subsystem"
+msgstr "Use CA certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:365
msgid "Use DynDNS as your preferred provider:"
msgstr "Use DynDNS as your preferred provider:"
@@ -16578,6 +15828,10 @@ msgstr "Use TLS but skip host validation"
msgid "Use TLS encryption."
msgstr "Use TLS encryption."
+#: ../../configuration/service/https.rst:31
+msgid "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+
#: ../../configuration/vpn/sstp.rst:121
msgid "Use `<subnet>` as the IP pool for all connecting clients."
msgstr "Use `<subnet>` as the IP pool for all connecting clients."
@@ -16594,67 +15848,52 @@ msgstr "Use `delete system conntrack modules` to deactive all modules."
msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
-#: ../../configuration/firewall/general.rst:799
-#: ../../configuration/firewall/general-legacy.rst:531
+#: ../../configuration/firewall/ipv4.rst:515
+#: ../../configuration/firewall/ipv6.rst:525
msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:874
-#: ../../configuration/firewall/general-legacy.rst:567
+#: ../../configuration/firewall/ipv4.rst:578
+#: ../../configuration/firewall/ipv6.rst:588
msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:899
-#: ../../configuration/firewall/general-legacy.rst:579
+#: ../../configuration/firewall/ipv4.rst:599
+#: ../../configuration/firewall/ipv6.rst:609
msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:824
-#: ../../configuration/firewall/general-legacy.rst:543
+#: ../../configuration/firewall/ipv4.rst:536
+#: ../../configuration/firewall/ipv6.rst:546
msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:849
-#: ../../configuration/firewall/general-legacy.rst:555
+#: ../../configuration/firewall/ipv4.rst:557
+#: ../../configuration/firewall/ipv6.rst:567
msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/nat/nat44.rst:247
+#: ../../configuration/nat/nat44.rst:259
msgid "Use address `masquerade` (the interfaces primary address) on rule 30"
msgstr "Use address `masquerade` (the interfaces primary address) on rule 30"
-#: ../../configuration/service/https.rst:67
+#: ../../configuration/service/https.rst:58
msgid "Use an automatically generated self-signed certificate"
msgstr "Use an automatically generated self-signed certificate"
#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
msgid "Use any local address, configured on any interface if this is not set."
msgstr "Use any local address, configured on any interface if this is not set."
-#: ../../configuration/service/dns.rst:266
+#: ../../configuration/service/dns.rst:279
msgid "Use auth key file at ``/config/auth/my.key``"
msgstr "Use auth key file at ``/config/auth/my.key``"
-#: ../../configuration/service/dns.rst:395
+#: ../../configuration/service/https.rst:27
+msgid "Use certificate from PKI subsystem"
+msgstr "Use certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:408
msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
@@ -16666,7 +15905,7 @@ msgstr "Use inverse-match to match anything except the given country-codes."
msgid "Use local socket for API"
msgstr "Use local socket for API"
-#: ../../configuration/vpn/sstp.rst:277
+#: ../../configuration/vpn/sstp.rst:288
msgid "Use local user `foo` with password `bar`"
msgstr "Use local user `foo` with password `bar`"
@@ -16682,6 +15921,10 @@ msgstr "Use the address of the specified interface on the local machine as the s
msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
+#: ../../configuration/nat/nat66.rst:142
+msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+
#: ../../configuration/system/option.rst:48
msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
@@ -16710,11 +15953,11 @@ msgstr "Use this PIM command in the selected interface to set the priority (1-42
msgid "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
-#: ../../configuration/service/pppoe-server.rst:288
+#: ../../configuration/service/pppoe-server.rst:275
msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
-#: ../../configuration/vpn/sstp.rst:126
+#: ../../configuration/vpn/sstp.rst:137
msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
@@ -16742,7 +15985,7 @@ msgstr "Use this command if you would like to set the TCP session hold time inte
msgid "Use this command to allow the selected interface to join a multicast group."
msgstr "Use this command to allow the selected interface to join a multicast group."
-#: ../../configuration/protocols/igmp.rst:149
+#: ../../configuration/protocols/pim.rst:191
msgid "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
msgstr "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
@@ -16762,19 +16005,19 @@ msgstr "Use this command to check the tunnel status for OpenVPN server interface
msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
-#: ../../configuration/system/ipv6.rst:180
+#: ../../configuration/system/ipv6.rst:154
msgid "Use this command to clear Border Gateway Protocol statistics or status."
msgstr "Use this command to clear Border Gateway Protocol statistics or status."
-#: ../../configuration/service/pppoe-server.rst:300
+#: ../../configuration/service/pppoe-server.rst:287
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/vpn/sstp.rst:135
+#: ../../configuration/vpn/sstp.rst:146
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/service/pppoe-server.rst:133
+#: ../../configuration/service/pppoe-server.rst:120
msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
@@ -16855,7 +16098,7 @@ msgstr "Use this command to configure a Shaper policy, set its name, define a cl
msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
-#: ../../configuration/service/pppoe-server.rst:206
+#: ../../configuration/service/pppoe-server.rst:193
msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
@@ -16919,10 +16162,18 @@ msgstr "Use this command to configure an interface with IGMP so that PIM can rec
msgid "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
msgstr "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
-#: ../../configuration/protocols/igmp.rst:156
+#: ../../configuration/protocols/pim.rst:198
msgid "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
msgstr "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
+#: ../../configuration/protocols/pim.rst:202
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+
+#: ../../configuration/protocols/pim.rst:204
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+
#: ../../configuration/protocols/igmp.rst:163
msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
@@ -16931,7 +16182,7 @@ msgstr "Use this command to configure in the selected interface the IGMP query r
msgid "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
msgstr "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
-#: ../../configuration/service/pppoe-server.rst:112
+#: ../../configuration/service/pppoe-server.rst:99
msgid "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
msgstr "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
@@ -16983,18 +16234,35 @@ msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic
msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
+#: ../../configuration/service/pppoe-server.rst:81
+#: ../../configuration/vpn/sstp.rst:132
+msgid "Use this command to define default address pool name."
+msgstr "Use this command to define default address pool name."
+
#: ../../configuration/system/name-server.rst:53
msgid "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
msgstr "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
+#: ../../configuration/protocols/pim.rst:211
+msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+
#: ../../configuration/protocols/igmp.rst:172
msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
+#: ../../configuration/service/pppoe-server.rst:70
+msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:73
msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
+#: ../../configuration/vpn/sstp.rst:121
+msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:42
msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
msgstr "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
@@ -17015,30 +16283,16 @@ msgstr "Use this command to define the maximum number of entries to keep in the
msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
+#: ../../configuration/service/pppoe-server.rst:77
+#: ../../configuration/vpn/sstp.rst:128
+msgid "Use this command to define the next address pool name."
+msgstr "Use this command to define the next address pool name."
+
#: ../../configuration/service/pppoe-server.rst:31
msgid "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
msgstr "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
msgid "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
msgstr "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
@@ -17059,15 +16313,6 @@ msgid "Use this command to disable IPv6 operation on interface when Duplicate Ad
msgstr "Use this command to disable IPv6 operation on interface when Duplicate Address Detection fails on Link-Local address."
#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
msgid "Use this command to disable the generation of Ethernet flow control (pause frames)."
msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)."
@@ -17107,30 +16352,11 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca
msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
-#: ../../configuration/service/pppoe-server.rst:249
+#: ../../configuration/service/pppoe-server.rst:236
msgid "Use this command to enable bandwidth shaping via RADIUS."
msgstr "Use this command to enable bandwidth shaping via RADIUS."
#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
msgid "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
@@ -17138,7 +16364,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th
msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
-#: ../../configuration/service/pppoe-server.rst:262
+#: ../../configuration/service/pppoe-server.rst:249
msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
@@ -17154,7 +16380,13 @@ msgstr "Use this command to enable the logging of the default action."
msgid "Use this command to enable the logging of the default action on custom chains."
msgstr "Use this command to enable the logging of the default action on custom chains."
-#: ../../configuration/system/ipv6.rst:191
+#: ../../configuration/firewall/bridge.rst:163
+#: ../../configuration/firewall/ipv4.rst:214
+#: ../../configuration/firewall/ipv6.rst:214
+msgid "Use this command to enable the logging of the default action on the specified chain."
+msgstr "Use this command to enable the logging of the default action on the specified chain."
+
+#: ../../configuration/system/ipv6.rst:165
msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
msgstr "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
@@ -17162,11 +16394,11 @@ msgstr "Use this command to flush the kernel IPv6 route cache. An address can be
msgid "Use this command to get an overview of a zone."
msgstr "Use this command to get an overview of a zone."
-#: ../../configuration/system/ipv6.rst:146
+#: ../../configuration/system/ipv6.rst:120
msgid "Use this command to get information about OSPFv3."
msgstr "Use this command to get information about OSPFv3."
-#: ../../configuration/system/ipv6.rst:168
+#: ../../configuration/system/ipv6.rst:142
msgid "Use this command to get information about the RIPNG protocol"
msgstr "Use this command to get information about the RIPNG protocol"
@@ -17178,7 +16410,7 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection
msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
-#: ../../configuration/service/pppoe-server.rst:324
+#: ../../configuration/service/pppoe-server.rst:311
msgid "Use this command to locally check the active sessions in the PPPoE server."
msgstr "Use this command to locally check the active sessions in the PPPoE server."
@@ -17195,7 +16427,7 @@ msgstr "Use this command to not install advertised DNS nameservers into the loca
msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
msgstr "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
-#: ../../configuration/system/ipv6.rst:186
+#: ../../configuration/system/ipv6.rst:160
msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
@@ -17295,15 +16527,15 @@ msgstr "Use this command to show IPv6 multicast group membership."
msgid "Use this command to show IPv6 routes."
msgstr "Use this command to show IPv6 routes."
-#: ../../configuration/system/ipv6.rst:104
+#: ../../configuration/system/ipv6.rst:105
msgid "Use this command to show all IPv6 access lists"
msgstr "Use this command to show all IPv6 access lists"
-#: ../../configuration/system/ipv6.rst:89
+#: ../../configuration/system/ipv6.rst:90
msgid "Use this command to show all IPv6 prefix lists"
msgstr "Use this command to show all IPv6 prefix lists"
-#: ../../configuration/system/ipv6.rst:172
+#: ../../configuration/system/ipv6.rst:146
msgid "Use this command to show the status of the RIPNG protocol"
msgstr "Use this command to show the status of the RIPNG protocol"
@@ -17420,7 +16652,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the
msgid "VLAN"
msgstr "VLAN"
-#: ../../configuration/service/pppoe-server.rst:176
+#: ../../configuration/service/pppoe-server.rst:163
msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
@@ -17456,7 +16688,7 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN
msgid "VRF"
msgstr "VRF"
-#: ../../configuration/vrf/index.rst:409
+#: ../../configuration/vrf/index.rst:411
msgid "VRF Route Leaking"
msgstr "VRF Route Leaking"
@@ -17464,15 +16696,15 @@ msgstr "VRF Route Leaking"
msgid "VRF and NAT"
msgstr "VRF and NAT"
-#: ../../configuration/vrf/index.rst:378
+#: ../../configuration/vrf/index.rst:380
msgid "VRF blue routing table"
msgstr "VRF blue routing table"
-#: ../../configuration/vrf/index.rst:345
+#: ../../configuration/vrf/index.rst:347
msgid "VRF default routing table"
msgstr "VRF default routing table"
-#: ../../configuration/vrf/index.rst:361
+#: ../../configuration/vrf/index.rst:363
msgid "VRF red routing table"
msgstr "VRF red routing table"
@@ -17537,11 +16769,11 @@ msgstr "Valid values are 0..255."
msgid "Value"
msgstr "Value"
-#: ../../configuration/vpn/sstp.rst:252
+#: ../../configuration/vpn/sstp.rst:263
msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
-#: ../../configuration/vpn/sstp.rst:247
+#: ../../configuration/vpn/sstp.rst:258
msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
msgstr "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
@@ -17555,6 +16787,10 @@ msgstr "Verification"
msgid "Verification:"
msgstr "Verification:"
+#: ../../configuration/nat/nat66.rst:226
+msgid "Verify that connections are hitting the rule on both sides:"
+msgstr "Verify that connections are hitting the rule on both sides:"
+
#: ../../configuration/highavailability/index.rst:291
msgid "Version"
msgstr "Version"
@@ -17584,22 +16820,6 @@ msgid "VyOS 1.1 supported login as user ``root``. This has been removed due to t
msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
@@ -17615,7 +16835,7 @@ msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are store
msgid "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
-#: ../../configuration/interfaces/bonding.rst:None
+#: ../../configuration/interfaces/bonding.rst:-1
msgid "VyOS Arista EOS setup"
msgstr "VyOS Arista EOS setup"
@@ -17635,7 +16855,11 @@ msgstr "VyOS IKE group has the next options:"
msgid "VyOS MIBs"
msgstr "VyOS MIBs"
-#: ../../configuration/nat/nat66.rst:None
+#: ../../configuration/nat/nat66.rst:-1
+msgid "VyOS NAT66 DHCPv6 using a dummy interface"
+msgstr "VyOS NAT66 DHCPv6 using a dummy interface"
+
+#: ../../configuration/nat/nat66.rst:-1
msgid "VyOS NAT66 Simple Configure"
msgstr "VyOS NAT66 Simple Configure"
@@ -17659,7 +16883,7 @@ msgstr "VyOS SNMP supports both IPv4 and IPv6."
msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
-#: ../../configuration/service/dhcp-server.rst:580
+#: ../../configuration/service/dhcp-server.rst:504
msgid "VyOS also provides DHCPv6 server functionality which is described in this section."
msgstr "VyOS also provides DHCPv6 server functionality which is described in this section."
@@ -17704,11 +16928,11 @@ msgstr "VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP*
msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
-#: ../../configuration/service/dns.rst:201
+#: ../../configuration/service/dns.rst:214
msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
-#: ../../configuration/service/dns.rst:306
+#: ../../configuration/service/dns.rst:319
msgid "VyOS is also able to use any service relying on protocols supported by ddclient."
msgstr "VyOS is also able to use any service relying on protocols supported by ddclient."
@@ -17720,7 +16944,6 @@ msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where t
msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
-#: ../../configuration/firewall/general.rst:13
#: ../../configuration/firewall/general-legacy.rst:17
msgid "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
msgstr "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
@@ -17737,7 +16960,7 @@ msgstr "VyOS not only can now manage certificates issued by 3rd party Certificat
msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
msgstr "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
-#: ../../configuration/pki/index.rst:254
+#: ../../configuration/pki/index.rst:292
msgid "VyOS operational mode commands are not only available for generating keys but also to display them."
msgstr "VyOS operational mode commands are not only available for generating keys but also to display them."
@@ -17773,7 +16996,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an
msgid "VyOS provides some operational commands on OpenVPN."
msgstr "VyOS provides some operational commands on OpenVPN."
-#: ../../configuration/service/dhcp-server.rst:173
+#: ../../configuration/service/dhcp-server.rst:138
msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
msgstr "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
@@ -17781,7 +17004,11 @@ msgstr "VyOS provides support for DHCP failover. DHCP failover must be configure
msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
msgstr "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
-#: ../../configuration/protocols/igmp.rst:30
+#: ../../configuration/protocols/pim.rst:9
+msgid "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+msgstr "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+
+#: ../../configuration/protocols/pim.rst:26
msgid "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
msgstr "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
@@ -17793,11 +17020,15 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec
msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
+#: ../../configuration/system/updates.rst:5
+msgid "VyOS supports online checking for updates"
+msgstr "VyOS supports online checking for updates"
+
#: ../../configuration/system/sflow.rst:5
msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
-#: ../../configuration/system/conntrack.rst:53
+#: ../../configuration/system/conntrack.rst:67
msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
@@ -17809,13 +17040,19 @@ msgstr "VyOS supports setting up PPPoE in two different ways to a PPPoE internet
msgid "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
msgstr "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
+#: ../../configuration/service/dhcp-server.rst:7
+msgid "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+msgstr "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+
+#: ../../configuration/system/frr.rst:7
+msgid "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+msgstr "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+
#: ../../configuration/interfaces/wwan.rst:12
msgid "VyOS uses the `interfaces wwan` subsystem for configuration."
msgstr "VyOS uses the `interfaces wwan` subsystem for configuration."
#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
msgid "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
msgstr "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
@@ -17839,7 +17076,7 @@ msgstr "VyOS utilizes accel-ppp_ to provide SSTP server functionality. We suppor
msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
msgstr "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
-#: ../../configuration/vpn/site2site_ipsec.rst:160
+#: ../../configuration/vpn/site2site_ipsec.rst:164
msgid "WAN interface on `eth1`"
msgstr "WAN interface on `eth1`"
@@ -17876,7 +17113,7 @@ msgstr "Warning conditions"
msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
-#: ../../configuration/nat/nat44.rst:760
+#: ../../configuration/nat/nat44.rst:782
msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
@@ -17896,7 +17133,7 @@ msgstr "We can also create the certificates using Cerbort which is an easy-to-us
msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
-#: ../../configuration/protocols/bgp.rst:1248
+#: ../../configuration/protocols/bgp.rst:1249
msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny."
msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny."
@@ -17924,7 +17161,7 @@ msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles.
msgid "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
msgstr "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
-#: ../../configuration/nat/nat44.rst:699
+#: ../../configuration/nat/nat44.rst:723
msgid "We only need a single step for this interface:"
msgstr "We only need a single step for this interface:"
@@ -17932,11 +17169,15 @@ msgstr "We only need a single step for this interface:"
msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
-#: ../../configuration/system/login.rst:418
+#: ../../configuration/system/login.rst:420
msgid "We use a vontainer providing the TACACS serve rin this example."
msgstr "We use a vontainer providing the TACACS serve rin this example."
-#: ../../configuration/service/dhcp-server.rst:364
+#: ../../configuration/firewall/flowtables.rst:114
+msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+
+#: ../../configuration/service/dhcp-server.rst:331
msgid "Web Proxy Autodiscovery (WPAD) URL"
msgstr "Web Proxy Autodiscovery (WPAD) URL"
@@ -17944,19 +17185,31 @@ msgstr "Web Proxy Autodiscovery (WPAD) URL"
msgid "Webproxy"
msgstr "Webproxy"
+#: ../../configuration/service/https.rst:40
+msgid "Webserver should listen on specified port."
+msgstr "Webserver should listen on specified port."
+
+#: ../../configuration/service/https.rst:36
+msgid "Webserver should only listen on specified IP address"
+msgstr "Webserver should only listen on specified IP address"
+
#: ../../configuration/protocols/mpls.rst:220
msgid "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
msgstr "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
+#: ../../configuration/protocols/pim.rst:75
+msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+
#: ../../configuration/vrf/index.rst:73
msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
-#: ../../configuration/service/dns.rst:341
+#: ../../configuration/service/dns.rst:354
msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
-#: ../../configuration/service/dns.rst:334
+#: ../../configuration/service/dns.rst:347
msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
msgstr "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
@@ -17980,7 +17233,11 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from
msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
-#: ../../configuration/service/pppoe-server.rst:182
+#: ../../configuration/service/dns.rst:155
+msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+
+#: ../../configuration/service/pppoe-server.rst:169
msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
@@ -17996,11 +17253,13 @@ msgstr "When configuring your filter, you can use the ``Tab`` key to see the man
msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
-#: ../../configuration/firewall/general.rst:521
+#: ../../configuration/firewall/bridge.rst:210
+#: ../../configuration/firewall/ipv4.rst:290
+#: ../../configuration/firewall/ipv6.rst:290
msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
-#: ../../configuration/nat/nat44.rst:299
+#: ../../configuration/nat/nat44.rst:311
msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
@@ -18031,21 +17290,6 @@ msgid "When mathcing all patterns defined in a rule, then different actions can
msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table."
#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
@@ -18053,21 +17297,10 @@ msgstr "When no-release is specified, dhcp6c will send a release message on clie
msgid "When no options/parameters are used, the contents of the main syslog file are displayed."
msgstr "When no options/parameters are used, the contents of the main syslog file are displayed."
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
+#: ../../configuration/protocols/pim.rst:65
+msgid "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+msgstr "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+
#: ../../_include/interface-dhcpv6-options.txt:40
msgid "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
@@ -18080,6 +17313,10 @@ msgstr "When remote peer does not have capability negotiation feature, remote pe
msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
+#: ../../configuration/protocols/pim.rst:113
+msgid "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+msgstr "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+
#: ../../configuration/interfaces/pppoe.rst:108
msgid "When set the interface is enabled for \"dial-on-demand\"."
msgstr "When set the interface is enabled for \"dial-on-demand\"."
@@ -18097,37 +17334,19 @@ msgstr "When starting a VyOS live system (the installation CD) the configured ke
msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
msgstr "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
-#: ../../configuration/vpn/site2site_ipsec.rst:407
+#: ../../configuration/vpn/site2site_ipsec.rst:416
msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
msgstr "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
-#: ../../configuration/firewall/general.rst:106
-#: ../../configuration/firewall/general-legacy.rst:58
+#: ../../configuration/firewall/global-options.rst:43
msgid "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
msgstr "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
-#: ../../configuration/firewall/general.rst:115
-#: ../../configuration/firewall/general-legacy.rst:67
+#: ../../configuration/firewall/global-options.rst:52
msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
@@ -18135,11 +17354,11 @@ msgstr "When using DHCP to retrieve IPv4 address and if local customizations are
msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
-#: ../../configuration/nat/nat44.rst:351
+#: ../../configuration/nat/nat44.rst:365
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
-#: ../../configuration/nat/nat44.rst:238
+#: ../../configuration/nat/nat44.rst:250
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
@@ -18147,7 +17366,7 @@ msgstr "When using NAT for a large number of host systems it recommended that a
msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
-#: ../../configuration/vpn/openconnect.rst:215
+#: ../../configuration/vpn/openconnect.rst:222
msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
msgstr "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
@@ -18171,47 +17390,35 @@ msgstr "Where, main key words and configuration paths that needs to be understoo
msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
+#: ../../configuration/firewall/ipv4.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+
+#: ../../configuration/firewall/ipv6.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+
#: ../../configuration/protocols/bgp.rst:86
msgid "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
msgstr "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
msgid "Whether to accept DAD (Duplicate Address Detection)."
msgstr "Whether to accept DAD (Duplicate Address Detection)."
-#: ../../configuration/nat/nat44.rst:330
+#: ../../configuration/nat/nat44.rst:342
msgid "Which generates the following configuration:"
msgstr "Which generates the following configuration:"
-#: ../../configuration/nat/nat44.rst:444
+#: ../../configuration/nat/nat44.rst:458
msgid "Which results in a configuration of:"
msgstr "Which results in a configuration of:"
-#: ../../configuration/nat/nat44.rst:522
+#: ../../configuration/nat/nat44.rst:542
msgid "Which would generate the following NAT destination configuration:"
msgstr "Which would generate the following NAT destination configuration:"
-#: ../../configuration/firewall/general.rst:217
-#: ../../configuration/firewall/general-legacy.rst:193
+#: ../../configuration/firewall/groups.rst:44
msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
@@ -18293,7 +17500,7 @@ msgstr "Wireless options"
msgid "Wireless options (Station/Client)"
msgstr "Wireless options (Station/Client)"
-#: ../../configuration/firewall/index.rst:23
+#: ../../configuration/firewall/index.rst:7
msgid "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
msgstr "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
@@ -18305,8 +17512,7 @@ msgstr "With WireGuard, a Road Warrior VPN config is similar to a site-to-site V
msgid "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
-#: ../../configuration/firewall/general.rst:94
-#: ../../configuration/firewall/general-legacy.rst:46
+#: ../../configuration/firewall/global-options.rst:31
msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
@@ -18314,29 +17520,29 @@ msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, o
msgid "With this command, you can specify how the URL path should be matched against incoming requests."
msgstr "With this command, you can specify how the URL path should be matched against incoming requests."
-#: ../../configuration/firewall/index.rst:73
+#: ../../configuration/firewall/index.rst:166
msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
-#: ../../configuration/service/dhcp-server.rst:290
-#: ../../configuration/service/dhcp-server.rst:295
-#: ../../configuration/service/dhcp-server.rst:300
-#: ../../configuration/service/dhcp-server.rst:310
-#: ../../configuration/service/dhcp-server.rst:315
-#: ../../configuration/service/dhcp-server.rst:345
-#: ../../configuration/service/dhcp-server.rst:350
-#: ../../configuration/service/dhcp-server.rst:355
-#: ../../configuration/service/dhcp-server.rst:375
-#: ../../configuration/service/dhcp-server.rst:380
-#: ../../configuration/service/dhcp-server.rst:390
+#: ../../configuration/service/dhcp-server.rst:257
+#: ../../configuration/service/dhcp-server.rst:262
+#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:357
msgid "Y"
msgstr "Y"
-#: ../../configuration/firewall/zone.rst:99
+#: ../../configuration/firewall/zone.rst:118
msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
-#: ../../configuration/system/login.rst:363
+#: ../../configuration/system/login.rst:365
msgid "You are able to set post-login or pre-login banner messages to display certain information for this system."
msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system."
@@ -18348,24 +17554,23 @@ msgstr "You are be able to download the files using SCP, once the SSH service ha
msgid "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
msgstr "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
-#: ../../configuration/system/conntrack.rst:86
+#: ../../configuration/system/conntrack.rst:99
msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
msgstr "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
-#: ../../configuration/service/dns.rst:299
+#: ../../configuration/service/dns.rst:312
msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
-#: ../../configuration/system/ipv6.rst:106
+#: ../../configuration/system/ipv6.rst:107
msgid "You can also specify which IPv6 access-list should be shown:"
msgstr "You can also specify which IPv6 access-list should be shown:"
-#: ../../configuration/protocols/igmp.rst:121
#: ../../configuration/protocols/pim6.rst:42
msgid "You can also tune multicast with the following commands."
msgstr "You can also tune multicast with the following commands."
-#: ../../configuration/service/pppoe-server.rst:152
+#: ../../configuration/service/pppoe-server.rst:139
msgid "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
msgstr "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
@@ -18377,7 +17582,7 @@ msgstr "You can also write a description for a filter:"
msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key."
msgstr "You can assign multiple keys to the same user by using a unique identifier per SSH key."
-#: ../../configuration/nat/nat44.rst:386
+#: ../../configuration/nat/nat44.rst:400
msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
@@ -18402,11 +17607,6 @@ msgid "You can configure multiple interfaces which whould participate in sflow a
msgstr "You can configure multiple interfaces which whould participate in sflow accounting."
#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
@@ -18414,7 +17614,7 @@ msgstr "You can create multiple VLAN interfaces on a physical interface. The VLA
msgid "You can disable a VRRP group with ``disable`` option:"
msgstr "You can disable a VRRP group with ``disable`` option:"
-#: ../../configuration/system/ipv6.rst:148
+#: ../../configuration/system/ipv6.rst:122
msgid "You can get more specific OSPFv3 information by using the parameters shown below:"
msgstr "You can get more specific OSPFv3 information by using the parameters shown below:"
@@ -18422,15 +17622,15 @@ msgstr "You can get more specific OSPFv3 information by using the parameters sho
msgid "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
msgstr "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
-#: ../../configuration/service/mdns.rst:30
+#: ../../configuration/service/mdns.rst:46
msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
-#: ../../configuration/vpn/sstp.rst:320
+#: ../../configuration/vpn/sstp.rst:332
msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
-#: ../../configuration/system/login.rst:441
+#: ../../configuration/system/login.rst:443
msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
@@ -18442,7 +17642,7 @@ msgstr "You can only apply one policy per interface and direction, but you could
msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
-#: ../../configuration/service/dhcp-server.rst:211
+#: ../../configuration/service/dhcp-server.rst:176
msgid "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
msgstr "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
@@ -18462,7 +17662,7 @@ msgstr "You can verify your VRRP group status with the operational mode ``run sh
msgid "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
msgstr "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
-#: ../../configuration/protocols/ospf.rst:1342
+#: ../../configuration/protocols/ospf.rst:1344
msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
@@ -18482,7 +17682,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated
msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
-#: ../../configuration/firewall/zone.rst:39
+#: ../../configuration/firewall/zone.rst:58
msgid "You need 2 separate firewalls to define traffic: one for each direction."
msgstr "You need 2 separate firewalls to define traffic: one for each direction."
@@ -18534,7 +17734,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro
msgid "Zone-Policy Overview"
msgstr "Zone-Policy Overview"
-#: ../../configuration/firewall/index.rst:66
+#: ../../configuration/firewall/index.rst:159
msgid "Zone-based firewall"
msgstr "Zone-based firewall"
@@ -18587,25 +17787,6 @@ msgid ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a ne
msgstr ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources."
#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
msgid ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
msgstr ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
@@ -18625,7 +17806,7 @@ msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally
msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
-#: ../../configuration/protocols/igmp.rst:181
+#: ../../configuration/protocols/igmp-proxy.rst:9
msgid ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
msgstr ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
@@ -18637,7 +17818,7 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc
msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
-#: ../../configuration/vrf/index.rst:399
+#: ../../configuration/vrf/index.rst:401
msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
@@ -18657,6 +17838,10 @@ msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys
msgid ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
msgstr ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
+#: ../../configuration/nat/nat64.rst:7
+msgid ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+msgstr ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+
#: ../../configuration/nat/nat44.rst:7
msgid ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
msgstr ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
@@ -18685,6 +17870,10 @@ msgstr ":abbr:`NTP (Network Time Protocol`) is a networking protocol for clock s
msgid ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
msgstr ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
+#: ../../configuration/protocols/pim.rst:12
+msgid ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+msgstr ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+
#: ../../configuration/interfaces/pppoe.rst:9
msgid ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
msgstr ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
@@ -18706,28 +17895,13 @@ msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementat
msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:"
#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
msgid ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
msgstr ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
+#: ../../configuration/nat/nat64.rst:28
+msgid ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+msgstr ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+
#: ../../configuration/nat/nat44.rst:78
msgid ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
msgstr ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
@@ -18877,25 +18051,10 @@ msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
-#: ../../configuration/service/dns.rst:217
+#: ../../configuration/service/dns.rst:230
msgid ":rfc:`2136` Based"
msgstr ":rfc:`2136` Based"
@@ -18923,7 +18082,7 @@ msgstr "`3. Add a full path to the script`_"
msgid "`4. Add optional parameters`_"
msgstr "`4. Add optional parameters`_"
-#: ../../configuration/service/dhcp-server.rst:189
+#: ../../configuration/service/dhcp-server.rst:154
msgid "`<name>` must be identical on both sides!"
msgstr "`<name>` must be identical on both sides!"
@@ -18952,42 +18111,10 @@ msgid "``-`` failed"
msgstr "``-`` failed"
#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
msgid "``/config/scripts/dhcp-client/post-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/post-hooks.d/``"
#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
msgid "``/config/scripts/dhcp-client/pre-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/pre-hooks.d/``"
@@ -19063,6 +18190,10 @@ msgstr "``4800`` - 4800 bps"
msgid "``57600`` - 57,600 bps"
msgstr "``57600`` - 57,600 bps"
+#: ../../configuration/nat/nat64.rst:31
+msgid "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+
#: ../../configuration/interfaces/bonding.rst:43
msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
@@ -19095,15 +18226,17 @@ msgstr "``a`` - 802.11a - 54 Mbits/sec"
msgid "``ac`` - 802.11ac - 1300 Mbits/sec"
msgstr "``ac`` - 802.11ac - 1300 Mbits/sec"
-#: ../../configuration/policy/route-map.rst:373
+#: ../../configuration/policy/route-map.rst:375
msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
msgstr "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
-#: ../../configuration/policy/route-map.rst:366
+#: ../../configuration/policy/route-map.rst:368
msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
-#: ../../configuration/firewall/general.rst:334
+#: ../../configuration/firewall/bridge.rst:72
+#: ../../configuration/firewall/ipv4.rst:88
+#: ../../configuration/firewall/ipv6.rst:88
msgid "``accept``: accept the packet."
msgstr "``accept``: accept the packet."
@@ -19135,7 +18268,7 @@ msgstr "``all-available`` all checking target addresses must be available to pas
msgid "``any-available`` any of the checking target addresses must be available to pass this check"
msgstr "``any-available`` any of the checking target addresses must be available to pass this check"
-#: ../../configuration/vpn/site2site_ipsec.rst:376
+#: ../../configuration/vpn/site2site_ipsec.rst:385
msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
@@ -19163,7 +18296,7 @@ msgstr "``bgp`` - Border Gateway Protocol (BGP)"
msgid "``bind`` - select a VTI interface to bind to this peer;"
msgstr "``bind`` - select a VTI interface to bind to this peer;"
-#: ../../configuration/policy/route-map.rst:374
+#: ../../configuration/policy/route-map.rst:376
msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
msgstr "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
@@ -19191,7 +18324,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating
msgid "``clear`` set action to clear;"
msgstr "``clear`` set action to clear;"
-#: ../../configuration/vpn/site2site_ipsec.rst:402
+#: ../../configuration/vpn/site2site_ipsec.rst:411
msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
msgstr "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
@@ -19215,6 +18348,12 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)"
msgid "``connection-type`` - how to handle this connection process. Possible variants:"
msgstr "``connection-type`` - how to handle this connection process. Possible variants:"
+#: ../../configuration/firewall/bridge.rst:74
+#: ../../configuration/firewall/ipv4.rst:90
+#: ../../configuration/firewall/ipv6.rst:90
+msgid "``continue``: continue parsing next rule."
+msgstr "``continue``: continue parsing next rule."
+
#: ../../configuration/vpn/site2site_ipsec.rst:62
msgid "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
@@ -19223,7 +18362,7 @@ msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check
msgid "``d`` - Execution interval in days"
msgstr "``d`` - Execution interval in days"
-#: ../../configuration/vpn/site2site_ipsec.rst:391
+#: ../../configuration/vpn/site2site_ipsec.rst:400
msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
@@ -19255,7 +18394,7 @@ msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec con
msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
-#: ../../configuration/vpn/site2site_ipsec.rst:387
+#: ../../configuration/vpn/site2site_ipsec.rst:396
msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
@@ -19279,7 +18418,9 @@ msgstr "``disable`` disable IPComp compression (default);"
msgid "``disable`` disable MOBIKE;"
msgstr "``disable`` disable MOBIKE;"
-#: ../../configuration/firewall/general.rst:336
+#: ../../configuration/firewall/bridge.rst:76
+#: ../../configuration/firewall/ipv4.rst:92
+#: ../../configuration/firewall/ipv6.rst:92
msgid "``drop``: drop the packet."
msgstr "``drop``: drop the packet."
@@ -19347,6 +18488,10 @@ msgstr "``file`` - path to the key file;"
msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+#: ../../configuration/vpn/ipsec.rst:164
+msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+
#: ../../configuration/vpn/site2site_ipsec.rst:97
msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
@@ -19355,7 +18500,7 @@ msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagr
msgid "``g`` - 802.11g - 54 Mbits/sec (default)"
msgstr "``g`` - 802.11g - 54 Mbits/sec (default)"
-#: ../../configuration/policy/route-map.rst:365
+#: ../../configuration/policy/route-map.rst:367
msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
@@ -19435,7 +18580,7 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which
msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
-#: ../../configuration/policy/route-map.rst:364
+#: ../../configuration/policy/route-map.rst:366
msgid "``internet`` - Well-known communities value 0"
msgstr "``internet`` - Well-known communities value 0"
@@ -19447,7 +18592,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);"
msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)"
msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)"
-#: ../../configuration/firewall/general.rst:340
+#: ../../configuration/firewall/bridge.rst:78
+#: ../../configuration/firewall/ipv4.rst:96
+#: ../../configuration/firewall/ipv6.rst:96
msgid "``jump``: jump to another custom chain."
msgstr "``jump``: jump to another custom chain."
@@ -19471,6 +18618,10 @@ msgstr "``latency``: A server profile focused on lowering network latency. This
msgid "``least-connection`` Distributes requests to the server with the fewest active connections"
msgstr "``least-connection`` Distributes requests to the server with the fewest active connections"
+#: ../../configuration/loadbalancing/reverse-proxy.rst:108
+msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+
#: ../../configuration/vpn/ipsec.rst:125
msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
@@ -19491,7 +18642,7 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);"
msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
msgstr "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
-#: ../../configuration/policy/route-map.rst:371
+#: ../../configuration/policy/route-map.rst:373
msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
msgstr "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
@@ -19499,7 +18650,7 @@ msgstr "``llgr-stale`` - Well-known communities value LLGR_STA
msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
msgstr "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
-#: ../../configuration/policy/route-map.rst:361
+#: ../../configuration/policy/route-map.rst:363
msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
msgstr "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
@@ -19564,78 +18715,62 @@ msgid "``n`` - 802.11n - 600 Mbits/sec"
msgstr "``n`` - 802.11n - 600 Mbits/sec"
#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
-#: ../../configuration/firewall/general.rst:142
-#: ../../configuration/firewall/general-legacy.rst:93
+#: ../../configuration/firewall/global-options.rst:79
msgid "``net.ipv4.conf.all.accept_redirects``"
msgstr "``net.ipv4.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:132
-#: ../../configuration/firewall/general-legacy.rst:84
+#: ../../configuration/firewall/global-options.rst:69
msgid "``net.ipv4.conf.all.accept_source_route``"
msgstr "``net.ipv4.conf.all.accept_source_route``"
-#: ../../configuration/firewall/general.rst:157
-#: ../../configuration/firewall/general-legacy.rst:108
+#: ../../configuration/firewall/global-options.rst:94
msgid "``net.ipv4.conf.all.log_martians``"
msgstr "``net.ipv4.conf.all.log_martians``"
-#: ../../configuration/firewall/general.rst:165
-#: ../../configuration/firewall/general-legacy.rst:115
+#: ../../configuration/firewall/global-options.rst:102
msgid "``net.ipv4.conf.all.rp_filter``"
msgstr "``net.ipv4.conf.all.rp_filter``"
-#: ../../configuration/firewall/general.rst:150
-#: ../../configuration/firewall/general-legacy.rst:101
+#: ../../configuration/firewall/global-options.rst:87
msgid "``net.ipv4.conf.all.send_redirects``"
msgstr "``net.ipv4.conf.all.send_redirects``"
-#: ../../configuration/firewall/general.rst:124
-#: ../../configuration/firewall/general-legacy.rst:76
+#: ../../configuration/firewall/global-options.rst:61
msgid "``net.ipv4.icmp_echo_ignore_broadcasts``"
msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``"
-#: ../../configuration/firewall/general.rst:180
-#: ../../configuration/firewall/general-legacy.rst:129
+#: ../../configuration/firewall/global-options.rst:117
msgid "``net.ipv4.tcp_rfc1337``"
msgstr "``net.ipv4.tcp_rfc1337``"
-#: ../../configuration/firewall/general.rst:172
-#: ../../configuration/firewall/general-legacy.rst:122
+#: ../../configuration/firewall/global-options.rst:109
msgid "``net.ipv4.tcp_syncookies``"
msgstr "``net.ipv4.tcp_syncookies``"
-#: ../../configuration/firewall/general.rst:143
-#: ../../configuration/firewall/general-legacy.rst:94
+#: ../../configuration/firewall/global-options.rst:80
msgid "``net.ipv6.conf.all.accept_redirects``"
msgstr "``net.ipv6.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:133
-#: ../../configuration/firewall/general-legacy.rst:85
+#: ../../configuration/firewall/global-options.rst:70
msgid "``net.ipv6.conf.all.accept_source_route``"
msgstr "``net.ipv6.conf.all.accept_source_route``"
-#: ../../configuration/policy/route-map.rst:362
+#: ../../configuration/policy/route-map.rst:364
msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
msgstr "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
-#: ../../configuration/policy/route-map.rst:363
+#: ../../configuration/policy/route-map.rst:365
msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
msgstr "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
-#: ../../configuration/policy/route-map.rst:372
+#: ../../configuration/policy/route-map.rst:374
msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
msgstr "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
-#: ../../configuration/policy/route-map.rst:375
+#: ../../configuration/policy/route-map.rst:377
msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
msgstr "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
@@ -19740,7 +18875,9 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en
msgid "``psk`` - Preshared secret key name:"
msgstr "``psk`` - Preshared secret key name:"
-#: ../../configuration/firewall/general.rst:345
+#: ../../configuration/firewall/bridge.rst:83
+#: ../../configuration/firewall/ipv4.rst:101
+#: ../../configuration/firewall/ipv6.rst:101
msgid "``queue``: Enqueue packet to userspace."
msgstr "``queue``: Enqueue packet to userspace."
@@ -19748,7 +18885,8 @@ msgstr "``queue``: Enqueue packet to userspace."
msgid "``rate``: Number of packets. Default 5."
msgstr "``rate``: Number of packets. Default 5."
-#: ../../configuration/firewall/general.rst:338
+#: ../../configuration/firewall/ipv4.rst:94
+#: ../../configuration/firewall/ipv6.rst:94
msgid "``reject``: reject the packet."
msgstr "``reject``: reject the packet."
@@ -19781,7 +18919,9 @@ msgstr "``respond`` - does not try to initiate a connection to a remote peer. In
msgid "``restart`` set action to restart;"
msgstr "``restart`` set action to restart;"
-#: ../../configuration/firewall/general.rst:342
+#: ../../configuration/firewall/bridge.rst:80
+#: ../../configuration/firewall/ipv4.rst:98
+#: ../../configuration/firewall/ipv6.rst:98
msgid "``return``: Return from the current chain and continue at the next rule of the last chain."
msgstr "``return``: Return from the current chain and continue at the next rule of the last chain."
@@ -19801,19 +18941,19 @@ msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential ord
msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
-#: ../../configuration/policy/route-map.rst:367
+#: ../../configuration/policy/route-map.rst:369
msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
msgstr "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
-#: ../../configuration/policy/route-map.rst:369
+#: ../../configuration/policy/route-map.rst:371
msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
msgstr "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
-#: ../../configuration/policy/route-map.rst:368
+#: ../../configuration/policy/route-map.rst:370
msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
msgstr "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
-#: ../../configuration/policy/route-map.rst:370
+#: ../../configuration/policy/route-map.rst:372
msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
@@ -19829,6 +18969,31 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se
msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
+#: ../../configuration/firewall/index.rst:90
+msgid "``set firewall bridge forward filter ...``."
+msgstr "``set firewall bridge forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:61
+msgid "``set firewall ipv4 forward filter ...``."
+msgstr "``set firewall ipv4 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:72
+msgid "``set firewall ipv4 input filter ...``."
+msgstr "``set firewall ipv4 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:63
+msgid "``set firewall ipv6 forward filter ...``."
+msgstr "``set firewall ipv6 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:56
+msgid "``set firewall ipv6 input filter ...``."
+msgstr "``set firewall ipv6 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:74
+msgid "``set firewall ipv6 output filter ...``."
+msgstr "``set firewall ipv6 output filter ...``."
+
#: ../../configuration/interfaces/wireless.rst:238
msgid "``single-user-beamformee`` - Support for operation as single user beamformee"
msgstr "``single-user-beamformee`` - Support for operation as single user beamformee"
@@ -19877,7 +19042,8 @@ msgstr "``static`` - Statically configured routes"
msgid "``station`` - Connects to another access point"
msgstr "``station`` - Connects to another access point"
-#: ../../configuration/firewall/general.rst:347
+#: ../../configuration/firewall/ipv4.rst:103
+#: ../../configuration/firewall/ipv6.rst:103
msgid "``synproxy``: synproxy the packet."
msgstr "``synproxy``: synproxy the packet."
@@ -19961,10 +19127,18 @@ msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defi
msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
+#: ../../configuration/vpn/site2site_ipsec.rst:152
+msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+
#: ../../configuration/vpn/ipsec.rst:168
msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
+#: ../../configuration/vpn/ipsec.rst:168
+msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+
#: ../../configuration/policy/route-map.rst:175
msgid "``vnc`` - Virtual Network Control (VNC)"
msgstr "``vnc`` - Virtual Network Control (VNC)"
@@ -19993,7 +19167,7 @@ msgstr "``yes`` enable remote host re-authentication during an IKE rekey;"
msgid "`source-address` and `source-interface` can not be used at the same time."
msgstr "`source-address` and `source-interface` can not be used at the same time."
-#: ../../configuration/protocols/rpki.rst:16
+#: ../../configuration/protocols/rpki.rst:12
msgid "`tweet by EvilMog`_, 2020-02-21"
msgstr "`tweet by EvilMog`_, 2020-02-21"
@@ -20005,8 +19179,8 @@ msgstr "a bandwidth test over the VPN got these results:"
msgid "a blank indicates that no test has been carried out"
msgstr "a blank indicates that no test has been carried out"
-#: ../../configuration/nat/nat44.rst:728
-#: ../../configuration/nat/nat44.rst:733
+#: ../../configuration/nat/nat44.rst:750
+#: ../../configuration/nat/nat44.rst:755
msgid "aes256 Encryption"
msgstr "aes256 Encryption"
@@ -20020,7 +19194,7 @@ msgstr "alert"
msgid "all"
msgstr "all"
-#: ../../configuration/vrf/index.rst:426
+#: ../../configuration/vrf/index.rst:428
msgid "an RD / RTLIST"
msgstr "an RD / RTLIST"
@@ -20052,27 +19226,31 @@ msgstr "auto - interface duplex setting is auto-negotiated"
msgid "auto - interface speed is auto-negotiated"
msgstr "auto - interface speed is auto-negotiated"
+#: ../../configuration/system/frr.rst:32
+msgid "bgpd"
+msgstr "bgpd"
+
#: ../../configuration/service/router-advert.rst:13
msgid "bonding"
msgstr "bonding"
-#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:305
msgid "boot-size"
msgstr "boot-size"
-#: ../../configuration/service/dhcp-server.rst:331
+#: ../../configuration/service/dhcp-server.rst:298
msgid "bootfile-name"
msgstr "bootfile-name"
-#: ../../configuration/service/dhcp-server.rst:333
+#: ../../configuration/service/dhcp-server.rst:300
msgid "bootfile-name, filename"
msgstr "bootfile-name, filename"
-#: ../../configuration/service/dhcp-server.rst:321
+#: ../../configuration/service/dhcp-server.rst:288
msgid "bootfile-server"
msgstr "bootfile-server"
-#: ../../configuration/service/dhcp-server.rst:336
+#: ../../configuration/service/dhcp-server.rst:303
msgid "bootfile-size"
msgstr "bootfile-size"
@@ -20080,7 +19258,7 @@ msgstr "bootfile-size"
msgid "bridge"
msgstr "bridge"
-#: ../../configuration/service/dhcp-server.rst:269
+#: ../../configuration/service/dhcp-server.rst:236
msgid "client-prefix-length"
msgstr "client-prefix-length"
@@ -20112,11 +19290,11 @@ msgstr "daemon"
msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
-#: ../../configuration/service/dns.rst:205
+#: ../../configuration/service/dns.rst:218
msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
-#: ../../configuration/service/dns.rst:400
+#: ../../configuration/service/dns.rst:413
msgid "ddclient_ will skip any address located before the string set in `<pattern>`."
msgstr "ddclient_ will skip any address located before the string set in `<pattern>`."
@@ -20128,7 +19306,7 @@ msgstr "debug"
msgid "decrement-lifetime"
msgstr "decrement-lifetime"
-#: ../../configuration/service/dhcp-server.rst:368
+#: ../../configuration/service/dhcp-server.rst:335
msgid "default-lease-time, max-lease-time"
msgstr "default-lease-time, max-lease-time"
@@ -20140,7 +19318,7 @@ msgstr "default-lifetime"
msgid "default-preference"
msgstr "default-preference"
-#: ../../configuration/service/dhcp-server.rst:281
+#: ../../configuration/service/dhcp-server.rst:248
msgid "default-router"
msgstr "default-router"
@@ -20156,7 +19334,7 @@ msgstr "deprecate-prefix"
msgid "destination-hashing"
msgstr "destination-hashing"
-#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:285
msgid "dhcp-server-identifier"
msgstr "dhcp-server-identifier"
@@ -20168,28 +19346,9 @@ msgstr "direct"
msgid "directory"
msgstr "directory"
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/pppoe.rst:241
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/sstp-client.rst:113
#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
msgid "disable: No source validation"
msgstr "disable: No source validation"
@@ -20197,17 +19356,17 @@ msgstr "disable: No source validation"
msgid "dnssl"
msgstr "dnssl"
-#: ../../configuration/service/dhcp-server.rst:296
-#: ../../configuration/service/dhcp-server.rst:298
+#: ../../configuration/service/dhcp-server.rst:263
+#: ../../configuration/service/dhcp-server.rst:265
msgid "domain-name"
msgstr "domain-name"
-#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:260
msgid "domain-name-servers"
msgstr "domain-name-servers"
-#: ../../configuration/service/dhcp-server.rst:351
-#: ../../configuration/service/dhcp-server.rst:353
+#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:320
msgid "domain-search"
msgstr "domain-search"
@@ -20215,7 +19374,7 @@ msgstr "domain-search"
msgid "emerg"
msgstr "emerg"
-#: ../../configuration/firewall/general.rst:147
+#: ../../configuration/firewall/global-options.rst:84
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
@@ -20223,13 +19382,11 @@ msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following sy
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:139
-#: ../../configuration/firewall/general-legacy.rst:90
+#: ../../configuration/firewall/global-options.rst:76
msgid "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:154
-#: ../../configuration/firewall/general-legacy.rst:105
+#: ../../configuration/firewall/global-options.rst:91
msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
@@ -20245,11 +19402,11 @@ msgstr "ethernet"
msgid "exact-match: exact match of the network prefixes."
msgstr "exact-match: exact match of the network prefixes."
-#: ../../configuration/service/dhcp-server.rst:376
+#: ../../configuration/service/dhcp-server.rst:343
msgid "exclude"
msgstr "exclude"
-#: ../../configuration/service/dhcp-server.rst:381
+#: ../../configuration/service/dhcp-server.rst:348
msgid "failover"
msgstr "failover"
@@ -20318,11 +19475,15 @@ msgstr "invalid"
msgid "inverse-match: network/netmask to match (requires network be defined)."
msgstr "inverse-match: network/netmask to match (requires network be defined)."
-#: ../../configuration/service/dhcp-server.rst:301
-#: ../../configuration/service/dhcp-server.rst:303
+#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:270
msgid "ip-forwarding"
msgstr "ip-forwarding"
+#: ../../configuration/system/frr.rst:33
+msgid "isisd"
+msgstr "isisd"
+
#: ../../configuration/interfaces/ethernet.rst:90
msgid "it can be used with any NIC,"
msgstr "it can be used with any NIC,"
@@ -20339,7 +19500,11 @@ msgstr "kern"
msgid "l2tpv3"
msgstr "l2tpv3"
-#: ../../configuration/service/dhcp-server.rst:366
+#: ../../configuration/system/frr.rst:34
+msgid "ldpd"
+msgstr "ldpd"
+
+#: ../../configuration/service/dhcp-server.rst:333
msgid "lease"
msgstr "lease"
@@ -20347,19 +19512,19 @@ msgstr "lease"
msgid "least-connection"
msgstr "least-connection"
-#: ../../configuration/vpn/site2site_ipsec.rst:271
+#: ../../configuration/vpn/site2site_ipsec.rst:275
msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
msgstr "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
-#: ../../configuration/vpn/site2site_ipsec.rst:163
+#: ../../configuration/vpn/site2site_ipsec.rst:167
msgid "left local_ip: `198.51.100.3` # server side WAN IP"
msgstr "left local_ip: `198.51.100.3` # server side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:272
+#: ../../configuration/vpn/site2site_ipsec.rst:276
msgid "left public_ip:172.18.201.10"
msgstr "left public_ip:172.18.201.10"
-#: ../../configuration/vpn/site2site_ipsec.rst:161
+#: ../../configuration/vpn/site2site_ipsec.rst:165
msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
@@ -20439,28 +19604,9 @@ msgstr "logalert"
msgid "logaudit"
msgstr "logaudit"
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/pppoe.rst:237
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/sstp-client.rst:109
#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
@@ -20472,7 +19618,15 @@ msgstr "lpr"
msgid "mDNS Repeater"
msgstr "mDNS Repeater"
-#: ../../configuration/service/mdns.rst:28
+#: ../../configuration/service/mdns.rst:38
+msgid "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+msgstr "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+
+#: ../../configuration/service/mdns.rst:33
+msgid "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+
+#: ../../configuration/service/mdns.rst:29
msgid "mDNS repeater can be temporarily disabled without deleting the service using"
msgstr "mDNS repeater can be temporarily disabled without deleting the service using"
@@ -20512,12 +19666,12 @@ msgstr "more information related IGP - :ref:`routing-isis`"
msgid "more information related IGP - :ref:`routing-ospf`"
msgstr "more information related IGP - :ref:`routing-ospf`"
-#: ../../configuration/service/dhcp-server.rst:291
+#: ../../configuration/service/dhcp-server.rst:258
#: ../../configuration/service/router-advert.rst:1
msgid "name-server"
msgstr "name-server"
-#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:280
msgid "netbios-name-servers"
msgstr "netbios-name-servers"
@@ -20533,7 +19687,7 @@ msgstr "network: network/netmask to match (requires inverse-match be defined) BU
msgid "news"
msgstr "news"
-#: ../../configuration/service/dhcp-server.rst:323
+#: ../../configuration/service/dhcp-server.rst:290
msgid "next-server"
msgstr "next-server"
@@ -20557,11 +19711,11 @@ msgstr "notice"
msgid "ntp"
msgstr "ntp"
-#: ../../configuration/service/dhcp-server.rst:306
+#: ../../configuration/service/dhcp-server.rst:273
msgid "ntp-server"
msgstr "ntp-server"
-#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:275
msgid "ntp-servers"
msgstr "ntp-servers"
@@ -20573,6 +19727,14 @@ msgstr "one rule with a LAN (inbound-interface) and the WAN (interface)."
msgid "openvpn"
msgstr "openvpn"
+#: ../../configuration/system/frr.rst:35
+msgid "ospf6d"
+msgstr "ospf6d"
+
+#: ../../configuration/system/frr.rst:36
+msgid "ospfd"
+msgstr "ospfd"
+
#: ../../configuration/protocols/ospf.rst:207
msgid "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
msgstr "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
@@ -20601,8 +19763,8 @@ msgstr "policy extcommunity-list"
msgid "policy large-community-list"
msgstr "policy large-community-list"
-#: ../../configuration/service/dhcp-server.rst:346
-#: ../../configuration/service/dhcp-server.rst:348
+#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:315
msgid "pop-server"
msgstr "pop-server"
@@ -20619,8 +19781,8 @@ msgstr "prefix-list, distribute-list"
msgid "pseudo-ethernet"
msgstr "pseudo-ethernet"
-#: ../../configuration/service/dhcp-server.rst:371
-#: ../../configuration/service/dhcp-server.rst:373
+#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:340
msgid "range"
msgstr "range"
@@ -20636,7 +19798,7 @@ msgstr "reset commands"
msgid "retrans-timer"
msgstr "retrans-timer"
-#: ../../configuration/service/dhcp-server.rst:358
+#: ../../configuration/service/dhcp-server.rst:325
msgid "rfc3442-static-route, windows-static-route"
msgstr "rfc3442-static-route, windows-static-route"
@@ -20644,18 +19806,22 @@ msgstr "rfc3442-static-route, windows-static-route"
msgid "rfc3768-compatibility"
msgstr "rfc3768-compatibility"
-#: ../../configuration/vpn/site2site_ipsec.rst:273
+#: ../../configuration/vpn/site2site_ipsec.rst:277
msgid "right local_ip: 172.18.202.10 # right side WAN IP"
msgstr "right local_ip: 172.18.202.10 # right side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:165
+#: ../../configuration/vpn/site2site_ipsec.rst:169
msgid "right local_ip: `203.0.113.2` # remote office side WAN IP"
msgstr "right local_ip: `203.0.113.2` # remote office side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:164
+#: ../../configuration/vpn/site2site_ipsec.rst:168
msgid "right subnet: `10.0.0.0/24` site2,remote office side"
msgstr "right subnet: `10.0.0.0/24` site2,remote office side"
+#: ../../configuration/system/frr.rst:37
+msgid "ripd"
+msgstr "ripd"
+
#: ../../configuration/highavailability/index.rst:349
msgid "round-robin"
msgstr "round-robin"
@@ -20665,7 +19831,7 @@ msgstr "round-robin"
msgid "route-map"
msgstr "route-map"
-#: ../../configuration/service/dhcp-server.rst:283
+#: ../../configuration/service/dhcp-server.rst:250
msgid "routers"
msgstr "routers"
@@ -20682,7 +19848,7 @@ msgstr "sFlow is a technology that enables monitoring of network traffic by send
msgid "security"
msgstr "security"
-#: ../../configuration/service/dhcp-server.rst:316
+#: ../../configuration/service/dhcp-server.rst:283
msgid "server-identifier"
msgstr "server-identifier"
@@ -20694,8 +19860,8 @@ msgstr "server example"
msgid "set a destination and/or source address. Accepted input:"
msgstr "set a destination and/or source address. Accepted input:"
-#: ../../configuration/nat/nat44.rst:729
-#: ../../configuration/nat/nat44.rst:734
+#: ../../configuration/nat/nat44.rst:751
+#: ../../configuration/nat/nat44.rst:756
msgid "sha256 Hashes"
msgstr "sha256 Hashes"
@@ -20703,7 +19869,7 @@ msgstr "sha256 Hashes"
msgid "show commands"
msgstr "show commands"
-#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:289
msgid "siaddr"
msgstr "siaddr"
@@ -20711,8 +19877,8 @@ msgstr "siaddr"
msgid "slow: Request partner to transmit LACPDUs every 30 seconds"
msgstr "slow: Request partner to transmit LACPDUs every 30 seconds"
-#: ../../configuration/service/dhcp-server.rst:341
-#: ../../configuration/service/dhcp-server.rst:343
+#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:310
msgid "smtp-server"
msgstr "smtp-server"
@@ -20732,40 +19898,21 @@ msgstr "spoke01-spoke04"
msgid "spoke05"
msgstr "spoke05"
-#: ../../configuration/service/dhcp-server.rst:386
+#: ../../configuration/service/dhcp-server.rst:353
msgid "static-mapping"
msgstr "static-mapping"
-#: ../../configuration/service/dhcp-server.rst:356
+#: ../../configuration/service/dhcp-server.rst:323
msgid "static-route"
msgstr "static-route"
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/pppoe.rst:233
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/sstp-client.rst:105
#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
msgstr "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
-#: ../../configuration/service/dhcp-server.rst:271
+#: ../../configuration/service/dhcp-server.rst:238
msgid "subnet-mask"
msgstr "subnet-mask"
@@ -20781,8 +19928,8 @@ msgstr "tail"
msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
msgstr "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
-#: ../../configuration/service/dhcp-server.rst:326
-#: ../../configuration/service/dhcp-server.rst:328
+#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:295
msgid "tftp-server-name"
msgstr "tftp-server-name"
@@ -20791,16 +19938,16 @@ msgstr "tftp-server-name"
msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
msgstr "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
-#: ../../configuration/service/dhcp-server.rst:275
-#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:242
+#: ../../configuration/service/dhcp-server.rst:244
msgid "time-offset"
msgstr "time-offset"
-#: ../../configuration/service/dhcp-server.rst:286
+#: ../../configuration/service/dhcp-server.rst:253
msgid "time-server"
msgstr "time-server"
-#: ../../configuration/service/dhcp-server.rst:288
+#: ../../configuration/service/dhcp-server.rst:255
msgid "time-servers"
msgstr "time-servers"
@@ -20861,7 +20008,7 @@ msgstr "weighted-round-robin"
msgid "while a *byte* is written as a single **b**."
msgstr "while a *byte* is written as a single **b**."
-#: ../../configuration/service/dhcp-server.rst:311
+#: ../../configuration/service/dhcp-server.rst:278
msgid "wins-server"
msgstr "wins-server"
@@ -20877,14 +20024,18 @@ msgstr "wireless"
msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
msgstr "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
-#: ../../configuration/service/dhcp-server.rst:361
+#: ../../configuration/service/dhcp-server.rst:328
msgid "wpad-url"
msgstr "wpad-url"
-#: ../../configuration/service/dhcp-server.rst:363
+#: ../../configuration/service/dhcp-server.rst:330
msgid "wpad-url, wpad-url code 252 = text"
msgstr "wpad-url, wpad-url code 252 = text"
#: ../../configuration/service/router-advert.rst:23
msgid "wwan"
msgstr "wwan"
+
+#: ../../configuration/system/frr.rst:38
+msgid "zebra"
+msgstr "zebra"
diff --git a/docs/_locale/de/contributing.pot b/docs/_locale/de/contributing.pot
index f9195a6f..5f9d0337 100644
--- a/docs/_locale/de/contributing.pot
+++ b/docs/_locale/de/contributing.pot
@@ -80,8 +80,8 @@ msgstr "Eine einzelne, kurze Zusammenfassung des Commits (empfohlen 50 Zeichen o
msgid "Abbreviations and acronyms **must** be capitalized."
msgstr "Abkürzungen und Akronyme **müssen** groß geschrieben werden."
-#: ../../contributing/build-vyos.rst:403
-#: ../../contributing/build-vyos.rst:591
+#: ../../contributing/build-vyos.rst:443
+#: ../../contributing/build-vyos.rst:631
msgid "Accel-PPP"
msgstr "Accel-PPP"
@@ -93,7 +93,7 @@ msgstr "Auch Akronyme **müssen** groß geschrieben werden, um sie optisch von n
msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
msgstr "Hinzufügen einer Datei zum Git-Index mit ``git add myfile``, oder für ein ganzes Verzeichnis: ``git add somedir/*``"
-#: ../../contributing/testing.rst:99
+#: ../../contributing/testing.rst:100
msgid "Add one or more IP addresses"
msgstr "Eine oder mehrere IP-Adressen hinzufügen"
@@ -101,17 +101,17 @@ msgstr "Eine oder mehrere IP-Adressen hinzufügen"
msgid "Address"
msgstr "Adresse"
-#: ../../contributing/build-vyos.rst:800
+#: ../../contributing/build-vyos.rst:840
msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
msgstr "Nach ein oder zwei Minuten finden Sie die generierten DEB-Pakete neben dem vyos-1x Quellverzeichnis:"
-#: ../../contributing/build-vyos.rst:627
-#: ../../contributing/build-vyos.rst:656
-#: ../../contributing/build-vyos.rst:691
+#: ../../contributing/build-vyos.rst:667
+#: ../../contributing/build-vyos.rst:696
+#: ../../contributing/build-vyos.rst:731
msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
msgstr "Nach dem Kompilieren der Pakete finden Sie die neu erzeugten `*.deb`-Binärdateien in ``vyos-build/packages/linux-kernel``, von wo aus sie in den ``vyos-build/packages``-Ordner kopiert werden können, um sie während der ISO-Erstellung einzubinden."
-#: ../../contributing/testing.rst:50
+#: ../../contributing/testing.rst:51
msgid "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
msgstr "Nach dem ersten Start des neu installierten Systems wird das Smoketest-Hauptskript ausgeführt, das hier zu finden ist: `/usr/bin/vyos-smoketest`"
@@ -147,23 +147,23 @@ msgstr "Verwenden Sie immer die Option ``-x`` für den Befehl ``git cherry-pick`
msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
msgstr "Ein weiterer Vorteil ist die Testbarkeit des Codes. Das Mocking des gesamten Konfigurations-Subsystems ist schwierig, während die Konstruktion einer internen Darstellung von Hand viel einfacher ist."
-#: ../../contributing/build-vyos.rst:702
+#: ../../contributing/build-vyos.rst:742
msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
msgstr "Jedes \"modifizierte\" Paket kann sich auf eine geänderte Version von z.B. des vyos-1x Pakets beziehen, das Sie testen möchten, bevor Sie einen Pull Request auf GitHub stellen."
-#: ../../contributing/build-vyos.rst:831
+#: ../../contributing/build-vyos.rst:871
msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
msgstr "Alle Pakete im Paketverzeichnis werden während des Builds zur iso hinzugefügt und ersetzen die Upstream-Pakete. Stellen Sie sicher, dass Sie diese löschen (sowohl die Quellverzeichnisse als auch die erstellten deb-Pakete), wenn Sie eine Iso aus reinen Upstream-Paketen erstellen wollen."
-#: ../../contributing/testing.rst:56
+#: ../../contributing/testing.rst:57
msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
msgstr "Da Smoketests die Systemkonfiguration ändern und Sie aus der Ferne eingeloggt sind, kann es sein, dass Sie die Verbindung zum System verlieren."
-#: ../../contributing/testing.rst:12
+#: ../../contributing/testing.rst:13
msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
msgstr "Da die VyOS-Dokumentation nicht nur für die Benutzer, sondern auch für die Entwickler gedacht ist - und wir keine geheime Dokumentation führen - wird in diesem Abschnitt beschrieben, wie das automatische Testen funktioniert."
-#: ../../contributing/build-vyos.rst:777
+#: ../../contributing/build-vyos.rst:817
msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
msgstr "Nehmen wir an, wir wollen das vyos-1x Paket selbst erstellen und es an unsere Bedürfnisse anpassen. Zuerst müssen wir das Repository von GitHub klonen."
@@ -215,15 +215,15 @@ msgstr "Startzeitpunkt"
msgid "Bug Report/Issue"
msgstr "Fehlerbericht/Ereignis"
-#: ../../contributing/build-vyos.rst:785
+#: ../../contributing/build-vyos.rst:825
msgid "Build"
msgstr "Erstellen"
-#: ../../contributing/build-vyos.rst:60
+#: ../../contributing/build-vyos.rst:122
msgid "Build Container"
msgstr "Container bauen"
-#: ../../contributing/build-vyos.rst:182
+#: ../../contributing/build-vyos.rst:215
msgid "Build ISO"
msgstr "ISO erstellen"
@@ -231,31 +231,31 @@ msgstr "ISO erstellen"
msgid "Build VyOS"
msgstr "VyOS erstellen"
-#: ../../contributing/build-vyos.rst:85
+#: ../../contributing/build-vyos.rst:147
msgid "Build from source"
msgstr "Aus dem Quellcode erstellen"
-#: ../../contributing/build-vyos.rst:582
+#: ../../contributing/build-vyos.rst:622
msgid "Building Out-Of-Tree Modules"
msgstr "Erstellen von Out-Of-Tree-Modulen"
-#: ../../contributing/build-vyos.rst:435
+#: ../../contributing/build-vyos.rst:475
msgid "Building The Kernel"
msgstr "Den Kernel bauen"
-#: ../../contributing/build-vyos.rst:246
+#: ../../contributing/build-vyos.rst:286
msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
msgstr "Die Erstellung von VyOS auf Windows WSL2 mit Docker, das in WSL2 integriert ist, funktioniert problemlos. Bislang sind keine Probleme bekannt!"
-#: ../../contributing/build-vyos.rst:705
+#: ../../contributing/build-vyos.rst:745
msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
msgstr "Die Erstellung eines ISO-Images mit einem angepassten Paket unterscheidet sich in keiner Weise von der Erstellung eines regulären ISO-Images (angepasst oder nicht). Legen Sie einfach Ihr modifiziertes `*.deb`-Paket in den Ordner `packages` innerhalb von `vyos-build`. Der Build-Prozess wird dann Ihr angepasstes Paket aufnehmen und in Ihr ISO integrieren."
-#: ../../contributing/build-vyos.rst:584
+#: ../../contributing/build-vyos.rst:624
msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
msgstr "Den Kernel zu bauen ist ein Teil, aber jetzt müssen Sie auch die benötigten Out-of-Tree-Module bauen, damit alles zusammenpasst und die ABIs übereinstimmen. Um dies zu tun, können Sie wieder einen Blick auf ``vyos-build/packages/linux-kernel/Jenkinsfile`` werfen, um alle benötigten Module und ihre ausgewählten Versionen zu sehen. Wir werden Ihnen zeigen, wie Sie alle aktuell benötigten Module bauen können."
-#: ../../contributing/build-vyos.rst:475
+#: ../../contributing/build-vyos.rst:515
msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
msgstr "Die Erstellung des Kernels wird einige Zeit in Anspruch nehmen, abhängig von der Geschwindigkeit und Anzahl Ihrer CPU/Kerne und der Festplattengeschwindigkeit. Rechnen Sie mit 20 Minuten (oder sogar länger) auf weniger leistungsfähiger Hardware."
@@ -275,7 +275,7 @@ msgstr "C++ Backend-Code"
msgid "Capitalization and punctuation"
msgstr "Großschreibung und Zeichensetzung"
-#: ../../contributing/build-vyos.rst:448
+#: ../../contributing/build-vyos.rst:488
msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
msgstr "Überprüfen Sie die benötigte Kernelversion - siehe ``vyos-build/data/defaults.json`` Datei (das Beispiel verwendet Kernel 4.19.146):"
@@ -283,7 +283,7 @@ msgstr "Überprüfen Sie die benötigte Kernelversion - siehe ``vyos-build/data/
msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
msgstr "Klonen: ``git clone https://github.com/<user>/vyos-1x.git``"
-#: ../../contributing/build-vyos.rst:441
+#: ../../contributing/build-vyos.rst:481
msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
msgstr "Klonen Sie den Kernel-Quellcode nach `vyos-build/packages/linux-kernel/`:"
@@ -299,7 +299,7 @@ msgstr "Befehlsdefinitionen sind rein deklarativ und können keine Logik enthalt
msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
msgstr "Übertragen Sie die Änderungen durch den Aufruf von ``git commit``. Bitte verwenden Sie eine aussagekräftige Commit-Überschrift (siehe oben) und vergessen Sie nicht, die Phabricator_ ID anzugeben."
-#: ../../contributing/testing.rst:151
+#: ../../contributing/testing.rst:152
msgid "Config Load Tests"
msgstr "Last Tests der Konfiguration"
@@ -323,11 +323,11 @@ msgstr "Ziehen Sie die documentation_ zu Rate, um sicherzustellen, dass Sie Ihr
msgid "Continuous Integration"
msgstr "Continuous Integration"
-#: ../../contributing/build-vyos.rst:255
+#: ../../contributing/build-vyos.rst:295
msgid "Customize"
msgstr "Anpassen"
-#: ../../contributing/testing.rst:100
+#: ../../contributing/testing.rst:101
msgid "DHCP client and DHCPv6 prefix delegation"
msgstr "DHCP-Client und DHCPv6-Präfix-Delegation"
@@ -335,19 +335,31 @@ msgstr "DHCP-Client und DHCPv6-Präfix-Delegation"
msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
msgstr "DMVPN-Patches werden durch diesen Commit hinzugefügt: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
-#: ../../contributing/build-vyos.rst:713
+#: ../../contributing/build-vyos.rst:753
msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
msgstr "Debian APT ist nicht sehr ausführlich, wenn es um Fehler geht. Wenn Ihre ISO-Erstellung aus irgendeinem Grund fehlschlägt und Sie vermuten, dass es ein Problem mit APT-Abhängigkeiten oder der Installation ist, können Sie diesen kleinen Patch hinzufügen, der die Ausführlichkeit von APT während der ISO-Erstellung erhöht."
+#: ../../contributing/build-vyos.rst:42
+msgid "Debian Bookworm for VyOS 1.4 (sagitta)"
+msgstr "Debian Bookworm for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:43
+msgid "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+msgstr "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+
#: ../../contributing/build-vyos.rst:154
msgid "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
msgstr "Debian Bullseye für VyOS 1.4 (sagitta, current) - auch bekannt als rolling release"
-#: ../../contributing/build-vyos.rst:153
+#: ../../contributing/build-vyos.rst:154
+msgid "Debian Bullseye for VyOS 1.4 (sagitta)"
+msgstr "Debian Bullseye for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:41
msgid "Debian Buster for VyOS 1.3 (equuleus)"
msgstr "Debian Buster für VyOS 1.3 (equuleus)"
-#: ../../contributing/build-vyos.rst:152
+#: ../../contributing/build-vyos.rst:40
msgid "Debian Jessie for VyOS 1.2 (crux)"
msgstr "Debian Jessie für VyOS 1.2 (Kernstück)"
@@ -379,15 +391,15 @@ msgstr "Entwicklung"
msgid "Do not add angle brackets around the format, they will be inserted automatically"
msgstr "Fügen Sie keine spitzen Klammern um das Format hinzu, sie werden automatisch eingefügt."
-#: ../../contributing/build-vyos.rst:33
+#: ../../contributing/build-vyos.rst:83
msgid "Docker"
msgstr "Docker"
-#: ../../contributing/build-vyos.rst:73
+#: ../../contributing/build-vyos.rst:135
msgid "Dockerhub"
msgstr "Dockerhub"
-#: ../../contributing/build-vyos.rst:50
+#: ../../contributing/build-vyos.rst:112
msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
msgstr "Dadurch erhält er die gleichen Rechte wie der Benutzer ``root``! Es wird empfohlen, den Nicht-Root-Benutzer aus der ``docker``-Gruppe zu entfernen, nachdem das VyOS-ISO erstellt wurde. Siehe auch `Docker als non-root`_."
@@ -395,6 +407,10 @@ msgstr "Dadurch erhält er die gleichen Rechte wie der Benutzer ``root``! Es wir
msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
msgstr "Aufgrund von Problemen in der Upstream-Version, die manchmal zum Ausfall von Schnittstellen führten, wird eine modifizierte Version verwendet."
+#: ../../contributing/build-vyos.rst:87
+msgid "Due to the updated version of Docker, the following examples may become invalid."
+msgstr "Due to the updated version of Docker, the following examples may become invalid."
+
#: ../../contributing/debugging.rst:172
msgid "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
msgstr "Während der Migration und des umfangreichen Umschreibens von Funktionalität von Perl nach Python wurde eine deutliche Erhöhung der gesamten Systemstartzeit festgestellt. Die Systemstartzeit kann analysiert werden, und am Ende kann ein Diagramm erstellt werden, das im Detail zeigt, wer wen während der Systemstartphase aufgerufen hat."
@@ -403,7 +419,7 @@ msgstr "Während der Migration und des umfangreichen Umschreibens von Funktional
msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
msgstr "Jedes Modul wird bei Bedarf gebaut, wenn ein neuer Commit für den betreffenden Zweig gefunden wird. Nach einem erfolgreichen Lauf werden die resultierenden Debian-Pakete in unserem Debian-Repository bereitgestellt, das während der Build-Zeit verwendet wird. Es befindet sich hier: http://dev.packages.vyos.net/repositories/."
-#: ../../contributing/build-vyos.rst:407
+#: ../../contributing/build-vyos.rst:447
msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
msgstr "Jedes dieser Module ist von der Kernel-Version abhängig, und wenn Sie das Glück haben, einen ISO-Build-Fehler zu erhalten, der sich wie folgt anhört:"
@@ -420,7 +436,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl
msgstr "Jeder Änderungssatz muss konsistent (in sich geschlossen) sein! Beheben Sie nicht mehrere Fehler in einem einzigen Commit. Wenn Sie bereits an mehreren Fehlerkorrekturen in derselben Datei gearbeitet haben, verwenden Sie `git add --patch`, um nur die Teile, die sich auf das eine Problem beziehen, in Ihren nächsten Commit aufzunehmen."
#: ../../contributing/development.rst:412
-#: ../../contributing/testing.rst:65
+#: ../../contributing/testing.rst:66
msgid "Example:"
msgstr "Beispiel:"
@@ -453,11 +469,11 @@ msgstr "FRR"
msgid "Feature Request"
msgstr "Feature Anfrage"
-#: ../../contributing/build-vyos.rst:560
+#: ../../contributing/build-vyos.rst:600
msgid "Firmware"
msgstr "Firmware"
-#: ../../contributing/build-vyos.rst:593
+#: ../../contributing/build-vyos.rst:633
msgid "First, clone the source code and check out the appropriate version by running:"
msgstr "Klonen Sie zunächst den Quellcode und auschecken Sie die entsprechende Version aus:"
@@ -485,7 +501,7 @@ msgstr "Zum Beispiel kann ``/tmp/vyos.ifconfig.debug`` erstellt werden, um das D
msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
msgstr "Wenn Sie zum Beispiel ``export VYOS_IFCONFIG_DEBUG=\"\"`` in Ihrer vbash ausführen, hat das den gleichen Effekt wie ``touch /tmp/vyos.ifconfig.debug``."
-#: ../../contributing/build-vyos.rst:170
+#: ../../contributing/build-vyos.rst:72
msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
msgstr "Die erforderlichen Pakete finden Sie in der Datei ``docker/Dockerfile`` im repository_. Das Skript ``./build-vyos-image`` wird Sie auch warnen, wenn irgendwelche Abhängigkeiten fehlen."
@@ -534,7 +550,7 @@ msgstr "Gut: PPPoE, IPsec"
msgid "Good: RADIUS (as in remote authentication for dial-in user services)"
msgstr "Gut: RADIUS (as in remote authentication for dial-in user services)"
-#: ../../contributing/build-vyos.rst:244
+#: ../../contributing/build-vyos.rst:284
msgid "Good luck!"
msgstr "Viel Glück!"
@@ -562,11 +578,11 @@ msgstr "Schrecklich: \"frobnication algorithm.\""
msgid "How can we reproduce this Bug?"
msgstr "Wie können wir diesen Fehler reproduzieren?"
-#: ../../contributing/testing.rst:102
+#: ../../contributing/testing.rst:103
msgid "IP and IPv6 options"
msgstr "IP- und IPv6-Optionen"
-#: ../../contributing/build-vyos.rst:308
+#: ../../contributing/build-vyos.rst:348
msgid "ISO Build Issues"
msgstr "ISO Build-Probleme"
@@ -590,11 +606,11 @@ msgstr "Falls zutreffend, sollte ein Verweis auf einen vorhergehenden Commit gem
msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
msgstr "Wenn in den Commits Ihres Pull-Requests keine Phabricator_ Referenz vorhanden ist, müssen wir Sie bitten, die Commit-Nachricht zu ändern. Andernfalls müssen wir sie ablehnen."
-#: ../../contributing/build-vyos.rst:699
+#: ../../contributing/build-vyos.rst:739
msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
msgstr "Wenn Sie mutig genug sind, sich ein ISO-Image zu erstellen, das ein beliebiges modifiziertes Paket aus unserer GitHub-Organisation enthält, sind Sie hier genau richtig."
-#: ../../contributing/build-vyos.rst:562
+#: ../../contributing/build-vyos.rst:602
msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
msgstr "Wenn Sie Ihren Kernel aktualisieren oder neue Treiber einbinden, benötigen Sie möglicherweise eine neue Firmware. Erstellen Sie ein neues ``vyos-linux-firmware`` Paket mit den enthaltenen Hilfsskripten."
@@ -622,7 +638,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di
msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
-#: ../../contributing/build-vyos.rst:554
+#: ../../contributing/build-vyos.rst:594
msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
@@ -638,7 +654,7 @@ msgstr "Ausgabe einbeziehen"
msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
-#: ../../contributing/build-vyos.rst:810
+#: ../../contributing/build-vyos.rst:850
msgid "Install"
msgstr "Installieren"
@@ -646,7 +662,7 @@ msgstr "Installieren"
msgid "Install https://pypi.org/project/stdeb/"
msgstr "Install https://pypi.org/project/stdeb/"
-#: ../../contributing/build-vyos.rst:35
+#: ../../contributing/build-vyos.rst:85
msgid "Installing Docker_ and prerequisites:"
msgstr "Installing Docker_ and prerequisites:"
@@ -654,23 +670,23 @@ msgstr "Installing Docker_ and prerequisites:"
msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
-#: ../../contributing/build-vyos.rst:632
+#: ../../contributing/build-vyos.rst:672
msgid "Intel NIC"
msgstr "Intel NIC"
-#: ../../contributing/build-vyos.rst:404
+#: ../../contributing/build-vyos.rst:444
msgid "Intel NIC drivers"
msgstr "Intel NIC drivers"
-#: ../../contributing/build-vyos.rst:661
+#: ../../contributing/build-vyos.rst:701
msgid "Intel QAT"
msgstr "Intel QAT"
-#: ../../contributing/build-vyos.rst:405
+#: ../../contributing/build-vyos.rst:445
msgid "Inter QAT"
msgstr "Inter QAT"
-#: ../../contributing/testing.rst:90
+#: ../../contributing/testing.rst:91
msgid "Interface based tests"
msgstr "Interface based tests"
@@ -690,11 +706,11 @@ msgstr "It's an Ada program and requires GNAT and gprbuild for building, depende
msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
-#: ../../contributing/testing.rst:17
+#: ../../contributing/testing.rst:18
msgid "Jenkins CI"
msgstr "Jenkins CI"
-#: ../../contributing/build-vyos.rst:816
+#: ../../contributing/build-vyos.rst:856
msgid "Just install using the following commands:"
msgstr "Just install using the following commands:"
@@ -710,7 +726,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi
msgid "Kernel"
msgstr "Kernel"
-#: ../../contributing/build-vyos.rst:787
+#: ../../contributing/build-vyos.rst:827
msgid "Launch Docker container and build package"
msgstr "Launch Docker container and build package"
@@ -734,7 +750,7 @@ msgstr "Like any other project we have some small guidelines about our source co
msgid "Limits:"
msgstr "Limits:"
-#: ../../contributing/build-vyos.rst:390
+#: ../../contributing/build-vyos.rst:430
msgid "Linux Kernel"
msgstr "Linux Kernel"
@@ -742,7 +758,7 @@ msgstr "Linux Kernel"
msgid "Live System"
msgstr "Live System"
-#: ../../contributing/testing.rst:101
+#: ../../contributing/testing.rst:102
msgid "MTU size"
msgstr "MTU size"
@@ -750,11 +766,11 @@ msgstr "MTU size"
msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
-#: ../../contributing/testing.rst:60
+#: ../../contributing/testing.rst:61
msgid "Manual Smoketest Run"
msgstr "Manual Smoketest Run"
-#: ../../contributing/testing.rst:168
+#: ../../contributing/testing.rst:169
msgid "Manual config load test"
msgstr "Manual config load test"
@@ -770,7 +786,7 @@ msgstr "Migrating old CLI"
msgid "Move default values to scripts"
msgstr "Move default values to scripts"
-#: ../../contributing/build-vyos.rst:147
+#: ../../contributing/build-vyos.rst:35
msgid "Native Build"
msgstr "Native Build"
@@ -807,23 +823,23 @@ msgstr "None"
msgid "Notes"
msgstr "Notes"
-#: ../../contributing/build-vyos.rst:199
+#: ../../contributing/build-vyos.rst:236
msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
-#: ../../contributing/build-vyos.rst:184
+#: ../../contributing/build-vyos.rst:217
msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
-#: ../../contributing/build-vyos.rst:384
+#: ../../contributing/build-vyos.rst:424
msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
-#: ../../contributing/build-vyos.rst:469
+#: ../../contributing/build-vyos.rst:509
msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
-#: ../../contributing/build-vyos.rst:133
+#: ../../contributing/build-vyos.rst:199
msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
@@ -831,7 +847,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t
msgid "Old concept/syntax"
msgstr "Old concept/syntax"
-#: ../../contributing/testing.rst:62
+#: ../../contributing/testing.rst:63
msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
@@ -843,7 +859,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with
msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
-#: ../../contributing/testing.rst:170
+#: ../../contributing/testing.rst:171
msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
@@ -851,6 +867,10 @@ msgstr "One is not bound to load all configurations one after another but can al
msgid "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
msgstr "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+#: ../../contributing/testing.rst:7
+msgid "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+msgstr "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+
#: ../../contributing/development.rst:665
msgid "Only applicable to leaf nodes"
msgstr "Only applicable to leaf nodes"
@@ -863,7 +883,7 @@ msgstr "Other packages (e.g. vyos-1x) add dependencies to the ISO build procedur
msgid "Our StrongSWAN build differs from the upstream:"
msgstr "Our StrongSWAN build differs from the upstream:"
-#: ../../contributing/testing.rst:19
+#: ../../contributing/testing.rst:20
msgid "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
msgstr "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
@@ -875,12 +895,12 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind
msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
-#: ../../contributing/testing.rst:92
+#: ../../contributing/testing.rst:93
msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
-#: ../../contributing/build-vyos.rst:697
-#: ../../contributing/build-vyos.rst:766
+#: ../../contributing/build-vyos.rst:737
+#: ../../contributing/build-vyos.rst:806
msgid "Packages"
msgstr "Packages"
@@ -904,11 +924,11 @@ msgstr "Please submit your patches using the well-known GitHub pull-request agai
msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
-#: ../../contributing/testing.rst:103
+#: ../../contributing/testing.rst:104
msgid "Port description"
msgstr "Port description"
-#: ../../contributing/testing.rst:104
+#: ../../contributing/testing.rst:105
msgid "Port disable"
msgstr "Port disable"
@@ -952,7 +972,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway?
msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
-#: ../../contributing/build-vyos.rst:745
+#: ../../contributing/build-vyos.rst:785
msgid "QEMU"
msgstr "QEMU"
@@ -968,16 +988,16 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca
msgid "Report a Bug"
msgstr "Report a Bug"
-#: ../../contributing/build-vyos.rst:747
+#: ../../contributing/build-vyos.rst:787
msgid "Run the following command after building the ISO image."
msgstr "Run the following command after building the ISO image."
-#: ../../contributing/build-vyos.rst:756
+#: ../../contributing/build-vyos.rst:796
msgid "Run the following command after building the QEMU image."
msgstr "Run the following command after building the QEMU image."
-#: ../../contributing/build-vyos.rst:637
-#: ../../contributing/build-vyos.rst:666
+#: ../../contributing/build-vyos.rst:677
+#: ../../contributing/build-vyos.rst:706
msgid "Simply use our wrapper script to build all of the driver modules."
msgstr "Simply use our wrapper script to build all of the driver modules."
@@ -985,19 +1005,19 @@ msgstr "Simply use our wrapper script to build all of the driver modules."
msgid "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
msgstr "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
-#: ../../contributing/testing.rst:29
+#: ../../contributing/testing.rst:30
msgid "Smoketests"
msgstr "Smoketests"
-#: ../../contributing/testing.rst:31
+#: ../../contributing/testing.rst:32
msgid "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
msgstr "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
-#: ../../contributing/testing.rst:44
+#: ../../contributing/testing.rst:45
msgid "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
msgstr "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
-#: ../../contributing/build-vyos.rst:136
+#: ../../contributing/build-vyos.rst:202
msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
@@ -1005,7 +1025,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver
msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
-#: ../../contributing/testing.rst:201
+#: ../../contributing/testing.rst:202
msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
@@ -1013,7 +1033,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos
msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
-#: ../../contributing/build-vyos.rst:229
+#: ../../contributing/build-vyos.rst:269
msgid "Start the build:"
msgstr "Start the build:"
@@ -1057,15 +1077,15 @@ msgstr "Text generation"
msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
-#: ../../contributing/build-vyos.rst:634
+#: ../../contributing/build-vyos.rst:674
msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
-#: ../../contributing/build-vyos.rst:662
+#: ../../contributing/build-vyos.rst:702
msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
-#: ../../contributing/build-vyos.rst:392
+#: ../../contributing/build-vyos.rst:432
msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
@@ -1089,7 +1109,7 @@ msgstr "The ``generate()`` function generates config files for system components
msgid "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
msgstr "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
-#: ../../contributing/testing.rst:47
+#: ../../contributing/testing.rst:48
msgid "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
msgstr "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
@@ -1101,19 +1121,19 @@ msgstr "The ``verify()`` function takes your internal representation of the conf
msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
-#: ../../contributing/build-vyos.rst:54
+#: ../../contributing/build-vyos.rst:116
msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
-#: ../../contributing/testing.rst:158
+#: ../../contributing/testing.rst:159
msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
-#: ../../contributing/build-vyos.rst:87
+#: ../../contributing/build-vyos.rst:149
msgid "The container can also be built directly from source:"
msgstr "The container can also be built directly from source:"
-#: ../../contributing/build-vyos.rst:62
+#: ../../contributing/build-vyos.rst:124
msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
@@ -1121,11 +1141,11 @@ msgstr "The container can be built by hand or by fetching the pre-built one from
msgid "The default template processor for VyOS code is Jinja2_."
msgstr "The default template processor for VyOS code is Jinja2_."
-#: ../../contributing/build-vyos.rst:773
+#: ../../contributing/build-vyos.rst:813
msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
-#: ../../contributing/testing.rst:163
+#: ../../contributing/testing.rst:164
msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
@@ -1137,6 +1157,10 @@ msgstr "The file can be placed in ``/tmp`` for one time debugging (as the file w
msgid "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
msgstr "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
+#: ../../contributing/build-vyos.rst:26
+msgid "The following includes the build process for VyOS 1.2 to the latest version."
+msgstr "The following includes the build process for VyOS 1.2 to the latest version."
+
#: ../../contributing/development.rst:71
msgid "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
msgstr "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
@@ -1149,11 +1173,11 @@ msgstr "The great thing about schemas is not only that people can know the compl
msgid "The information is used in three ways:"
msgstr "The information is used in three ways:"
-#: ../../contributing/build-vyos.rst:437
+#: ../../contributing/build-vyos.rst:477
msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
-#: ../../contributing/build-vyos.rst:425
+#: ../../contributing/build-vyos.rst:465
msgid "The most obvious reasons could be:"
msgstr "The most obvious reasons could be:"
@@ -1161,7 +1185,7 @@ msgstr "The most obvious reasons could be:"
msgid "The original repo is at https://github.com/dmbaturin/hvinfo"
msgstr "The original repo is at https://github.com/dmbaturin/hvinfo"
-#: ../../contributing/testing.rst:153
+#: ../../contributing/testing.rst:154
msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
@@ -1181,7 +1205,7 @@ msgstr "The reason is that the configuration migration backend is rewritten and
msgid "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
msgstr "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
-#: ../../contributing/testing.rst:53
+#: ../../contributing/testing.rst:54
msgid "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
msgstr "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
@@ -1205,7 +1229,7 @@ msgstr "The switch to the Python programming language for new code is not merely
msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
-#: ../../contributing/build-vyos.rst:310
+#: ../../contributing/build-vyos.rst:350
msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
@@ -1221,7 +1245,7 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo
msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
-#: ../../contributing/build-vyos.rst:257
+#: ../../contributing/build-vyos.rst:297
msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
@@ -1249,31 +1273,35 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https
msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
-#: ../../contributing/build-vyos.rst:572
+#: ../../contributing/build-vyos.rst:612
msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
-#: ../../contributing/build-vyos.rst:26
+#: ../../contributing/build-vyos.rst:76
+msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+
+#: ../../contributing/build-vyos.rst:28
msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
-#: ../../contributing/testing.rst:147
+#: ../../contributing/testing.rst:148
msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
-#: ../../contributing/testing.rst:97
+#: ../../contributing/testing.rst:98
msgid "Those common tests consists out of:"
msgstr "Those common tests consists out of:"
-#: ../../contributing/build-vyos.rst:107
+#: ../../contributing/build-vyos.rst:173
msgid "Tips and Tricks"
msgstr "Tips and Tricks"
-#: ../../contributing/build-vyos.rst:46
+#: ../../contributing/build-vyos.rst:108
msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
-#: ../../contributing/build-vyos.rst:149
+#: ../../contributing/build-vyos.rst:37
msgid "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
msgstr "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
@@ -1285,7 +1313,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every
msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
-#: ../../contributing/build-vyos.rst:333
+#: ../../contributing/build-vyos.rst:373
msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
@@ -1305,19 +1333,19 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll
msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
-#: ../../contributing/build-vyos.rst:75
+#: ../../contributing/build-vyos.rst:137
msgid "To manually download the container from DockerHub, run:"
msgstr "To manually download the container from DockerHub, run:"
-#: ../../contributing/build-vyos.rst:156
+#: ../../contributing/build-vyos.rst:46
msgid "To start, clone the repository to your local machine:"
msgstr "To start, clone the repository to your local machine:"
-#: ../../contributing/build-vyos.rst:812
+#: ../../contributing/build-vyos.rst:852
msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
-#: ../../contributing/build-vyos.rst:711
+#: ../../contributing/build-vyos.rst:751
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -1357,11 +1385,11 @@ msgstr "Useful commands are:"
msgid "VIF (incl. VIF-S/VIF-C)"
msgstr "VIF (incl. VIF-S/VIF-C)"
-#: ../../contributing/testing.rst:105
+#: ../../contributing/testing.rst:106
msgid "VLANs (QinQ and regular 802.1q)"
msgstr "VLANs (QinQ and regular 802.1q)"
-#: ../../contributing/build-vyos.rst:754
+#: ../../contributing/build-vyos.rst:794
msgid "VMware"
msgstr "VMware"
@@ -1373,7 +1401,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form."
msgid "Verbs **should** be avoided. If a verb can be omitted, omit it."
msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it."
-#: ../../contributing/build-vyos.rst:742
+#: ../../contributing/build-vyos.rst:782
msgid "Virtualization Platforms"
msgstr "Virtualization Platforms"
@@ -1381,7 +1409,11 @@ msgstr "Virtualization Platforms"
msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
-#: ../../contributing/build-vyos.rst:768
+#: ../../contributing/build-vyos.rst:168
+msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+
+#: ../../contributing/build-vyos.rst:808
msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
@@ -1389,19 +1421,19 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst
msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
-#: ../../contributing/build-vyos.rst:600
+#: ../../contributing/build-vyos.rst:640
msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:"
msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:"
-#: ../../contributing/testing.rst:24
+#: ../../contributing/testing.rst:25
msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
-#: ../../contributing/build-vyos.rst:349
+#: ../../contributing/build-vyos.rst:389
msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
-#: ../../contributing/build-vyos.rst:341
+#: ../../contributing/build-vyos.rst:381
msgid "We now need to mount some required, volatile filesystems"
msgstr "We now need to mount some required, volatile filesystems"
@@ -1425,7 +1457,7 @@ msgstr "What was the configuration prior to the change?"
msgid "What were you attempting to achieve?"
msgstr "What were you attempting to achieve?"
-#: ../../contributing/testing.rst:34
+#: ../../contributing/testing.rst:35
msgid "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
msgstr "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
@@ -1437,7 +1469,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is
msgid "When modifying the source code, remember these rules of the legacy elimination campaign:"
msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:"
-#: ../../contributing/build-vyos.rst:241
+#: ../../contributing/build-vyos.rst:281
msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
@@ -1449,7 +1481,7 @@ msgstr "When writing a new configuration migrator it may happen that you see an
msgid "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
msgstr "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
-#: ../../contributing/testing.rst:108
+#: ../../contributing/testing.rst:109
msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
@@ -1490,11 +1522,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was
msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
-#: ../../contributing/build-vyos.rst:827
+#: ../../contributing/build-vyos.rst:867
msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
-#: ../../contributing/build-vyos.rst:109
+#: ../../contributing/build-vyos.rst:175
msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
@@ -1506,7 +1538,7 @@ msgstr "You can type ``help`` to get an overview of the available commands, and
msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
-#: ../../contributing/build-vyos.rst:430
+#: ../../contributing/build-vyos.rst:470
msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
@@ -1526,7 +1558,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your
msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
-#: ../../contributing/testing.rst:106
+#: ../../contributing/testing.rst:107
msgid "..."
msgstr "..."
@@ -1582,7 +1614,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi
msgid "``set``"
msgstr "``set``"
-#: ../../contributing/build-vyos.rst:427
+#: ../../contributing/build-vyos.rst:467
msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
diff --git a/docs/_locale/de/copyright.pot b/docs/_locale/de/copyright.pot
index d5d53a50..be71d158 100644
--- a/docs/_locale/de/copyright.pot
+++ b/docs/_locale/de/copyright.pot
@@ -13,8 +13,8 @@ msgid "Copyright Notice"
msgstr "Copyright Notice"
#: ../../copyright.md:3
-msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors"
-msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors"
+msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors"
+msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors"
#: ../../copyright.md:9
msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one."
diff --git a/docs/_locale/de/index.pot b/docs/_locale/de/index.pot
index 7c2896bd..85da659d 100644
--- a/docs/_locale/de/index.pot
+++ b/docs/_locale/de/index.pot
@@ -12,23 +12,23 @@ msgstr ""
msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
-#: ../../index.rst:70
+#: ../../index.rst:72
msgid "Adminguide"
msgstr "Adminguide"
-#: ../../index.rst:31
+#: ../../index.rst:33
msgid "Automate"
msgstr "Automate"
-#: ../../index.rst:23
+#: ../../index.rst:25
msgid "Configuration and Operation"
msgstr "Configuration and Operation"
-#: ../../index.rst:44
+#: ../../index.rst:46
msgid "Contribute and Community"
msgstr "Contribute and Community"
-#: ../../index.rst:83
+#: ../../index.rst:85
msgid "Development"
msgstr "Development"
@@ -36,31 +36,31 @@ msgstr "Development"
msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
-#: ../../index.rst:38
+#: ../../index.rst:40
msgid "Examples"
msgstr "Examples"
-#: ../../index.rst:61
+#: ../../index.rst:63
msgid "First Steps"
msgstr "First Steps"
-#: ../../index.rst:11
+#: ../../index.rst:12
msgid "Get / Build VyOS"
msgstr "Get / Build VyOS"
-#: ../../index.rst:40
+#: ../../index.rst:42
msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
-#: ../../index.rst:16
+#: ../../index.rst:18
msgid "Install VyOS"
msgstr "Install VyOS"
-#: ../../index.rst:33
+#: ../../index.rst:35
msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
-#: ../../index.rst:96
+#: ../../index.rst:98
msgid "Misc"
msgstr "Misc"
@@ -68,11 +68,11 @@ msgstr "Misc"
msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
-#: ../../index.rst:13
+#: ../../index.rst:15
msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
-#: ../../index.rst:18
+#: ../../index.rst:20
msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
@@ -80,7 +80,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:
msgid "There are many ways to contribute to the project."
msgstr "There are many ways to contribute to the project."
-#: ../../index.rst:25
+#: ../../index.rst:27
msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
diff --git a/docs/_locale/de/installation.pot b/docs/_locale/de/installation.pot
index 55dbd7c8..6adeb7fe 100644
--- a/docs/_locale/de/installation.pot
+++ b/docs/_locale/de/installation.pot
@@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project."
msgid "**Early Production Access**"
msgstr "**Early Production Access**"
-#: ../../installation/install.rst:538
+#: ../../installation/install.rst:541
msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
@@ -56,7 +56,7 @@ msgstr "**Release Candidate**"
msgid "**Requirements**"
msgstr "**Requirements**"
-#: ../../installation/install.rst:543
+#: ../../installation/install.rst:546
msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
@@ -128,37 +128,35 @@ msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs"
msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 custom VyOS powder coat"
msgstr "APU4 custom VyOS powder coat"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop back"
msgstr "APU4 desktop back"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop closed"
msgstr "APU4 desktop closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack closed"
msgstr "APU4 rack closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack front"
msgstr "APU4 rack front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #1"
msgstr "APU4 rack module #1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #2"
msgstr "APU4 rack module #2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #3 with PSU"
msgstr "APU4 rack module #3 with PSU"
@@ -166,7 +164,7 @@ msgstr "APU4 rack module #3 with PSU"
msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
-#: ../../installation/install.rst:487
+#: ../../installation/install.rst:490
msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
@@ -234,7 +232,7 @@ msgstr "After installation - exit from the console using the key combination ``C
msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
-#: ../../installation/update.rst:81
+#: ../../installation/update.rst:88
msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
@@ -262,7 +260,7 @@ msgstr "An IP address"
msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
-#: ../../installation/install.rst:551
+#: ../../installation/install.rst:554
msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
@@ -338,7 +336,7 @@ msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected
msgid "Bits per second : 9600"
msgstr "Bits per second : 9600"
-#: ../../installation/install.rst:580
+#: ../../installation/install.rst:583
msgid "Black screen on install"
msgstr "Black screen on install"
@@ -358,39 +356,39 @@ msgstr "Building from source"
msgid "CLI"
msgstr "CLI"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Back"
msgstr "CSE-505-203B Back"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Front"
msgstr "CSE-505-203B Front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 1"
msgstr "CSE-505-203B Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 2"
msgstr "CSE-505-203B Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 3"
msgstr "CSE-505-203B Open 3"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open"
msgstr "CSE-505-203B w/ 10GE Open"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 1"
msgstr "CSE-505-203B w/ 10GE Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 2"
msgstr "CSE-505-203B w/ 10GE Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 3"
msgstr "CSE-505-203B w/ 10GE Open 3"
@@ -455,7 +453,7 @@ msgstr "Click to ``Instances`` and ``Launch Instance``"
msgid "Click to your new vm and find out your Public IP address."
msgstr "Click to your new vm and find out your Public IP address."
-#: ../../installation/install.rst:562
+#: ../../installation/install.rst:565
msgid "Client Boot"
msgstr "Client Boot"
@@ -491,7 +489,7 @@ msgstr "Configure Security Group. It's recommended that you configure ssh access
msgid "Configure a DHCP server to provide the client with:"
msgstr "Configure a DHCP server to provide the client with:"
-#: ../../installation/install.rst:476
+#: ../../installation/install.rst:479
msgid "Configure a TFTP server so that it serves the following:"
msgstr "Configure a TFTP server so that it serves the following:"
@@ -525,11 +523,8 @@ msgid "Connect to the instance by SSH key."
msgstr "Connect to the instance by SSH key."
#: ../../installation/cloud/index.rst:7
-#: ../../installation/cloud/index.rst:7
-#: ../../installation/index.rst:7
#: ../../installation/index.rst:7
#: ../../installation/virtual/index.rst:5
-#: ../../installation/virtual/index.rst:5
msgid "Content"
msgstr "Content"
@@ -649,7 +644,7 @@ msgstr "Disable XHCI"
msgid "Disk size"
msgstr "Disk size"
-#: ../../installation/install.rst:547
+#: ../../installation/install.rst:550
msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
@@ -727,15 +722,10 @@ msgid "Every version is contained in its own squashfs image that is mounted in a
msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts."
#: ../../installation/install.rst:17
-#: ../../installation/install.rst:17
-#: ../../installation/install.rst:21
#: ../../installation/install.rst:21
#: ../../installation/install.rst:25
-#: ../../installation/install.rst:25
-#: ../../installation/install.rst:29
#: ../../installation/install.rst:29
#: ../../installation/install.rst:33
-#: ../../installation/install.rst:33
#: ../../installation/install.rst:37
msgid "Everyone"
msgstr "Everyone"
@@ -752,11 +742,11 @@ msgstr "Example"
msgid "Example:"
msgstr "Example:"
-#: ../../installation/install.rst:519
+#: ../../installation/install.rst:522
msgid "Example of simple (no menu) configuration file:"
msgstr "Example of simple (no menu) configuration file:"
-#: ../../installation/install.rst:499
+#: ../../installation/install.rst:502
msgid "Example of the contents of the TFTP server:"
msgstr "Example of the contents of the TFTP server:"
@@ -768,7 +758,7 @@ msgstr "Extension Modules"
msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
-#: ../../installation/install.rst:564
+#: ../../installation/install.rst:567
msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
@@ -816,7 +806,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c
msgid "GPG verification"
msgstr "GPG verification"
-#: ../../installation/install.rst:582
+#: ../../installation/install.rst:585
msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
@@ -964,7 +954,7 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration
msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
-#: ../../installation/install.rst:491
+#: ../../installation/install.rst:494
msgid "In the example we configured our existent VyOS as the TFTP server too:"
msgstr "In the example we configured our existent VyOS as the TFTP server too:"
@@ -985,7 +975,7 @@ msgstr "Installation"
msgid "Installation and Image Management"
msgstr "Installation and Image Management"
-#: ../../installation/install.rst:594
+#: ../../installation/install.rst:597
msgid "Installation can then continue as outlined above."
msgstr "Installation can then continue as outlined above."
@@ -1021,7 +1011,7 @@ msgstr "It is advised that VyOS routers are configured in a resource group with
msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
-#: ../../installation/install.rst:575
+#: ../../installation/install.rst:578
msgid "Known Issues"
msgstr "Known Issues"
@@ -1057,7 +1047,7 @@ msgstr "Live installation"
msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)"
msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)"
-#: ../../installation/install.rst:555
+#: ../../installation/install.rst:558
msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
@@ -1138,7 +1128,7 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po
msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
-#: ../../installation/install.rst:569
+#: ../../installation/install.rst:572
msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
@@ -1462,11 +1452,11 @@ msgstr "Stayed in this stage. This is because the KVM console is chosen as the d
msgid "Step 1: DHCP"
msgstr "Step 1: DHCP"
-#: ../../installation/install.rst:474
+#: ../../installation/install.rst:477
msgid "Step 2: TFTP"
msgstr "Step 2: TFTP"
-#: ../../installation/install.rst:531
+#: ../../installation/install.rst:534
msgid "Step 3: HTTP"
msgstr "Step 3: HTTP"
@@ -1498,11 +1488,11 @@ msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be u
msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
-#: ../../installation/install.rst:479
+#: ../../installation/install.rst:482
msgid "The *ldlinux.c32* file from the Syslinux distribution"
msgstr "The *ldlinux.c32* file from the Syslinux distribution"
-#: ../../installation/install.rst:478
+#: ../../installation/install.rst:481
msgid "The *pxelinux.0* file from the Syslinux distribution"
msgstr "The *pxelinux.0* file from the Syslinux distribution"
@@ -1582,7 +1572,7 @@ msgstr "The image will be loaded and the last lines you will get will be:"
msgid "The import can be verified with:"
msgstr "The import can be verified with:"
-#: ../../installation/install.rst:483
+#: ../../installation/install.rst:486
msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
@@ -1590,7 +1580,7 @@ msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *ini
msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
-#: ../../installation/install.rst:480
+#: ../../installation/install.rst:483
msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
@@ -1598,7 +1588,7 @@ msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz
msgid "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
-#: ../../installation/update.rst:76
+#: ../../installation/update.rst:83
msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
@@ -1618,7 +1608,7 @@ msgstr "The system is fully operational."
msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
-#: ../../installation/install.rst:587
+#: ../../installation/install.rst:590
msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
@@ -1663,7 +1653,7 @@ msgstr "This guide was developed using an APU4C4 board with the following specs:
msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
-#: ../../installation/install.rst:577
+#: ../../installation/install.rst:580
msgid "This is a list of known issues that can arise during installation."
msgstr "This is a list of known issues that can arise during installation."
@@ -1695,6 +1685,10 @@ msgstr "To turn the template into a working VyOS machine, further steps are nece
msgid "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
+#: ../../installation/update.rst:81
+msgid "To use the `latest` option the \"system update-check url\" must be configured."
+msgstr "To use the `latest` option the \"system update-check url\" must be configured."
+
#: ../../installation/install.rst:248
msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
@@ -1827,7 +1821,7 @@ msgstr "Wait until you get the outcome (bytes copied). Be patient, in some compu
msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
-#: ../../installation/install.rst:533
+#: ../../installation/install.rst:536
msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
@@ -1879,6 +1873,10 @@ msgstr "You can go back to your Vyatta install using the ``set system image defa
msgid "You can now proceed with a regular image installation as described in :ref:`installation`."
msgstr "You can now proceed with a regular image installation as described in :ref:`installation`."
+#: ../../installation/update.rst:75
+msgid "You can use ``latest`` option. It loads the latest available Rolling release."
+msgstr "You can use ``latest`` option. It loads the latest available Rolling release."
+
#: ../../installation/migrate-from-vyatta.rst:28
msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
@@ -1923,7 +1921,7 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.
msgid "``gpg --recv-keys FD220285A0FE6D7E``"
msgstr "``gpg --recv-keys FD220285A0FE6D7E``"
-#: ../../installation/install.rst:590
+#: ../../installation/install.rst:593
msgid "`console=ttyS0,115200`"
msgstr "`console=ttyS0,115200`"
@@ -1955,7 +1953,7 @@ msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-
msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
-#: ../../installation/update.rst:79
+#: ../../installation/update.rst:86
msgid "https://vyos.net/get/nightly-builds/"
msgstr "https://vyos.net/get/nightly-builds/"
@@ -1971,6 +1969,6 @@ msgstr "https://www.oracle.com/cloud/"
msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
-#: ../../installation/install.rst:592
+#: ../../installation/install.rst:595
msgid "option, and type CTRL-X to boot."
msgstr "option, and type CTRL-X to boot."
diff --git a/docs/_locale/de/quick-start.pot b/docs/_locale/de/quick-start.pot
index 1b44e87e..90903260 100644
--- a/docs/_locale/de/quick-start.pot
+++ b/docs/_locale/de/quick-start.pot
@@ -8,19 +8,19 @@ msgstr ""
"Language: de\n"
"Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n"
-#: ../../quick-start.rst:178
+#: ../../quick-start.rst:189
msgid "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
msgstr "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
-#: ../../quick-start.rst:124
+#: ../../quick-start.rst:125
msgid "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
msgstr "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
-#: ../../quick-start.rst:180
+#: ../../quick-start.rst:191
msgid "A rule to ``accept`` packets from established and related connections."
msgstr "A rule to ``accept`` packets from established and related connections."
-#: ../../quick-start.rst:181
+#: ../../quick-start.rst:192
msgid "A rule to ``drop`` packets from invalid connections."
msgstr "A rule to ``drop`` packets from invalid connections."
@@ -40,27 +40,31 @@ msgstr "After switching to :ref:`quick-start-configuration-mode` issue the follo
msgid "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
msgstr "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
-#: ../../quick-start.rst:301
+#: ../../quick-start.rst:311
msgid "Allow Access to Services"
msgstr "Allow Access to Services"
-#: ../../quick-start.rst:257
+#: ../../quick-start.rst:267
msgid "Allow Management Access"
msgstr "Allow Management Access"
-#: ../../quick-start.rst:208
+#: ../../quick-start.rst:202
msgid "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
msgstr "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
+#: ../../quick-start.rst:219
+msgid "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+msgstr "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+
#: ../../quick-start.rst:167
msgid "Apply the firewall policies:"
msgstr "Apply the firewall policies:"
-#: ../../quick-start.rst:367
+#: ../../quick-start.rst:377
msgid "As above, commit your changes, save the configuration, and exit configuration mode:"
msgstr "As above, commit your changes, save the configuration, and exit configuration mode:"
-#: ../../quick-start.rst:227
+#: ../../quick-start.rst:237
msgid "Block Incoming Traffic"
msgstr "Block Incoming Traffic"
@@ -76,7 +80,7 @@ msgstr "By default, VyOS is in operational mode, and the command prompt displays
msgid "Commit and Save"
msgstr "Commit and Save"
-#: ../../quick-start.rst:327
+#: ../../quick-start.rst:337
msgid "Commit changes, save the configuration, and exit configuration mode:"
msgstr "Commit changes, save the configuration, and exit configuration mode:"
@@ -84,19 +88,19 @@ msgstr "Commit changes, save the configuration, and exit configuration mode:"
msgid "Configuration Mode"
msgstr "Configuration Mode"
-#: ../../quick-start.rst:143
+#: ../../quick-start.rst:138
msgid "Configure Firewall Groups"
msgstr "Configure Firewall Groups"
-#: ../../quick-start.rst:162
+#: ../../quick-start.rst:157
msgid "Configure Stateful Packet Filtering"
msgstr "Configure Stateful Packet Filtering"
-#: ../../quick-start.rst:271
+#: ../../quick-start.rst:281
msgid "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
msgstr "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
-#: ../../quick-start.rst:233
+#: ../../quick-start.rst:243
msgid "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
msgstr "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
@@ -120,35 +124,35 @@ msgstr "DHCP leases will hold for one day (86400 seconds)"
msgid "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
msgstr "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
-#: ../../quick-start.rst:341
+#: ../../quick-start.rst:351
msgid "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
msgstr "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
-#: ../../quick-start.rst:281
+#: ../../quick-start.rst:291
msgid "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
msgstr "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
-#: ../../quick-start.rst:357
+#: ../../quick-start.rst:367
msgid "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
msgstr "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
-#: ../../quick-start.rst:319
+#: ../../quick-start.rst:329
msgid "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
msgstr "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
-#: ../../quick-start.rst:122
+#: ../../quick-start.rst:123
msgid "Firewall"
msgstr "Firewall"
-#: ../../quick-start.rst:263
+#: ../../quick-start.rst:273
msgid "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
msgstr "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
-#: ../../quick-start.rst:339
+#: ../../quick-start.rst:349
msgid "Hardening"
msgstr "Hardening"
-#: ../../quick-start.rst:303
+#: ../../quick-start.rst:313
msgid "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
msgstr "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
@@ -156,7 +160,11 @@ msgstr "Here we're allowing the router to respond to pings. Then, we can allow a
msgid "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
msgstr "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
-#: ../../quick-start.rst:150
+#: ../../quick-start.rst:145
+msgid "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+msgstr "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+
+#: ../../quick-start.rst:144
msgid "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
msgstr "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
@@ -164,11 +172,15 @@ msgstr "In this case, we will create two interface groups—a ``WAN`` group for
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../quick-start.rst:109
+#: ../../quick-start.rst:170
+msgid "Most installations would choose this option, and will contain:"
+msgstr "Most installations would choose this option, and will contain:"
+
+#: ../../quick-start.rst:110
msgid "NAT"
msgstr "NAT"
-#: ../../quick-start.rst:229
+#: ../../quick-start.rst:239
msgid "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
msgstr "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
@@ -180,19 +192,31 @@ msgstr "Once your configuration works as expected, you can save it permanently b
msgid "Only hosts from your internal/LAN network can use the DNS recursor"
msgstr "Only hosts from your internal/LAN network can use the DNS recursor"
-#: ../../quick-start.rst:168
+#: ../../quick-start.rst:162
msgid "Option 1: Common Chain"
msgstr "Option 1: Common Chain"
-#: ../../quick-start.rst:206
+#: ../../quick-start.rst:163
+msgid "Option 1: Global State Policies"
+msgstr "Option 1: Global State Policies"
+
+#: ../../quick-start.rst:179
+msgid "Option 2: Common/Custom Chain"
+msgstr "Option 2: Common/Custom Chain"
+
+#: ../../quick-start.rst:200
msgid "Option 2: Per-Hook Chain"
msgstr "Option 2: Per-Hook Chain"
+#: ../../quick-start.rst:217
+msgid "Option 3: Per-Hook Chain"
+msgstr "Option 3: Per-Hook Chain"
+
#: ../../quick-start.rst:5
msgid "Quick Start"
msgstr "Quick Start"
-#: ../../quick-start.rst:344
+#: ../../quick-start.rst:354
msgid "Replace the default ``vyos`` system user:"
msgstr "Replace the default ``vyos`` system user:"
@@ -204,7 +228,7 @@ msgstr "Replace the default `vyos` system user:"
msgid "SSH Management"
msgstr "SSH Management"
-#: ../../quick-start.rst:350
+#: ../../quick-start.rst:360
msgid "Set up :ref:`ssh_key_based_authentication`:"
msgstr "Set up :ref:`ssh_key_based_authentication`:"
@@ -216,7 +240,7 @@ msgstr "The address range `192.168.0.2/24 - 192.168.0.8/24` will be reserved for
msgid "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
msgstr "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
-#: ../../quick-start.rst:176
+#: ../../quick-start.rst:187
msgid "The chain we will create is called ``CONN_FILTER`` and has three rules:"
msgstr "The chain we will create is called ``CONN_FILTER`` and has three rules:"
@@ -228,7 +252,7 @@ msgstr "The default gateway and DNS recursor address will be `192.168.0.1/24`"
msgid "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
msgstr "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
-#: ../../quick-start.rst:137
+#: ../../quick-start.rst:132
msgid "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
msgstr "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
@@ -236,11 +260,11 @@ msgstr "The firewall begins with the base ``filter`` tables you define for each
msgid "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
msgstr "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
-#: ../../quick-start.rst:111
+#: ../../quick-start.rst:112
msgid "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
msgstr "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
-#: ../../quick-start.rst:194
+#: ../../quick-start.rst:205
msgid "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
msgstr "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
@@ -260,31 +284,39 @@ msgstr "This chapter will guide you on how to get up to speed quickly using your
msgid "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
msgstr "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
-#: ../../quick-start.rst:145
+#: ../../quick-start.rst:140
msgid "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
msgstr "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
+#: ../../quick-start.rst:164
+msgid "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+msgstr "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+
#: ../../quick-start.rst:90
msgid "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
msgstr "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
-#: ../../quick-start.rst:170
+#: ../../quick-start.rst:181
msgid "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
msgstr "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
-#: ../../quick-start.rst:259
+#: ../../quick-start.rst:269
msgid "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
msgstr "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
-#: ../../quick-start.rst:247
+#: ../../quick-start.rst:257
msgid "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
msgstr "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
-#: ../../quick-start.rst:164
+#: ../../quick-start.rst:159
+msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+
+#: ../../quick-start.rst:158
msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
-#: ../../quick-start.rst:379
+#: ../../quick-start.rst:389
msgid "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
msgstr "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
diff --git a/docs/_locale/en/LC_MESSAGES/404.mo b/docs/_locale/en/LC_MESSAGES/404.mo
index b6b3fa40..0d3c73b8 100644
--- a/docs/_locale/en/LC_MESSAGES/404.mo
+++ b/docs/_locale/en/LC_MESSAGES/404.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/automation.mo b/docs/_locale/en/LC_MESSAGES/automation.mo
index 7229dc0c..49ed194b 100644
--- a/docs/_locale/en/LC_MESSAGES/automation.mo
+++ b/docs/_locale/en/LC_MESSAGES/automation.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/cli.mo b/docs/_locale/en/LC_MESSAGES/cli.mo
index 82443ef7..43736169 100644
--- a/docs/_locale/en/LC_MESSAGES/cli.mo
+++ b/docs/_locale/en/LC_MESSAGES/cli.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/configexamples.mo b/docs/_locale/en/LC_MESSAGES/configexamples.mo
index a63043f8..5b6b8041 100644
--- a/docs/_locale/en/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/en/LC_MESSAGES/configexamples.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.mo
index 39936707..abedbe89 100644
--- a/docs/_locale/en/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/en/LC_MESSAGES/configuration.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/contributing.mo b/docs/_locale/en/LC_MESSAGES/contributing.mo
index 48081097..ef064a92 100644
--- a/docs/_locale/en/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/en/LC_MESSAGES/contributing.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/installation.mo b/docs/_locale/en/LC_MESSAGES/installation.mo
index 9bc5bd79..19a1ac80 100644
--- a/docs/_locale/en/LC_MESSAGES/installation.mo
+++ b/docs/_locale/en/LC_MESSAGES/installation.mo
Binary files differ
diff --git a/docs/_locale/en/LC_MESSAGES/quick-start.mo b/docs/_locale/en/LC_MESSAGES/quick-start.mo
index c53f01e3..c1b5d942 100644
--- a/docs/_locale/en/LC_MESSAGES/quick-start.mo
+++ b/docs/_locale/en/LC_MESSAGES/quick-start.mo
Binary files differ
diff --git a/docs/_locale/es/404.pot b/docs/_locale/es/404.pot
index e56bbac4..b31c9bf1 100644
--- a/docs/_locale/es/404.pot
+++ b/docs/_locale/es/404.pot
@@ -25,5 +25,13 @@ msgid "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
msgstr "`1.3.x (igual)<https://docs.vyos.io/en/equuleus/> `_"
#: ../../404.rst:11
+msgid "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+msgstr "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+
+#: ../../404.rst:12
+msgid "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+msgstr "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+
+#: ../../404.rst:11
msgid "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
msgstr "`liberación rodante (sagitta)<https://docs.vyos.io/en/latest/> `_"
diff --git a/docs/_locale/es/LC_MESSAGES/404.mo b/docs/_locale/es/LC_MESSAGES/404.mo
index 15c03136..c728aabd 100644
--- a/docs/_locale/es/LC_MESSAGES/404.mo
+++ b/docs/_locale/es/LC_MESSAGES/404.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/automation.mo b/docs/_locale/es/LC_MESSAGES/automation.mo
index 34db3d0b..3298d9cf 100644
--- a/docs/_locale/es/LC_MESSAGES/automation.mo
+++ b/docs/_locale/es/LC_MESSAGES/automation.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/cli.mo b/docs/_locale/es/LC_MESSAGES/cli.mo
index e3862560..8d45db97 100644
--- a/docs/_locale/es/LC_MESSAGES/cli.mo
+++ b/docs/_locale/es/LC_MESSAGES/cli.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/configexamples.mo b/docs/_locale/es/LC_MESSAGES/configexamples.mo
index faa4acee..e22b1e9c 100644
--- a/docs/_locale/es/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/es/LC_MESSAGES/configexamples.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.mo
index 01a535c8..d0658d54 100644
--- a/docs/_locale/es/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/es/LC_MESSAGES/configuration.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/contributing.mo b/docs/_locale/es/LC_MESSAGES/contributing.mo
index 99b7207c..1f87ad10 100644
--- a/docs/_locale/es/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/es/LC_MESSAGES/contributing.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/installation.mo b/docs/_locale/es/LC_MESSAGES/installation.mo
index 9f08f6e1..1fde49bd 100644
--- a/docs/_locale/es/LC_MESSAGES/installation.mo
+++ b/docs/_locale/es/LC_MESSAGES/installation.mo
Binary files differ
diff --git a/docs/_locale/es/LC_MESSAGES/quick-start.mo b/docs/_locale/es/LC_MESSAGES/quick-start.mo
index bef277bc..0a3a4fbb 100644
--- a/docs/_locale/es/LC_MESSAGES/quick-start.mo
+++ b/docs/_locale/es/LC_MESSAGES/quick-start.mo
Binary files differ
diff --git a/docs/_locale/es/automation.pot b/docs/_locale/es/automation.pot
index af99ea18..af30a70e 100644
--- a/docs/_locale/es/automation.pot
+++ b/docs/_locale/es/automation.pot
@@ -32,22 +32,30 @@ msgstr "**datos de usuario**: incluye comandos vyos."
msgid "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
msgstr "El archivo **datos de usuario** debe comenzar con ``#cloud-config`` y contiene comandos vyos. Por ejemplo:"
-#: ../../automation/vyos-api.rst:285
+#: ../../automation/vyos-api.rst:322
msgid "/config-file"
msgstr "/archivo de configuración"
-#: ../../automation/vyos-api.rst:228
+#: ../../automation/vyos-api.rst:265
msgid "/configure"
msgstr "/configurar"
-#: ../../automation/vyos-api.rst:209
+#: ../../automation/vyos-api.rst:246
msgid "/generate"
msgstr "/generar"
-#: ../../automation/vyos-api.rst:147
+#: ../../automation/vyos-api.rst:184
msgid "/image"
msgstr "/imagen"
+#: ../../automation/vyos-api.rst:165
+msgid "/poweroff"
+msgstr "/poweroff"
+
+#: ../../automation/vyos-api.rst:147
+msgid "/reboot"
+msgstr "/reboot"
+
#: ../../automation/vyos-api.rst:129
msgid "/reset"
msgstr "/reiniciar"
@@ -56,7 +64,7 @@ msgstr "/reiniciar"
msgid "/retrieve"
msgstr "/recuperar"
-#: ../../automation/vyos-api.rst:185
+#: ../../automation/vyos-api.rst:222
msgid "/show"
msgstr "/espectáculo"
@@ -178,6 +186,34 @@ msgstr "Configuración"
msgid "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
msgstr "Los comandos de configuración se ejecutan como en una sesión de configuración normal. Por ejemplo, si desea deshabilitar un par BGP en la transición VRRP a la copia de seguridad:"
+#: ../../automation/vyos-pyvyos.rst:94
+msgid "Configure, then Delete Object"
+msgstr "Configure, then Delete Object"
+
+#: ../../automation/vyos-pyvyos.rst:141
+msgid "Configure, then Load File"
+msgstr "Configure, then Load File"
+
+#: ../../automation/vyos-pyvyos.rst:101
+msgid "Configure, then Save"
+msgstr "Configure, then Save"
+
+#: ../../automation/vyos-pyvyos.rst:108
+msgid "Configure, then Save File"
+msgstr "Configure, then Save File"
+
+#: ../../automation/vyos-pyvyos.rst:68
+msgid "Configure, then Set"
+msgstr "Configure, then Set"
+
+#: ../../automation/vyos-pyvyos.rst:85
+msgid "Configure, then Show Object"
+msgstr "Configure, then Show Object"
+
+#: ../../automation/vyos-pyvyos.rst:77
+msgid "Configure, then Show a Single Object Value"
+msgstr "Configure, then Show a Single Object Value"
+
#: ../../automation/vyos-napalm.rst:89
msgid "Content of commands.conf"
msgstr "Contenido de comandos.conf"
@@ -258,7 +294,7 @@ msgstr "Para configurar y habilitar la API, consulte :ref:`http-api`"
msgid "For example, get the addresses of a ``dum0`` interface."
msgstr "Por ejemplo, obtenga las direcciones de una interfaz ``dum0``."
-#: ../../automation/vyos-api.rst:189
+#: ../../automation/vyos-api.rst:226
msgid "For example, show which images are installed."
msgstr "Por ejemplo, muestre qué imágenes están instaladas."
@@ -270,10 +306,18 @@ msgstr "Para obtener más información sobre la fuente de datos NoCloud, visite
msgid "From cli or GUI, power on VM, and after it boots, verify configuration"
msgstr "Desde cli o GUI, encienda la VM y, después de que arranque, verifique la configuración"
+#: ../../automation/vyos-pyvyos.rst:123
+msgid "Generate Object"
+msgstr "Generate Object"
+
#: ../../automation/cloud-init.rst:268
msgid "Generate qcow image"
msgstr "Generar imagen qcow"
+#: ../../automation/vyos-pyvyos.rst:24
+msgid "Getting Started"
+msgstr "Getting Started"
+
#: ../../automation/command-scripting.rst:82
msgid "Here is a simple example:"
msgstr "Aquí hay un ejemplo simple:"
@@ -306,6 +350,10 @@ msgstr "Si necesita recopilar información de los comandos de Linux para configu
msgid "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
msgstr "Si desea programar las configuraciones en un idioma que no sea bash, puede tener los comandos de salida de su script y luego generarlos en un script bash."
+#: ../../automation/vyos-pyvyos.rst:27
+msgid "Importing and Disabling Warnings for verify=False"
+msgstr "Importing and Disabling Warnings for verify=False"
+
#: ../../automation/cloud-init.rst:298
msgid "In Proxmox server three files are going to be used for this setup:"
msgstr "En el servidor Proxmox, se utilizarán tres archivos para esta configuración:"
@@ -326,6 +374,10 @@ msgstr "En esta práctica de laboratorio, usamos la versión 1.3.0 de VyOS y con
msgid "Initial Configuration"
msgstr "Configuracion inicial"
+#: ../../automation/vyos-pyvyos.rst:47
+msgid "Initializing a VyDevice Object"
+msgstr "Initializing a VyDevice Object"
+
#: ../../automation/cloud-init.rst:180
msgid "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
msgstr "La inyección de datos de configuración no se limita a las plataformas en la nube. Los usuarios pueden emplear la fuente de datos NoCloud para inyectar datos de usuario y metadatos en plataformas de virtualización como VMware, Hyper-V y KVM."
@@ -334,6 +386,10 @@ msgstr "La inyección de datos de configuración no se limita a las plataformas
msgid "Install ``napalm-vyos`` module"
msgstr "Instalar el módulo ``napalm-vyos&#39;&#39;"
+#: ../../automation/vyos-pyvyos.rst:15
+msgid "Installation"
+msgstr "Instalación"
+
#: ../../automation/vyos-salt.rst:98
msgid "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
msgstr "Es posible configurar VyOS a través del módulo proxy netmiko_. Requiere un minion con el paquete ``python3-netmiko`` instalado que tenga una conexión a los nodos VyOS. Salt-minion tiene que comunicarse con salt master"
@@ -451,6 +507,14 @@ msgstr "Dirección IP de proximidad: **192.168.0.253/24**"
msgid "Proxmox `Cloud-init-Support`_."
msgstr "Proxmox `Cloud-init-Support`_."
+#: ../../automation/vyos-pyvyos.rst:6
+msgid "PyVyOS"
+msgstr "PyVyOS"
+
+#: ../../automation/vyos-pyvyos.rst:8
+msgid "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+msgstr "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+
#: ../../automation/cloud-init.rst:416
msgid "References"
msgstr "Referencias"
@@ -459,6 +523,10 @@ msgstr "Referencias"
msgid "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
msgstr "Elimine el cliente dhcp predeterminado en la primera interfaz y cargue otra configuración durante el primer arranque, usando cloud-init."
+#: ../../automation/vyos-pyvyos.rst:132
+msgid "Reset Object"
+msgstr "Reset Object"
+
#: ../../automation/vyos-ansible.rst:80
msgid "Run ansible"
msgstr "ejecutar ansible"
@@ -487,11 +555,11 @@ msgstr "Sal"
msgid "Salt master configuration:"
msgstr "Configuración maestra de sal:"
-#: ../../automation/vyos-api.rst:307
+#: ../../automation/vyos-api.rst:344
msgid "Save a running configuration to a file."
msgstr "Guarde una configuración en ejecución en un archivo."
-#: ../../automation/vyos-api.rst:289
+#: ../../automation/vyos-api.rst:326
msgid "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
msgstr "Guarde una configuración en ejecución en la configuración de inicio. Cuando no especifica el archivo al guardar, se guarda en ``/config/config.boot``."
@@ -503,6 +571,10 @@ msgstr "Guión vyos-napalm.py"
msgid "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
msgstr "Los scripts se ejecutan en orden alfabético. Sus nombres deben consistir completamente en letras mayúsculas y minúsculas ASCII, dígitos ASCII, guiones bajos ASCII y guiones negativos ASCII. No se permiten otros caracteres."
+#: ../../automation/vyos-pyvyos.rst:115
+msgid "Show Object"
+msgstr "Show Object"
+
#: ../../automation/command-scripting.rst:52
msgid "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
msgstr "A veces, simplemente no desea ejecutar un montón de comandos de modo operativo a través de SSH en un sistema VyOS remoto."
@@ -523,7 +595,7 @@ msgstr "Estructura de archivos"
msgid "System Defaults/Fallbacks"
msgstr "Valores predeterminados/alternativos del sistema"
-#: ../../automation/vyos-api.rst:264
+#: ../../automation/vyos-api.rst:301
msgid "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
msgstr "La API envía cada solicitud a una sesión y la confirma. Pero algunos de los componentes de VyOS, como los servidores DHCP y PPPoE, IPSec, VXLAN y otros túneles, requieren una configuración completa para la confirmación. El punto final procesará múltiples comandos cuando los pase como una lista al campo ``datos``."
@@ -535,11 +607,11 @@ msgstr "El script ``/config/scripts/vyos-postconfig-bootup.script`` se llama en
msgid "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
msgstr "El script ``/config/scripts/vyos-preconfig-bootup.script`` se llama en el arranque antes de la configuración de VyOS durante el proceso de arranque."
-#: ../../automation/vyos-api.rst:187
+#: ../../automation/vyos-api.rst:224
msgid "The ``/show`` endpoint is to show everything in the operational mode."
msgstr "El punto final ``/show`` es mostrar todo en el modo operativo."
-#: ../../automation/vyos-api.rst:211
+#: ../../automation/vyos-api.rst:248
msgid "The ``generate`` endpoint run a ``generate`` command."
msgstr "El extremo ``generar`` ejecuta un comando ``generar``."
@@ -568,7 +640,7 @@ msgstr "El archivo predeterminado se ve así:"
msgid "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
msgstr "La forma más fácil de configurar el sistema a través de los datos del usuario es la sintaxis de configuración de la nube que se describe a continuación."
-#: ../../automation/vyos-api.rst:287
+#: ../../automation/vyos-api.rst:324
msgid "The endpoint ``/config-file`` is to save or load a configuration."
msgstr "El punto final ``/config-file`` es para guardar o cargar una configuración."
@@ -604,11 +676,11 @@ msgstr "Esta sección necesita mejoras, ejemplos y explicaciones."
msgid "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
msgstr "Esto dará como resultado el siguiente mensaje de error: ``Establecimiento fallido`` Si esto sucede, se requiere reiniciar para poder editar la configuración manualmente nuevamente."
-#: ../../automation/vyos-api.rst:323
+#: ../../automation/vyos-api.rst:360
msgid "To Load a configuration file."
msgstr "Para cargar un archivo de configuración."
-#: ../../automation/vyos-api.rst:149
+#: ../../automation/vyos-api.rst:186
msgid "To add or delete an image, use the ``/image`` endpoint."
msgstr "Para agregar o eliminar una imagen, use el punto final ``/image``."
@@ -624,6 +696,10 @@ msgstr "Para obtener la configuración completa, pase una lista vacía al campo
msgid "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
msgstr "Para incluir funciones y alias específicos de VyOS, necesita archivos ``fuente /opt/vyatta/etc/functions/script-template`` en la parte superior de su secuencia de comandos."
+#: ../../automation/vyos-api.rst:149
+msgid "To initiate a reboot use the ``reboot`` endpoint."
+msgstr "To initiate a reboot use the ``reboot`` endpoint."
+
#: ../../automation/command-scripting.rst:128
msgid "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
msgstr "Para asegurarse de que una secuencia de comandos no se llame accidentalmente sin el grupo ``vyattacfg``, la secuencia de comandos se puede proteger de esta manera:"
@@ -632,6 +708,10 @@ msgstr "Para asegurarse de que una secuencia de comandos no se llame accidentalm
msgid "To only get a part of the configuration, for example ``system syslog``."
msgstr "Para obtener solo una parte de la configuración, por ejemplo ``system syslog``."
+#: ../../automation/vyos-api.rst:167
+msgid "To power off the system use the ``poweroff`` endpoint."
+msgstr "To power off the system use the ``poweroff`` endpoint."
+
#: ../../automation/cloud-init.rst:223
msgid "Troubleshooting"
msgstr "Solución de problemas"
@@ -648,6 +728,14 @@ msgstr "Datos del usuario"
msgid "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
msgstr "Datos de usuario: los datos de usuario son especificados por el usuario. Esta fuente de configuración ofrece la posibilidad de insertar cualquier comando de configuración CLI en la configuración antes del primer arranque."
+#: ../../automation/vyos-pyvyos.rst:35
+msgid "Using API Response Class"
+msgstr "Using API Response Class"
+
+#: ../../automation/vyos-pyvyos.rst:65
+msgid "Using PyVyOS"
+msgstr "Using PyVyOS"
+
#: ../../automation/cloud-init.rst:373
msgid "VM ID: in this example, VM ID used is 555."
msgstr "ID de VM: en este ejemplo, el ID de VM utilizado es 555."
@@ -736,11 +824,15 @@ msgstr "Sin proxy, requiere configuración minion de VyOS y admite datos en modo
msgid "Without proxy it requires VyOS minion configuration and supports op-mode data:"
msgstr "Sin proxy, requiere la configuración de minion de VyOS y admite datos en modo operativo:"
-#: ../../automation/vyos-api.rst:230
+#: ../../automation/vyos-pyvyos.rst:17
+msgid "You can install PyVyOS using pip:"
+msgstr "You can install PyVyOS using pip:"
+
+#: ../../automation/vyos-api.rst:267
msgid "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
msgstr "Puede pasar un comando ``set``, ``delete`` o ``comment`` al extremo ``/configure``."
-#: ../../automation/vyos-api.rst:249
+#: ../../automation/vyos-api.rst:286
msgid "``delete`` a single command"
msgstr "``borrar`` un solo comando"
@@ -748,7 +840,7 @@ msgstr "``borrar`` un solo comando"
msgid "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
msgstr "``seed.iso`` se creó previamente en el directorio ``/tmp/``. Es necesario moverlo a ``/var/lib/vz/template/iso``"
-#: ../../automation/vyos-api.rst:233
+#: ../../automation/vyos-api.rst:270
msgid "``set`` a single command"
msgstr "``establecer`` un solo comando"
@@ -764,7 +856,7 @@ msgstr "Credenciales ``vyos&#39;&#39;/``vyos&#39;&#39; si no hay otras especific
msgid "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
msgstr "``write_files``: este módulo permite insertar cualquier archivo en el sistema de archivos antes del primer arranque, por ejemplo, claves de cifrado generadas previamente, certificados o incluso un archivo ``config.boot`` completo. El formato se describe en la documentación de cloudinit `Cloud-init-write_files`_."
-#: ../../automation/vyos-api.rst:151
+#: ../../automation/vyos-api.rst:188
msgid "add an image"
msgstr "Añadir una imagen"
@@ -784,7 +876,7 @@ msgstr "cloud-init registra en /var/log/cloud-init.log. Este archivo puede ser
msgid "commands.txt"
msgstr "comandos.txt"
-#: ../../automation/vyos-api.rst:168
+#: ../../automation/vyos-api.rst:205
msgid "delete an image, for example ``1.3-rolling-202006070117``"
msgstr "borrar una imagen, por ejemplo ``1.3-rolling-202006070117``"
diff --git a/docs/_locale/es/cli.pot b/docs/_locale/es/cli.pot
index 90a77a8f..a8038b51 100644
--- a/docs/_locale/es/cli.pot
+++ b/docs/_locale/es/cli.pot
@@ -124,15 +124,19 @@ msgstr "Por ejemplo, al escribir ``sh`` seguido de la tecla ``TAB`` se completar
msgid "Get a collection of all the set commands required which led to the running configuration."
msgstr "Obtenga una colección de todos los comandos establecidos necesarios que condujeron a la configuración en ejecución."
-#: ../../cli.rst:930
+#: ../../cli.rst:933
msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
msgstr "Si está conectado de forma remota, perderá su conexión. Es posible que desee copiar primero la configuración, editarla para garantizar la conectividad y cargar la configuración editada."
-#: ../../cli.rst:916
+#: ../../cli.rst:919
msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
msgstr "En el caso de que desee eliminar completamente su configuración y restaurar la predeterminada, puede ingresar el siguiente comando en el modo de configuración:"
#: ../../cli.rst:413
+msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+
+#: ../../cli.rst:413
msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
msgstr "También es posible mostrar todos los comandos `set` dentro del modo de configuración usando :cfgcmd:`show | comandos`"
@@ -168,7 +172,7 @@ msgstr "Archivo remoto"
msgid "Rename a configuration element."
msgstr "Cambiar el nombre de un elemento de configuración."
-#: ../../cli.rst:914
+#: ../../cli.rst:917
msgid "Restore Default"
msgstr "Restaurar predeterminado"
@@ -184,7 +188,7 @@ msgstr "Cambios de reversión"
msgid "Rollback to revision N (currently requires reboot)"
msgstr "Retroceder a la revisión N (actualmente requiere reiniciar)"
-#: ../../cli.rst:881
+#: ../../cli.rst:884
msgid "Saving and loading manually"
msgstr "Guardar y cargar manualmente"
@@ -244,11 +248,11 @@ msgstr "La configuración se puede editar mediante el uso de los comandos :cfgcm
msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
msgstr "El nivel de jerarquía actual se puede cambiar con el comando :cfgcmd:`edit`."
-#: ../../cli.rst:869
+#: ../../cli.rst:872
msgid "The number of revisions don't affect the commit-archive."
msgstr "El número de revisiones no afecta el archivo de confirmación."
-#: ../../cli.rst:927
+#: ../../cli.rst:930
msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
msgstr "Entonces es posible que desee :cfgcmd:`save` para eliminar también la configuración guardada."
@@ -280,7 +284,7 @@ msgstr "Para eliminar un comentario existente de su configuración actual, espec
msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
msgstr "Use los comandos ``mostrar configuración | comando strip-private`` cuando desee ocultar datos privados. Es posible que desee hacerlo si desea compartir su configuración en el `foro`_."
-#: ../../cli.rst:892
+#: ../../cli.rst:895
msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
msgstr "Utilice este comando para cargar una configuración que reemplazará la configuración en ejecución. Defina la ubicación del archivo de configuración que se va a cargar. Puede utilizar una ruta a un archivo local, una dirección SCP, una dirección SFTP, una dirección FTP, una dirección HTTP, una dirección HTTPS o una dirección TFTP."
@@ -352,7 +356,7 @@ msgstr "Cuando está dentro del modo de configuración, no puede ejecutar direct
msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
msgstr "Cuando la salida de un comando da como resultado más líneas de las que se pueden mostrar en la pantalla de la terminal, la salida se pagina como lo indica un indicador ``:``."
-#: ../../cli.rst:886
+#: ../../cli.rst:889
msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
msgstr "Al usar el comando save_, puede agregar una ubicación específica donde almacenar su archivo de configuración. Y, cuando lo necesites, podrás cargarlo con el comando ``load``:"
@@ -364,6 +368,10 @@ msgstr "Cuando se visualiza en modo página, están disponibles los siguientes c
msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
msgstr "Ahora se encuentra en un subnivel relativo a ``interfaces ethernet eth0``, todos los comandos ejecutados a partir de este punto son relativos a este subnivel. Utilice el comando :cfgcmd:`top` o :cfgcmd:`exit` para volver a la parte superior de la jerarquía. También puede usar el comando :cfgcmd:`up` para subir solo un nivel a la vez."
+#: ../../cli.rst:370
+msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+
#: ../../cli.rst:618
msgid "You can also rename config subtrees:"
msgstr "También puede cambiar el nombre de los subárboles de configuración:"
@@ -384,15 +392,15 @@ msgstr "Puedes desplazarte hacia arriba con las teclas ``[Shift]+[PageUp]`` y de
msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
msgstr "Puede especificar el número de revisiones almacenadas en el disco. N puede estar en el rango de 0 a 65535. Cuando el número de revisiones supera el valor configurado, se elimina la revisión más antigua. La configuración predeterminada para este valor es almacenar 100 revisiones localmente."
-#: ../../cli.rst:883
+#: ../../cli.rst:886
msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
msgstr "Puede usar los comandos ``guardar`` y ``cargar`` si desea administrar manualmente archivos de configuración específicos."
-#: ../../cli.rst:871
+#: ../../cli.rst:874
msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
msgstr "Es posible que VyOS no permita la conexión segura porque no puede verificar la legitimidad del servidor remoto. Puede usar la solución a continuación para agregar rápidamente la huella digital SSH del host remoto a su archivo ``~/.ssh/known_hosts``:"
-#: ../../cli.rst:924
+#: ../../cli.rst:927
msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`commit` si desea activar los cambios."
@@ -404,6 +412,18 @@ msgstr "``b`` retrocederá una página"
msgid "``ftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``ftp://<user> :<passwd> @<host> /<dir> ``"
+#: ../../cli.rst:870
+msgid "``git+https://<user>:<passwd>@<host>/<path>``"
+msgstr "``git+https://<user>:<passwd>@<host>/<path>``"
+
+#: ../../cli.rst:864
+msgid "``http://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``http://<user>:<passwd>@<host>:/<dir>``"
+
+#: ../../cli.rst:865
+msgid "``https://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``https://<user>:<passwd>@<host>:/<dir>``"
+
#: ../../cli.rst:71
msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
msgstr "La ``flecha izquierda`` y la ``flecha derecha`` se pueden usar para desplazarse hacia la izquierda o hacia la derecha en caso de que la salida tenga líneas que excedan el tamaño del terminal."
@@ -416,11 +436,11 @@ msgstr "La tecla ``q`` se puede utilizar para cancelar la salida"
msgid "``return`` will scroll down one line"
msgstr "``return`` se desplazará una línea hacia abajo"
-#: ../../cli.rst:864
+#: ../../cli.rst:868
msgid "``scp://<user>:<passwd>@<host>:/<dir>``"
msgstr "``scp://<user> :<passwd> @<host> :/<dir> ``"
-#: ../../cli.rst:865
+#: ../../cli.rst:867
msgid "``sftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``"
@@ -428,7 +448,7 @@ msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``"
msgid "``space`` will scroll down one page"
msgstr "``espacio`` se desplazará hacia abajo una página"
-#: ../../cli.rst:867
+#: ../../cli.rst:869
msgid "``tftp://<host>/<dir>``"
msgstr "``tftp://<host> /<dir> ``"
diff --git a/docs/_locale/es/configexamples.pot b/docs/_locale/es/configexamples.pot
index 6eb69b51..7574e74f 100644
--- a/docs/_locale/es/configexamples.pot
+++ b/docs/_locale/es/configexamples.pot
@@ -211,22 +211,18 @@ msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them."
msgstr "50: Upstream, usando la red 192.0.2.0/24 asignada por ellos."
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
msgid "64496:1"
msgstr "64496:1"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
msgid "64496:100"
msgstr "64496:100"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
msgid "64496:2"
msgstr "64496:2"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
msgid "64496:50"
msgstr "64496:50"
@@ -276,7 +272,7 @@ msgstr "Una breve excursión a los VRF: esta ha sido una de las solicitudes de f
msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
msgstr "Un recurso de conexión implementado en Azure que vincula la puerta de enlace de la red virtual de Azure y la puerta de enlace de la red local que representa el dispositivo Vyos."
-#: ../../configexamples/index.rst:35
+#: ../../configexamples/index.rst:37
msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
msgstr "Se utilizará un host ``vyos-oobm`` como proxy ssh. Este host solo es necesario para la prueba de laboratorio."
@@ -322,10 +318,22 @@ msgstr "Directorio activo en el servidor de Windows"
msgid "Add (temporary) default route"
msgstr "Agregar ruta predeterminada (temporal)"
+#: ../../configexamples/ansible.rst:73
+msgid "Add all the hosts of VyOS:"
+msgstr "Add all the hosts of VyOS:"
+
+#: ../../configexamples/ansible.rst:85
+msgid "Add general variables:"
+msgstr "Add general variables:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47
msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
msgstr "Agregue el archivo de configuración del complemento LDAP `/config/auth/ldap-auth.config`"
+#: ../../configexamples/ansible.rst:99
+msgid "Add the simple playbook with the tasks for each router:"
+msgstr "Add the simple playbook with the tasks for each router:"
+
#: ../../configexamples/wan-load-balancing.rst:167
msgid "Adding a rule for the second interface"
msgstr "Agregar una regla para la segunda interfaz"
@@ -426,11 +434,15 @@ msgstr "Y mostrar todas las concesiones de DHCP"
msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig."
msgstr "Y el ``cliente`` para recibir una dirección IPv6 con autoconfiguración sin estado."
-#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None
-#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None
+#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1
msgid "Ansible Example topology image"
msgstr "Imagen de topología de ejemplo de Ansible"
+#: ../../configexamples/ansible.rst:7
+msgid "Ansible example"
+msgstr "Ansible example"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10
msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
msgstr "Cualquier información relacionada con un VRF no se intercambia entre dispositivos -o en el mismo dispositivo- por defecto, esta es una técnica llamada **VRF-Lite**."
@@ -559,6 +571,10 @@ msgstr "Cortafuegos básico"
msgid "Basic Setup (via console)"
msgstr "Configuración básica (a través de la consola)"
+#: ../../configexamples/ansible.rst:64
+msgid "Basik configuration of the ansible.cfg:"
+msgstr "Basik configuration of the ansible.cfg:"
+
#: ../../configexamples/qos.rst:74
msgid "Before the interface eth0 on router VyOS3"
msgstr "Antes de la interfaz eth0 en el enrutador VyOS3"
@@ -611,6 +627,14 @@ msgstr "Comprueba el resultado"
msgid "Check the result."
msgstr "Compruebe el resultado."
+#: ../../configexamples/ansible.rst:142
+msgid "Check the result on the vyos10 router:"
+msgstr "Check the result on the vyos10 router:"
+
+#: ../../configexamples/ansible.rst:51
+msgid "Check the version:"
+msgstr "Check the version:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164
msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
msgstr "Verificar la tabla de enrutamiento del VRF debería revelar tanto las entradas estáticas como las conectadas activas. Una prueba PING entre el Core y el enrutador remoto es una forma de validar la conectividad dentro del VRF."
@@ -619,6 +643,10 @@ msgstr "Verificar la tabla de enrutamiento del VRF debería revelar tanto las en
msgid "Checking through op-mode commands"
msgstr "Checking through op-mode commands"
+#: ../../configexamples/site-2-site-cisco.rst:71
+msgid "Cisco"
+msgstr "Cisco"
+
#: ../../configexamples/ha.rst:90
msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
msgstr "Cisco VPC Crossconnect: puertos 39 y 40 enlazados entre cada switch"
@@ -652,6 +680,7 @@ msgstr "Conclusiones"
#: ../../configexamples/ospf-unnumbered.rst:12
#: ../../configexamples/policy-based-ipsec-and-firewall.rst:47
#: ../../configexamples/segment-routing-isis.rst:24
+#: ../../configexamples/site-2-site-cisco.rst:18
msgid "Configuration"
msgstr "Configuración"
@@ -675,7 +704,7 @@ msgstr "Configuración &#39;dcsp&#39; y modelador usando QoS"
msgid "Configuration Blueprints"
msgstr "Planos de configuración"
-#: ../../configexamples/index.rst:28
+#: ../../configexamples/index.rst:30
msgid "Configuration Blueprints (autotest)"
msgstr "Configuración de blueprints (autoprueba)"
@@ -856,7 +885,7 @@ msgstr "Enrutamiento dinámico utilizado entre nodos CE y PE y peering eBGP esta
msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
msgstr "Cada interfaz está asignada a una zona. La interfaz puede ser física o virtual, como túneles (VPN, PPTP, GRE, etc.) y se tratan exactamente de la misma manera."
-#: ../../configexamples/index.rst:32
+#: ../../configexamples/index.rst:34
msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
msgstr "Cada laboratorio creará una prueba a partir de un script externo. El contenido de la página se generará, por lo que los cambios no tendrán efecto."
@@ -962,6 +991,10 @@ msgstr "Primero se debe generar e instalar una CA, un certificado de servidor y
msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
msgstr "Primero prepare nuestro enrutador VyOS para la conexión a NMP. Tenemos que configurar el protocolo SNMP y la conectividad entre el enrutador y NMP."
+#: ../../configexamples/site-2-site-cisco.rst:9
+msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+
#: ../../configexamples/ha.rst:60
msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
msgstr "Para la conexión entre sitios, estamos ejecutando un enlace WireGuard a dos enrutadores REMOTOS y usando OSPF sobre esos enlaces para distribuir rutas. Se espera que ese sitio remoto envíe tráfico desde cualquier lugar en 10.201.0.0/16"
@@ -998,6 +1031,10 @@ msgstr "De la gerencia al exterior (falla según lo previsto)"
msgid "Full configuration from all devices"
msgstr "Configuración completa desde todos los dispositivos"
+#: ../../configexamples/site-2-site-cisco.rst:23
+msgid "GRE:"
+msgstr "GRE:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19
msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
msgstr "Puede encontrar información general sobre L3VPN en el capítulo :ref:`configuration/vrf/index:L3VPN VRFs`."
@@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:"
msgid "IP Schema"
msgstr "Esquema IP"
+#: ../../configexamples/site-2-site-cisco.rst:34
+msgid "IPsec:"
+msgstr "IPsec:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85
msgid "IPv4 Network"
msgstr "Red IPv4"
@@ -1171,6 +1212,10 @@ msgstr "Al final, obtendrá un poderoso instrumento para monitorear los sistemas
msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
msgstr "Al final, terminará con algo como esta configuración. Eliminé todo excepto las secciones Firewall, Interfaces y zone-policy. Es lo suficientemente largo como está."
+#: ../../configexamples/ansible.rst:216
+msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+
#: ../../configexamples/ha.rst:154
msgid "In this case, the hardware router has a different IP, so it would be"
msgstr "En este caso, el enrutador de hardware tiene una IP diferente, por lo que sería"
@@ -1191,6 +1236,10 @@ msgstr "En este documento, nuestro proveedor ascendente nos ha asignado 203.0.11
msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
msgstr "En este ejemplo, eth0 es la interfaz principal y eth1 es la interfaz secundaria. Para proporcionar una funcionalidad de conmutación por error simple. Si eth0 falla, eth1 se hace cargo."
+#: ../../configexamples/ansible.rst:12
+msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42
msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication."
msgstr "En este ejemplo, OpenVPN se configurará con un certificado de cliente y autenticación de nombre de usuario/contraseña."
@@ -1215,6 +1264,14 @@ msgstr "Información sobre Redes Privadas Virtuales Ethernet"
msgid "Information about prefix-sid and label-operation from VyOS"
msgstr "Información sobre prefijo-sid y etiqueta-operación de VyOS"
+#: ../../configexamples/ansible.rst:37
+msgid "Install the Ansible:"
+msgstr "Install the Ansible:"
+
+#: ../../configexamples/ansible.rst:44
+msgid "Install the paramiko:"
+msgstr "Install the paramiko:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3
msgid "Inter-VRF Routing over VRF Lite"
msgstr "Enrutamiento entre VRF sobre VRF Lite"
@@ -1276,7 +1333,7 @@ msgstr "Mantener las redes aisladas es, en general, un buen principio, pero hay
msgid "L3VPN EVPN with VyOS"
msgstr "L3VPN EVPN con VyOS"
-#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None
+#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1
msgid "L3VPN EVPN with VyOS topology image"
msgstr "Imagen de topología L3VPN EVPN con VyOS"
@@ -1403,29 +1460,14 @@ msgstr "Cableado de red"
msgid "Network Topology"
msgstr "Topología de la red"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None
-#: ../../configexamples/l3vpn-hub-and-spoke.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/pppoe-ipv6-basic.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/zone-policy.rst:None
+#: ../../configexamples/ansible.rst:-1
+#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1
+#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1
+#: ../../configexamples/nmp.rst:-1
+#: ../../configexamples/pppoe-ipv6-basic.rst:-1
+#: ../../configexamples/qos.rst:-1
+#: ../../configexamples/wan-load-balancing.rst:-1
+#: ../../configexamples/zone-policy.rst:-1
msgid "Network Topology Diagram"
msgstr "Diagrama de topología de red"
@@ -1457,7 +1499,7 @@ msgstr "Nodo"
msgid "Note that router1 is a VM that runs on one of the compute nodes."
msgstr "Tenga en cuenta que el enrutador1 es una máquina virtual que se ejecuta en uno de los nodos de cómputo."
-#: ../../configexamples/pppoe-ipv6-basic.rst:111
+#: ../../configexamples/pppoe-ipv6-basic.rst:115
msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
msgstr "Tenga en cuenta que debe permitir que el enrutador reciba una respuesta DHCPv6 del ISP. Necesitamos permitir paquetes con el puerto de origen 547 (servidor) y el puerto de destino 546 (cliente)."
@@ -1554,7 +1596,7 @@ msgstr "Un cable/conexión lógica entre LAN2 y Management"
msgid "OpenVPN with LDAP"
msgstr "OpenVPN con LDAP"
-#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None
+#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1
msgid "OpenVPN with LDAP topology image"
msgstr "OpenVPN con imagen de topología LDAP"
@@ -1793,6 +1835,10 @@ msgstr "Establece la dirección IP de su interfaz LAN"
msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
msgstr "Configuración local global de BGP, también dentro del VRF. Redistribuya rutas estáticas para inyectar redes configuradas en el proceso BGP pero aún dentro del VRF."
+#: ../../configexamples/ansible.rst:10
+msgid "Setting up Ansible on a server running the Debian operating system."
+msgstr "Setting up Ansible on a server running the Debian operating system."
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51
msgid "Setup the ipv6 default route to the tunnel interface"
msgstr "Configure la ruta predeterminada ipv6 a la interfaz del túnel"
@@ -1809,6 +1855,10 @@ msgstr "De manera similar, para conectar el firewall, usaría `set interfaces et
msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
msgstr "Dado que algunos ISP desconectan la conexión continua cada 2 o 3 días, configuramos la &quot;vida útil válida&quot; en 2 días para permitir que la PC elimine gradualmente la dirección anterior."
+#: ../../configexamples/site-2-site-cisco.rst:128
+msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+
#: ../../configexamples/zone-policy.rst:236
msgid "Since we have 4 zones, we need to setup the following rulesets."
msgstr "Como tenemos 4 zonas, necesitamos configurar los siguientes conjuntos de reglas."
@@ -1821,6 +1871,10 @@ msgstr "Configuración de LAN única"
msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
msgstr "Configuración de LAN única donde eth2 es su interfaz LAN. Utilice el prefijo /64 enrutado de Tunnelbroker:"
+#: ../../configexamples/site-2-site-cisco.rst:4
+msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179
msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
msgstr "Entonces, cuando su LAN es eth1, su DMZ es eth2, sus cámaras están en eth3, etc.:"
@@ -1838,6 +1892,10 @@ msgstr "Habló"
msgid "Start by setting the interface and default action for each zone."
msgstr "Comience configurando la interfaz y la acción predeterminada para cada zona."
+#: ../../configexamples/ansible.rst:122
+msgid "Start the playbook:"
+msgstr "Start the playbook:"
+
#: ../../configexamples/zone-policy.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
@@ -1909,6 +1967,11 @@ msgstr "Fecha de prueba: 2023-05-11"
msgid "Testdate: 2023-08-31"
msgstr "Testdate: 2023-08-31"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7
+msgid "Testdate: 2024-01-13"
+msgstr "Testdate: 2024-01-13"
+
#: ../../configexamples/ha.rst:276
#: ../../configexamples/ha.rst:337
msgid "Testing"
@@ -1979,7 +2042,11 @@ msgstr "El formato de estas direcciones:"
msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
msgstr "El laboratorio que construí usa un VRF (llamado **mgmt**) para proporcionar acceso SSH fuera de banda a los enrutadores PE (Provider Edge)."
-#: ../../configexamples/index.rst:30
+#: ../../configexamples/site-2-site-cisco.rst:14
+msgid "The lab was built using EVE-NG."
+msgstr "The lab was built using EVE-NG."
+
+#: ../../configexamples/index.rst:32
msgid "The next pages contains automatic full tested configuration examples."
msgstr "Las siguientes páginas contienen ejemplos de configuración probados completamente automáticos."
@@ -1987,7 +2054,7 @@ msgstr "Las siguientes páginas contienen ejemplos de configuración probados co
msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
msgstr "El ejemplo anterior usó el comando de conmutación por error para enviar tráfico a través de eth1 si falla eth0. En este ejemplo, el orden de las reglas proporciona la funcionalidad de conmutación por error."
-#: ../../configexamples/index.rst:38
+#: ../../configexamples/index.rst:40
msgid "The process will do the following steps:"
msgstr "El proceso seguirá los siguientes pasos:"
@@ -1999,6 +2066,10 @@ msgstr "El alcance de este documento es cubrir tales casos de forma dinámica si
msgid "The setup used in this example is shown in the following diagram:"
msgstr "La configuración utilizada en este ejemplo se muestra en el siguiente diagrama:"
+#: ../../configexamples/ansible.rst:161
+msgid "The simple way without configuration of the hostname (one task for all routers):"
+msgstr "The simple way without configuration of the hostname (one task for all routers):"
+
#: ../../configexamples/ha.rst:339
msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
msgstr "La forma más sencilla de probar es mirar las estadísticas de seguimiento de la conexión en el enrutador de hardware en espera con el comando &quot;mostrar estadísticas de sincronización de conntrack&quot;. Los números deben estar muy cerca de los números del enrutador principal."
@@ -2079,6 +2150,10 @@ msgstr "Este ejemplo utiliza el modo de conmutación por error."
msgid "This gives us MPLS segment routing enabled and labels forwarding :"
msgstr "Esto nos da el enrutamiento de segmento MPLS habilitado y el reenvío de etiquetas:"
+#: ../../configexamples/site-2-site-cisco.rst:6
+msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+
#: ../../configexamples/azure-vpn-dual-bgp.rst:8
msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
msgstr "Esta guía muestra un ejemplo de una VPN de sitio a sitio IKEv2 basada en ruta redundante (activo-activo) a Azure que usa VTI y BGP para actualizaciones de enrutamiento dinámico."
@@ -2196,7 +2271,7 @@ msgstr "Transporte:"
msgid "Tunnelbroker.net (IPv6)"
msgstr "Tunnelbroker.net (IPv6)"
-#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1
msgid "Tunnelbroker topology image"
msgstr "Imagen de topología de Tunnelbroker"
@@ -2212,6 +2287,7 @@ msgstr "Se crearán dos reglas, la primera regla dirige el tráfico proveniente
msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
msgstr "A diferencia de IPv4, IPv6 realmente no está diseñado para dividirse en menos de /64. Entonces, si alguna vez desea tener múltiples LAN, VLAN, DMZ, etc., querrá ignorar el /64 asignado, solicitar el /48 y usarlo."
+#: ../../configexamples/ansible.rst:15
#: ../../configexamples/qos.rst:16
msgid "Using the general schema for example:"
msgstr "Usando el esquema general por ejemplo:"
@@ -2245,6 +2321,7 @@ msgstr "Configuración de VRRP"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829
+#: ../../configexamples/site-2-site-cisco.rst:134
msgid "Verification"
msgstr "Verificación"
@@ -2264,9 +2341,18 @@ msgid "Version: 1.4-rolling-202308240020"
msgstr "Version: 1.4-rolling-202308240020"
#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8
+msgid "Version: 1.5-rolling-202401121239"
+msgstr "Version: 1.5-rolling-202401121239"
+
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
msgid "Version: vyos-1.4-rolling-202302150317"
msgstr "Versión: vyos-1.4-rolling-202302150317"
+#: ../../configexamples/site-2-site-cisco.rst:21
+msgid "VyOS"
+msgstr "VyOS"
+
#: ../../configexamples/l3vpn-hub-and-spoke.rst:1025
msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
msgstr "VyOS-CE-HUB -------&gt; VyOS-CE1-SPOKE"
@@ -2434,6 +2520,10 @@ msgstr "Excluimos explícitamente la red ascendente principal para que el tráfi
msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
msgstr "Tenemos cuatro hosts en la red local 172.17.1.0/24. Todos los hosts están etiquetados como CS0 de forma predeterminada. Necesitamos reemplazar las etiquetas en todos los hosts excepto en vpc8. Reemplazaremos las etiquetas en el enrutador más cercano &quot;VyOS3&quot; usando las direcciones IP de las fuentes."
+#: ../../configexamples/ansible.rst:22
+msgid "We have four pre-configured routers with this configuration:"
+msgstr "We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/zone-policy.rst:25
msgid "We have three networks."
msgstr "Tenemos tres redes."
@@ -2623,15 +2713,15 @@ msgstr "compute3 - Puerto 11 de cada switch"
msgid "compute3 (VMware ESXi 6.5)"
msgstr "computar3 (VMware ESXi 6.5)"
-#: ../../configexamples/index.rst:41
+#: ../../configexamples/index.rst:43
msgid "configure each host in the lab"
msgstr "configurar cada host en el laboratorio"
-#: ../../configexamples/index.rst:40
+#: ../../configexamples/index.rst:42
msgid "create the lab on a eve-ng server"
msgstr "crear el laboratorio en un servidor eve-ng"
-#: ../../configexamples/index.rst:42
+#: ../../configexamples/index.rst:44
msgid "do some defined tests"
msgstr "hacer algunas pruebas definidas"
@@ -2652,7 +2742,7 @@ msgstr "comunidad extendida y etiqueta remota de destino específico"
msgid "first the PCA"
msgstr "primero el PCA"
-#: ../../configexamples/index.rst:44
+#: ../../configexamples/index.rst:46
msgid "generate the documentation and include files"
msgstr "generar la documentación e incluir archivos"
@@ -2664,7 +2754,7 @@ msgstr "verde usa la identificación de la tabla de enrutamiento local y VNI 400
msgid "information between PE and CE:"
msgstr "información entre PE y CE:"
-#: ../../configexamples/index.rst:43
+#: ../../configexamples/index.rst:45
msgid "optional do an upgrade to a higher version and do step 3 again."
msgstr "opcional, actualice a una versión superior y vuelva a realizar el paso 3."
@@ -2680,7 +2770,7 @@ msgstr "router2 (máquina aleatoria de 1RU con 4 NIC)"
msgid "save the output to a file and import it in nearly all openvpn clients."
msgstr "guarde el resultado en un archivo e impórtelo en casi todos los clientes de openvpn."
-#: ../../configexamples/index.rst:45
+#: ../../configexamples/index.rst:47
msgid "shutdown and destroy the lab, if there is no error"
msgstr "apagar y destruir el laboratorio, si no hay ningún error"
@@ -2700,6 +2790,22 @@ msgstr "switch2 (Conmutador Nexus de 10 gb)"
msgid "v6 pairs would be:"
msgstr "Los pares v6 serían:"
+#: ../../configexamples/ansible.rst:34
+msgid "vyos10 - 192.0.2.108"
+msgstr "vyos10 - 192.0.2.108"
+
+#: ../../configexamples/ansible.rst:31
+msgid "vyos7 - 192.0.2.105"
+msgstr "vyos7 - 192.0.2.105"
+
+#: ../../configexamples/ansible.rst:32
+msgid "vyos8 - 192.0.2.106"
+msgstr "vyos8 - 192.0.2.106"
+
+#: ../../configexamples/ansible.rst:33
+msgid "vyos9 - 192.0.2.107"
+msgstr "vyos9 - 192.0.2.107"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571
msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
msgstr "estamos usando la opción &quot;dirección de origen&quot; porque no estamos redistribuyendo las interfaces conectadas a BGP en el enrutador Core, por lo tanto, no hay una ruta de regreso y el ping fallará."
diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot
index 0f90f6ac..91efbcec 100644
--- a/docs/_locale/es/configuration.pot
+++ b/docs/_locale/es/configuration.pot
@@ -40,6 +40,10 @@ msgstr "Indicador &quot;Configuración de dirección administrada&quot;"
msgid "\"Other configuration\" flag"
msgstr "Indicador &quot;Otra configuración&quot;"
+#: ../../configuration/firewall/flowtables.rst:5
+msgid "###################ä############# Flowtables Firewall Configuration #################################"
+msgstr "###################ä############# Flowtables Firewall Configuration #################################"
+
#: ../../configuration/protocols/babel.rst:146
msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
msgstr "**1-254**: las interfaces con un número de canal interfieren con las interfaces que interfieren y las interfaces con el mismo número de canal. **interferente**: se supone que las interfaces que interfieren interfieren con todos los demás canales, excepto los canales que no interfieren. **sin interferencia**: se supone que las interfaces sin interferencia solo interfieren consigo mismas."
@@ -100,11 +104,19 @@ msgstr "**Se aplica a:** Tráfico saliente."
msgid "**Apply the traffic policy to an interface ingress or egress**."
msgstr "**Aplique la política de tráfico a la entrada o salida de una interfaz**."
+#: ../../configuration/firewall/index.rst:22
+msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+
+#: ../../configuration/firewall/index.rst:23
+msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+
#: ../../configuration/interfaces/tunnel.rst:137
msgid "**Cisco IOS Router:**"
msgstr "**Enrutador Cisco IOS:**"
-#: ../../configuration/service/pppoe-server.rst:69
+#: ../../configuration/service/pppoe-server.rst:66
msgid "**Client IP address via IP range definition**"
msgstr "**Dirección IP del cliente a través de la definición de rango de IP**"
@@ -116,56 +128,49 @@ msgstr "**Subredes de IP de cliente mediante notación CIDR**"
msgid "**Cluster-List length check**"
msgstr "**Comprobación de la longitud de la lista de clústeres**"
+#: ../../configuration/firewall/index.rst:35
+msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+
#: ../../configuration/trafficpolicy/index.rst:30
msgid "**Create a traffic policy**."
msgstr "**Cree una política de tráfico**."
+#: ../../configuration/interfaces/wwan.rst:53
#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021q.txt:97
#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../configuration/interfaces/wwan.rst:53
msgid "**DHCP(v6)**"
msgstr "**DHCP(v6)**"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
msgid "**DHCPv6 Prefix Delegation (PD)**"
msgstr "**Delegación de prefijo DHCPv6 (PD)**"
+#: ../../configuration/firewall/index.rst:41
+msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/firewall/index.rst:43
+msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/index.rst:44
+msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/bridge.rst:9
+#: ../../configuration/firewall/flowtables.rst:9
+msgid "**Documentation under development**"
+msgstr "**Documentation under development**"
+
#: ../../configuration/trafficpolicy/index.rst:169
msgid "**Ethernet (protocol, destination address or source address)**"
msgstr "**Ethernet (protocolo, dirección de destino o dirección de origen)**"
-#: ../../configuration/service/dhcp-server.rst:235
-#: ../../configuration/service/dhcp-server.rst:657
-#: ../../configuration/service/dhcp-server.rst:694
+#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/service/dhcp-server.rst:587
+#: ../../configuration/service/dhcp-server.rst:626
msgid "**Example:**"
msgstr "**Ejemplo:**"
@@ -177,10 +182,30 @@ msgstr "**Comprobación externa**"
msgid "**Firewall mark**"
msgstr "**Marca de cortafuegos**"
-#: ../../configuration/firewall/index.rst:41
+#: ../../configuration/firewall/flowtables.rst:51
+msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+
+#: ../../configuration/firewall/index.rst:152
msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
+#: ../../configuration/firewall/index.rst:58
+msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:86
+msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/index.rst:87
+msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/flowtables.rst:83
+msgid "**Hardware offload:** should be supported by the NICs used."
+msgstr "**Hardware offload:** should be supported by the NICs used."
+
#: ../../configuration/protocols/bgp.rst:94
msgid "**IGP cost check**"
msgstr "**Consulta de costos IGP**"
@@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr
msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
+#: ../../configuration/firewall/ipv4.rst:60
+#: ../../configuration/firewall/ipv6.rst:60
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+
+#: ../../configuration/firewall/bridge.rst:143
+#: ../../configuration/firewall/ipv4.rst:190
+#: ../../configuration/firewall/ipv6.rst:190
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+
#: ../../configuration/firewall/general.rst:72
msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
@@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term
msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
msgstr "**Nota importante sobre el uso de términos:** El cortafuegos utiliza los términos &quot;entrada&quot;, &quot;salida&quot; y &quot;local&quot; para la política de cortafuegos. Los usuarios experimentados con netfilter a menudo confunden `in` con una referencia a la cadena `INPUT` y `out` con la cadena `OUTPUT` de netfilter. Este no es el caso. En cambio, estos indican el uso de la cadena `FORWARD` y la interfaz de entrada o salida. La cadena &#39;INPUT&#39;, que se utiliza para el tráfico local al sistema operativo, es una referencia a &#39;local&#39; con respecto a su interfaz de entrada."
+#: ../../configuration/firewall/index.rst:48
+msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:49
+msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/trafficpolicy/index.rst:170
msgid "**Interface name**"
msgstr "**Nombre de interfaz**"
-#: ../../configuration/vpn/site2site_ipsec.rst:299
+#: ../../configuration/vpn/site2site_ipsec.rst:303
msgid "**LEFT**"
msgstr "**LEFT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:283
+#: ../../configuration/vpn/site2site_ipsec.rst:287
msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
-#: ../../configuration/interfaces/vxlan.rst:214
+#: ../../configuration/firewall/bridge.rst:48
+msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+
+#: ../../configuration/interfaces/vxlan.rst:235
msgid "**Leaf2 configuration:**"
msgstr "**Configuración hoja2:**"
-#: ../../configuration/interfaces/vxlan.rst:239
+#: ../../configuration/interfaces/vxlan.rst:260
msgid "**Leaf3 configuration:**"
msgstr "**Configuración Leaf3:**"
@@ -261,33 +309,33 @@ msgstr "**CON cheque**"
msgid "**Multi-path check**"
msgstr "**Comprobación de rutas múltiples**"
-#: ../../configuration/protocols/bgp.rst:1192
+#: ../../configuration/protocols/bgp.rst:1193
msgid "**Node1:**"
msgstr "**Nodo1:**"
-#: ../../configuration/protocols/bgp.rst:1220
+#: ../../configuration/protocols/bgp.rst:1221
msgid "**Node2:**"
msgstr "**Nodo2:**"
#: ../../configuration/protocols/ospf.rst:840
#: ../../configuration/protocols/ospf.rst:913
#: ../../configuration/protocols/ospf.rst:985
-#: ../../configuration/protocols/ospf.rst:1348
+#: ../../configuration/protocols/ospf.rst:1350
#: ../../configuration/protocols/segment-routing.rst:281
msgid "**Node 1**"
msgstr "**Nodo 1**"
#: ../../configuration/protocols/babel.rst:192
-#: ../../configuration/protocols/bgp.rst:1102
-#: ../../configuration/protocols/bgp.rst:1129
-#: ../../configuration/protocols/bgp.rst:1147
-#: ../../configuration/protocols/bgp.rst:1175
-#: ../../configuration/protocols/isis.rst:313
-#: ../../configuration/protocols/isis.rst:388
-#: ../../configuration/protocols/isis.rst:429
-#: ../../configuration/protocols/isis.rst:467
+#: ../../configuration/protocols/bgp.rst:1103
+#: ../../configuration/protocols/bgp.rst:1130
+#: ../../configuration/protocols/bgp.rst:1148
+#: ../../configuration/protocols/bgp.rst:1176
+#: ../../configuration/protocols/isis.rst:341
+#: ../../configuration/protocols/isis.rst:416
+#: ../../configuration/protocols/isis.rst:457
+#: ../../configuration/protocols/isis.rst:495
#: ../../configuration/protocols/ospf.rst:948
-#: ../../configuration/protocols/ospf.rst:1318
+#: ../../configuration/protocols/ospf.rst:1320
#: ../../configuration/protocols/rip.rst:243
#: ../../configuration/protocols/segment-routing.rst:195
msgid "**Node 1:**"
@@ -296,20 +344,20 @@ msgstr "**Nodo 1:**"
#: ../../configuration/protocols/ospf.rst:850
#: ../../configuration/protocols/ospf.rst:930
#: ../../configuration/protocols/ospf.rst:1001
-#: ../../configuration/protocols/ospf.rst:1363
+#: ../../configuration/protocols/ospf.rst:1365
#: ../../configuration/protocols/segment-routing.rst:296
msgid "**Node 2**"
msgstr "**Nodo 2**"
#: ../../configuration/protocols/babel.rst:202
-#: ../../configuration/protocols/bgp.rst:1113
-#: ../../configuration/protocols/bgp.rst:1135
-#: ../../configuration/protocols/bgp.rst:1159
-#: ../../configuration/protocols/bgp.rst:1181
-#: ../../configuration/protocols/isis.rst:324
-#: ../../configuration/protocols/isis.rst:404
-#: ../../configuration/protocols/isis.rst:483
-#: ../../configuration/protocols/ospf.rst:1327
+#: ../../configuration/protocols/bgp.rst:1114
+#: ../../configuration/protocols/bgp.rst:1136
+#: ../../configuration/protocols/bgp.rst:1160
+#: ../../configuration/protocols/bgp.rst:1182
+#: ../../configuration/protocols/isis.rst:352
+#: ../../configuration/protocols/isis.rst:432
+#: ../../configuration/protocols/isis.rst:511
+#: ../../configuration/protocols/ospf.rst:1329
#: ../../configuration/protocols/rip.rst:251
#: ../../configuration/protocols/segment-routing.rst:211
msgid "**Node 2:**"
@@ -331,15 +379,39 @@ msgstr "**Una puerta de enlace:**"
msgid "**Origin check**"
msgstr "**Comprobación de origen**"
+#: ../../configuration/firewall/index.rst:64
+msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:65
+msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/protocols/bgp.rst:125
msgid "**Peer address**"
msgstr "**Dirección de pares**"
+#: ../../configuration/firewall/index.rst:38
+msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+
#: ../../configuration/policy/examples.rst:5
msgid "**Policy definition:**"
msgstr "**Definición de la política:**"
-#: ../../configuration/service/dhcp-server.rst:450
+#: ../../configuration/firewall/index.rst:76
+msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+
+#: ../../configuration/firewall/index.rst:29
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/firewall/index.rst:28
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/service/dhcp-server.rst:391
msgid "**Primary**"
msgstr "**Primario**"
@@ -401,19 +473,19 @@ msgstr "**R2**"
msgid "**R2 Static Key**"
msgstr "**R2 Static Key**"
-#: ../../configuration/service/pppoe-server.rst:104
+#: ../../configuration/service/pppoe-server.rst:91
msgid "**RADIUS based IP pools (Framed-IP-Address)**"
msgstr "**Grupos de IP basados en RADIUS (dirección IP enmarcada)**"
-#: ../../configuration/service/pppoe-server.rst:128
+#: ../../configuration/service/pppoe-server.rst:115
msgid "**RADIUS sessions management DM/CoA**"
msgstr "**Administración de sesiones RADIUS DM/CoA**"
-#: ../../configuration/vpn/site2site_ipsec.rst:335
+#: ../../configuration/vpn/site2site_ipsec.rst:343
msgid "**RIGHT**"
msgstr "**RIGHT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:289
+#: ../../configuration/vpn/site2site_ipsec.rst:293
msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
@@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172
msgid "**Router-ID check**"
msgstr "** Verificación de ID de enrutador **"
-#: ../../configuration/protocols/igmp.rst:46
+#: ../../configuration/protocols/pim.rst:228
msgid "**Router 1**"
msgstr "**Enrutador 1**"
-#: ../../configuration/protocols/igmp.rst:74
+#: ../../configuration/protocols/pim.rst:256
msgid "**Router 2**"
msgstr "**Enrutador 2**"
-#: ../../configuration/protocols/igmp.rst:59
+#: ../../configuration/protocols/pim.rst:241
msgid "**Router 3**"
msgstr "**Enrutador 3**"
@@ -449,7 +521,7 @@ msgstr "**SW1**"
msgid "**SW2**"
msgstr "**SW2**"
-#: ../../configuration/service/dhcp-server.rst:459
+#: ../../configuration/service/dhcp-server.rst:400
msgid "**Secondary**"
msgstr "**Secundario**"
@@ -461,15 +533,19 @@ msgstr "**Configuración de IPSec**"
msgid "**Setting up the GRE tunnel**"
msgstr "**Configuración del túnel GRE**"
-#: ../../configuration/interfaces/vxlan.rst:191
+#: ../../configuration/firewall/index.rst:80
+msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/interfaces/vxlan.rst:212
msgid "**Spine1 Configuration:**"
msgstr "**Configuración de Columna Vertebral 1:**"
-#: ../../configuration/protocols/ospf.rst:1378
+#: ../../configuration/protocols/ospf.rst:1380
msgid "**Status**"
msgstr "**Estado**"
-#: ../../configuration/protocols/ospf.rst:1336
+#: ../../configuration/protocols/ospf.rst:1338
msgid "**To see the redistributed routes:**"
msgstr "**Para ver las rutas redistribuidas:**"
@@ -490,48 +566,12 @@ msgstr "**Enrutador VyOS:**"
msgid "**Weight check**"
msgstr "**Comprobación de peso**"
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
+#: ../../_include/interface-dhcp-options.txt:74
msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
msgstr "**dirección** se puede especificar varias veces, por ejemplo, 192.168.100.1 y/o 192.168.100.0/24"
#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
msgstr "**dirección** se puede especificar varias veces como dirección IPv4 y/o IPv6, por ejemplo, 192.0.2.1/24 y/o 2001:db8::1/64"
@@ -579,51 +619,19 @@ msgstr "**predeterminado**: esta área se usará para atajos solo si ABR no tien
msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
msgstr "**predeterminado**: habilite el horizonte dividido en las interfaces cableadas y deshabilite el horizonte dividido en las interfaces inalámbricas. **habilitar**: habilitar el horizonte dividido en estas interfaces. **deshabilitar**: deshabilitar el horizonte dividido en estas interfaces."
-#: ../../configuration/vpn/sstp.rst:188
+#: ../../configuration/vpn/sstp.rst:199
msgid "**deny** - deny mppe"
msgstr "**negar** - negar mppe"
-#: ../../configuration/nat/nat44.rst:201
+#: ../../configuration/nat/nat44.rst:213
msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
msgstr "**destino**: especifique a qué paquetes se aplicará la traducción, solo en función de la dirección de destino y/o el número de puerto configurado."
#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
msgstr "La dirección de la interfaz **dhcp** es recibida por DHCP desde un servidor DHCP en este segmento."
#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
msgstr "DHCPv6 recibe la dirección de la interfaz **dhcpv6** desde un servidor DHCPv6 en este segmento."
@@ -631,7 +639,7 @@ msgstr "DHCPv6 recibe la dirección de la interfaz **dhcpv6** desde un servidor
msgid "**discard:** Received packets which already contain relay information will be discarded."
msgstr "**descartar:** Se descartarán los paquetes recibidos que ya contengan información de retransmisión."
-#: ../../configuration/protocols/igmp.rst:195
+#: ../../configuration/protocols/igmp-proxy.rst:23
msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
msgstr "**descendente:** Las interfaces de red descendentes son las interfaces de distribución a las redes de destino, donde los clientes de multidifusión pueden unirse a grupos y recibir datos de multidifusión. Se deben configurar una o más interfaces descendentes."
@@ -643,7 +651,7 @@ msgstr "**exportador**: agrega paquetes en flujos y exporta registros de flujo h
msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall all-ping** afecta solo a LOCAL y siempre se comporta de la manera más restrictiva"
-#: ../../configuration/firewall/general.rst:99
+#: ../../configuration/firewall/global-options.rst:36
msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
@@ -655,6 +663,10 @@ msgstr "**reenviar:** Todos los paquetes se reenvían, la información de retran
msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
msgstr "**interfaz de entrada** - aplicable solo a :ref:`destination-nat`. Configura la interfaz que se utiliza para el tráfico interno al que se aplica la regla de traducción."
+#: ../../configuration/nat/nat44.rst:165
+msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
#: ../../configuration/interfaces/bonding.rst:161
msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
msgstr "**capa2**: utiliza XOR de direcciones MAC de hardware y campo de ID de tipo de paquete para generar el hash. la fórmula es"
@@ -739,7 +751,11 @@ msgstr "**en caso de error**: reiniciar los contenedores cuando salen con un có
msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
msgstr "**interfaz de salida** - aplicable solo a :ref:`source-nat`. Configura la interfaz que se utiliza para el tráfico externo al que se aplica esta regla de traducción."
-#: ../../configuration/vpn/sstp.rst:187
+#: ../../configuration/nat/nat44.rst:149
+msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
+#: ../../configuration/vpn/sstp.rst:198
msgid "**prefer** - ask client for mppe, if it rejects don't fail"
msgstr "**preferir** - preguntar al cliente por mppe, si lo rechaza no fallar"
@@ -751,7 +767,7 @@ msgstr "**proceso** Cuando dnssec está configurado para procesar, el comportami
msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
msgstr "**procesar sin validar** En este modo, el recursor actúa como un servidor de nombres &quot;consciente de la seguridad, que no valida&quot;, lo que significa que establecerá el bit DO en las consultas salientes y proporcionará RRsets relacionados con DNSSEC (NSEC, RRSIG) para clientes que las soliciten (mediante un DO-bit en la consulta), excepto las zonas proporcionadas a través de la configuración auth-zones. No realizará ninguna validación en este modo, ni siquiera cuando lo solicite el cliente."
-#: ../../configuration/nat/nat44.rst:169
+#: ../../configuration/nat/nat44.rst:181
msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
msgstr "**protocolo**: especifique a qué tipos de protocolos se aplica esta regla de traducción. Solo los paquetes que coinciden con el protocolo especificado reciben NAT. Por defecto, esto se aplica a `todos` los protocolos."
@@ -767,7 +783,7 @@ msgstr "**lado remoto - comandos**"
msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
msgstr "**reemplazar:** la información de retransmisión que ya está presente en un paquete se elimina y se reemplaza con el propio conjunto de información de retransmisión del enrutador."
-#: ../../configuration/vpn/sstp.rst:186
+#: ../../configuration/vpn/sstp.rst:197
msgid "**require** - ask client for mppe, if it rejects drop connection"
msgstr "**requerir**: solicitar al cliente mppe, si rechaza la conexión de caída"
@@ -779,7 +795,7 @@ msgstr "**bien**"
msgid "**setpcap**: Capability sets (from bounded or inherited set)"
msgstr "**setpcap**: conjuntos de capacidades (del conjunto acotado o heredado)"
-#: ../../configuration/nat/nat44.rst:183
+#: ../../configuration/nat/nat44.rst:195
msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
msgstr "**origen**: especifica a qué paquetes se aplica la regla de traducción de NAT según la dirección IP de origen de los paquetes y/o el puerto de origen. Solo los paquetes coincidentes se consideran para NAT."
@@ -795,7 +811,7 @@ msgstr "**sys-time**: permiso para configurar el reloj del sistema"
msgid "**transition** - Send and accept both styles of TLVs during transition."
msgstr "**transición**: envíe y acepte ambos estilos de TLV durante la transición."
-#: ../../configuration/protocols/igmp.rst:191
+#: ../../configuration/protocols/igmp-proxy.rst:19
msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
msgstr "**ascendente:** La interfaz de red ascendente es la interfaz de salida que es responsable de comunicarse con las fuentes de datos de multidifusión disponibles. Solo puede haber una interfaz ascendente."
@@ -860,25 +876,6 @@ msgid "011110"
msgstr "011110"
#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
msgid "0: Disable DAD"
msgstr "0: Disable DAD"
@@ -890,7 +887,7 @@ msgstr "0 si no está definido, lo que significa que no se actualiza."
msgid "0 if not defined."
msgstr "0 si no está definido."
-#: ../../configuration/service/dhcp-server.rst:270
+#: ../../configuration/service/dhcp-server.rst:237
#: ../../configuration/system/syslog.rst:114
#: ../../configuration/system/syslog.rst:173
#: ../../configuration/trafficpolicy/index.rst:801
@@ -898,7 +895,7 @@ msgstr "0 si no está definido."
msgid "1"
msgstr "1"
-#: ../../configuration/nat/nat44.rst:588
+#: ../../configuration/nat/nat44.rst:612
msgid "1-to-1 NAT"
msgstr "NAT 1 a 1"
@@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s"
msgid "11"
msgstr "11"
-#: ../../configuration/service/dhcp-server.rst:352
+#: ../../configuration/service/dhcp-server.rst:319
msgid "119"
msgstr "119"
@@ -963,11 +960,11 @@ msgstr "119"
msgid "12"
msgstr "12"
-#: ../../configuration/service/dhcp-server.rst:357
+#: ../../configuration/service/dhcp-server.rst:324
msgid "121, 249"
msgstr "121, 249"
-#: ../../configuration/service/dhcp-server.rst:337
+#: ../../configuration/service/dhcp-server.rst:304
#: ../../configuration/system/syslog.rst:138
#: ../../configuration/trafficpolicy/index.rst:870
msgid "13"
@@ -979,7 +976,7 @@ msgstr "13"
msgid "14"
msgstr "14"
-#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:264
#: ../../configuration/system/syslog.rst:142
#: ../../configuration/trafficpolicy/index.rst:866
msgid "15"
@@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 a 172.31.255.255 (CIDR: 172.16.0.0/12)"
msgid "18"
msgstr "18"
-#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:269
#: ../../configuration/system/syslog.rst:150
msgid "19"
msgstr "19"
@@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 a 192.168.255.255 (CIDR: 192.168.0.0/16)"
msgid "1. Create an event handler"
msgstr "1. Crea un controlador de eventos"
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
+#: ../../configuration/firewall/flowtables.rst:144
+msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+
#: ../../_include/interface-ipv6.txt:80
msgid "1: Enable DAD (default)"
msgstr "1: Enable DAD (default)"
@@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)"
msgid "1 if not defined."
msgstr "1 si no está definido."
-#: ../../configuration/service/dhcp-server.rst:276
+#: ../../configuration/service/dhcp-server.rst:243
#: ../../configuration/system/syslog.rst:116
#: ../../configuration/system/syslog.rst:178
#: ../../configuration/trafficpolicy/index.rst:799
@@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s"
msgid "2500 - 2.5 GBit/s"
msgstr "2500 - 2,5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dhcp-server.rst:329
msgid "252"
msgstr "252"
@@ -1097,30 +1079,15 @@ msgstr "Soporte 2FA OTP"
msgid "2. Add regex to the script"
msgstr "2. Agregue expresiones regulares al script"
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
+#: ../../configuration/firewall/flowtables.rst:148
+msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+
#: ../../_include/interface-ipv6.txt:81
msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
-#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:249
#: ../../configuration/system/syslog.rst:118
#: ../../configuration/system/syslog.rst:181
#: ../../configuration/trafficpolicy/index.rst:797
@@ -1148,7 +1115,7 @@ msgstr "38"
msgid "3. Add a full path to the script"
msgstr "3. Agregue una ruta completa al script"
-#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:254
#: ../../configuration/system/syslog.rst:120
#: ../../configuration/system/syslog.rst:183
#: ../../configuration/trafficpolicy/index.rst:795
@@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s"
msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
msgstr "Los canales de 40 MHz pueden cambiar sus canales primarios y secundarios si es necesario o la creación de un canal de 40 MHz puede rechazarse en función de los BSS superpuestos. Estos cambios se realizan automáticamente cuando hostapd está configurando el canal de 40 MHz."
-#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:274
msgid "42"
msgstr "42"
-#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:279
msgid "44"
msgstr "44"
@@ -1180,6 +1147,10 @@ msgstr "46"
msgid "4. Add optional parameters"
msgstr "4. Agregar parámetros opcionales"
+#: ../../configuration/firewall/flowtables.rst:153
+msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+
#: ../../configuration/system/syslog.rst:122
#: ../../configuration/system/syslog.rst:185
#: ../../configuration/trafficpolicy/index.rst:793
@@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s"
msgid "5000 - 5 GBit/s"
msgstr "5000 - 5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:284
msgid "54"
msgstr "54"
+#: ../../configuration/firewall/flowtables.rst:157
+msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+
#: ../../configuration/highavailability/index.rst:257
#: ../../configuration/highavailability/index.rst:288
msgid "5 if not defined."
msgstr "5 si no está definido."
-#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:259
#: ../../configuration/system/syslog.rst:124
#: ../../configuration/system/syslog.rst:189
#: ../../configuration/trafficpolicy/index.rst:791
@@ -1212,7 +1187,7 @@ msgstr "5 si no está definido."
msgid "6"
msgstr "6"
-#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:294
msgid "66"
msgstr "66"
@@ -1220,14 +1195,18 @@ msgstr "66"
msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
msgstr "El 66% del tráfico se enruta a eth0, eth1 obtiene el 33% del tráfico."
-#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:299
msgid "67"
msgstr "67"
-#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:309
msgid "69"
msgstr "69"
+#: ../../configuration/firewall/flowtables.rst:161
+msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+
#: ../../configuration/interfaces/tunnel.rst:81
msgid "6in4 (SIT)"
msgstr "6 en 4 (SENTADO)"
@@ -1243,7 +1222,7 @@ msgstr "6in4 usa túneles para encapsular el tráfico IPv6 sobre enlaces IPv4 co
msgid "7"
msgstr "7"
-#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:314
msgid "70"
msgstr "70"
@@ -1252,11 +1231,6 @@ msgid "8"
msgstr "8"
#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
msgstr "Las interfaces VLAN 802.1q se representan como subinterfaces virtuales en VyOS. El término utilizado para esto es ``vif``."
@@ -1325,22 +1299,31 @@ msgstr "<x.x.x.x>-<x.x.x.x> : rango de IP para coincidir."
msgid "<x.x.x.x>: IP address to match."
msgstr "<x.x.x.x>: dirección IP para hacer coincidir."
+#: ../../configuration/pki/index.rst:252
+msgid "ACME"
+msgstr "ACME"
+
+#: ../../configuration/pki/index.rst:281
+msgid "ACME Directory Resource URI."
+msgstr "ACME Directory Resource URI."
+
+#: ../../configuration/service/https.rst:59
+msgid "API"
+msgstr "API"
+
#: ../../configuration/protocols/static.rst:150
msgid "ARP"
msgstr "ARP"
-#: ../../configuration/firewall/general.rst:302
-#: ../../configuration/firewall/general-legacy.rst:257
+#: ../../configuration/firewall/groups.rst:129
msgid "A **domain group** represents a collection of domains."
msgstr "Un **grupo de dominio** representa una colección de dominios."
-#: ../../configuration/firewall/general.rst:284
-#: ../../configuration/firewall/general-legacy.rst:242
+#: ../../configuration/firewall/groups.rst:111
msgid "A **mac group** represents a collection of mac addresses."
msgstr "Un **grupo mac** representa una colección de direcciones mac."
-#: ../../configuration/firewall/general.rst:259
-#: ../../configuration/firewall/general-legacy.rst:217
+#: ../../configuration/firewall/groups.rst:86
msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
msgstr "Un **grupo de puertos** representa solo números de puerto, no el protocolo. Se puede hacer referencia a los grupos de puertos para TCP o UDP. Se recomienda que los grupos TCP y UDP se creen por separado para evitar el filtrado accidental de puertos innecesarios. Los rangos de puertos se pueden especificar usando `-`."
@@ -1368,7 +1351,7 @@ msgstr "Un túnel GRE opera en la capa 3 del modelo OSI y está representado por
msgid "A Rule-Set can be applied to every interface:"
msgstr "Se puede aplicar un conjunto de reglas a cada interfaz:"
-#: ../../configuration/service/dhcp-server.rst:631
+#: ../../configuration/service/dhcp-server.rst:561
msgid "A SNTP server address can be specified for DHCPv6 clients."
msgstr "Se puede especificar una dirección de servidor SNTP para clientes DHCPv6."
@@ -1380,11 +1363,11 @@ msgstr "Se crea un dispositivo VRF con una tabla de rutas asociada. Luego, las i
msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
msgstr "Un túnel VyOS GRE puede transportar tráfico IPv4 e IPv6 y también se puede crear sobre IPv4 (gre) o IPv6 (ip6gre)."
-#: ../../configuration/service/dns.rst:149
+#: ../../configuration/service/dns.rst:162
msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
msgstr "Se requiere un enrutador VyOS con dos interfaces, eth0 (WAN) y eth1 (LAN), para implementar una configuración de DNS de horizonte dividido para example.com."
-#: ../../configuration/service/dhcp-server.rst:603
+#: ../../configuration/service/dhcp-server.rst:533
msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
msgstr "Se puede configurar un dominio :abbr:`NIS (Servicio de información de red)` para que se use con clientes DHCPv6."
@@ -1392,7 +1375,7 @@ msgstr "Se puede configurar un dominio :abbr:`NIS (Servicio de información de r
msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
msgstr "Una configuración básica requiere un origen de túnel (dirección de origen), un destino de túnel (remoto), un tipo de encapsulación (gre) y una dirección (ipv4/ipv6). A continuación se muestra un ejemplo de configuración básica de solo IPv4 tomado de un enrutador VyOS y un enrutador Cisco IOS. La principal diferencia entre estas dos configuraciones es que VyOS requiere que configure explícitamente el tipo de encapsulación. El enrutador de Cisco tiene como valor predeterminado IP GRE; de lo contrario, también tendría que configurarse."
-#: ../../configuration/firewall/zone.rst:54
+#: ../../configuration/firewall/zone.rst:73
msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
@@ -1413,7 +1396,7 @@ msgstr "Un ejemplo común es el caso de algunas políticas que, para ser efectiv
msgid "A complete LDAP auth OpenVPN configuration could look like the following example:"
msgstr "Una configuración OpenVPN de autenticación LDAP completa podría parecerse al siguiente ejemplo:"
-#: ../../configuration/vpn/sstp.rst:323
+#: ../../configuration/vpn/sstp.rst:335
msgid "A connection attempt will be shown as:"
msgstr "Un intento de conexión se mostrará como:"
@@ -1433,7 +1416,7 @@ msgstr "Un grupo deshabilitado se eliminará del proceso VRRP y su enrutador no
msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
msgstr "Un nombre de dominio es la etiqueta (nombre) asignada a una red informática y, por lo tanto, es única. VyOS agrega el nombre de dominio como sufijo a cualquier nombre no calificado. Por ejemplo, si configura el nombre de dominio `example.com` y hace ping al nombre no calificado de `crux`, entonces VyOS califica el nombre como `crux.example.com`."
-#: ../../configuration/nat/nat44.rst:685
+#: ../../configuration/nat/nat44.rst:709
msgid "A dummy interface for the provider-assigned IP;"
msgstr "Una interfaz ficticia para la IP asignada por el proveedor;"
@@ -1445,7 +1428,7 @@ msgstr "Una marca de firewall ``fwmark`` permite usar múltiples puertos para un
msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
msgstr "Puede encontrar un ejemplo completo de una configuración de Tunnelbroker.net en :ref:`aquí<examples-tunnelbroker-ipv6> `."
-#: ../../configuration/service/dhcp-server.rst:187
+#: ../../configuration/service/dhcp-server.rst:152
msgid "A generic `<name>` referencing this sync service."
msgstr "Un genérico `<name> ` que hace referencia a este servicio de sincronización."
@@ -1489,6 +1472,10 @@ msgstr "Se presenta una nueva interfaz ``Port-channel1``, toda la configuración
msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
msgstr "Se puede establecer un límite de tasa de paquetes para que una regla aplique la regla al tráfico por encima o por debajo de un umbral específico. Para configurar el uso de limitación de velocidad:"
+#: ../../configuration/firewall/flowtables.rst:44
+msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+
#: ../../configuration/protocols/bgp.rst:698
msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
msgstr "Se impone una penalización de 1000 cada vez que falla la ruta. Cuando las sanciones alcanzan un umbral predefinido (valor de supresión), el enrutador deja de anunciar la ruta."
@@ -1497,12 +1484,12 @@ msgstr "Se impone una penalización de 1000 cada vez que falla la ruta. Cuando l
msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
msgstr "Se requiere una interfaz física para conectar esta instancia de MACsec. El tráfico que sale de esta interfaz ahora se autenticará/encriptará."
-#: ../../configuration/nat/nat44.rst:360
+#: ../../configuration/nat/nat44.rst:374
msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"
msgstr "Se puede definir un grupo de direcciones usando un guión entre dos direcciones IP:"
-#: ../../configuration/firewall/general.rst:761
-#: ../../configuration/firewall/general-legacy.rst:506
+#: ../../configuration/firewall/ipv4.rst:485
+#: ../../configuration/firewall/ipv6.rst:491
msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."
msgstr "Un puerto se puede configurar con un número de puerto o un nombre que se define aquí: ``/etc/services``."
@@ -1536,23 +1523,14 @@ msgid "A segment ID that contains an IP address prefix calculated by an IGP in t
msgstr "Un ID de segmento que contiene un prefijo de dirección IP calculado por un IGP en la red principal del proveedor de servicios. Los SID de prefijo son únicos globalmente, este valor lo identifica"
#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
msgstr "Una estación de envío (computadora o conmutador de red) puede estar transmitiendo datos más rápido de lo que el otro extremo del enlace puede aceptarlos. Mediante el control de flujo, la estación receptora puede señalar al remitente solicitando la suspensión de las transmisiones hasta que el receptor se ponga al día."
-#: ../../configuration/service/dhcp-server.rst:659
+#: ../../configuration/service/dhcp-server.rst:589
msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
msgstr "Una red compartida llamada ``NET1`` sirve a la subred ``2001:db8::/64``"
-#: ../../configuration/protocols/bgp.rst:1145
+#: ../../configuration/protocols/bgp.rst:1146
msgid "A simple BGP configuration via IPv6."
msgstr "Una configuración BGP simple a través de IPv6."
@@ -1560,7 +1538,7 @@ msgstr "Una configuración BGP simple a través de IPv6."
msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
msgstr "Una política simple de detección temprana aleatoria (RED) comenzaría a descartar aleatoriamente paquetes de una cola antes de que alcance su límite de cola, evitando así la congestión. Eso es bueno para las conexiones TCP, ya que la eliminación gradual de paquetes actúa como una señal para que el remitente disminuya su velocidad de transmisión."
-#: ../../configuration/protocols/bgp.rst:1100
+#: ../../configuration/protocols/bgp.rst:1101
msgid "A simple eBGP configuration:"
msgstr "Una configuración sencilla de eBGP:"
@@ -1572,6 +1550,14 @@ msgstr "Un ejemplo simple de Shaper usando prioridades."
msgid "A simple example of an FQ-CoDel policy working inside a Shaper one."
msgstr "Un ejemplo simple de una política FQ-CoDel que funciona dentro de una de Shaper."
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+
#: ../../configuration/nat/nat66.rst:28
msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
msgstr "Una sola red interna y red externa. Utilice el dispositivo NAT66 para conectar una única red interna y una red pública, y los hosts de la red interna utilizan prefijos de dirección IPv6 que solo admiten el enrutamiento dentro del rango local. Cuando un host en la red interna accede a la red externa, el dispositivo NAT66 convertirá el prefijo de dirección IPv6 de origen en el mensaje en un prefijo de dirección IPv6 de unidifusión global."
@@ -1584,11 +1570,11 @@ msgstr "Una estación actúa como un cliente Wi-Fi accediendo a la red a través
msgid "A sync group allows VRRP groups to transition together."
msgstr "Un grupo de sincronización permite que los grupos VRRP realicen la transición juntos."
-#: ../../configuration/protocols/ospf.rst:1316
+#: ../../configuration/protocols/ospf.rst:1318
msgid "A typical configuration using 2 nodes."
msgstr "Una configuración típica usando 2 nodos."
-#: ../../configuration/nat/nat44.rst:400
+#: ../../configuration/nat/nat44.rst:414
msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
msgstr "Un problema típico con el uso de NAT y el alojamiento de servidores públicos es la capacidad de los sistemas internos para llegar a un servidor interno utilizando su dirección IP externa. La solución a esto suele ser el uso de DNS dividido para señalar correctamente los sistemas host a la dirección interna cuando las solicitudes se realizan internamente. Debido a que muchas redes más pequeñas carecen de infraestructura de DNS, comúnmente se implementa una solución alternativa para facilitar el tráfico mediante NAT de la solicitud de los hosts internos a la dirección de origen de la interfaz interna en el firewall."
@@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header
msgid "A very small buffer will soon start dropping packets."
msgstr "Un búfer muy pequeño pronto comenzará a descartar paquetes."
-#: ../../configuration/firewall/zone.rst:33
+#: ../../configuration/firewall/zone.rst:52
msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
msgstr "Una zona debe configurarse antes de que se le asigne una interfaz y una interfaz se puede asignar a una sola zona."
-#: ../../configuration/service/dns.rst:384
+#: ../../configuration/service/dns.rst:397
msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
@@ -1652,12 +1638,14 @@ msgstr "Se debe tomar acción inmediatamente: una condición que se debe corregi
msgid "Action which will be run once the ctrl-alt-del keystroke is received."
msgstr "Acción que se ejecutará una vez recibida la pulsación de tecla ctrl-alt-del."
-#: ../../configuration/firewall/general.rst:327
+#: ../../configuration/firewall/bridge.rst:65
+#: ../../configuration/firewall/ipv4.rst:81
+#: ../../configuration/firewall/ipv6.rst:81
#: ../../configuration/policy/route.rst:238
msgid "Actions"
msgstr "Acciones"
-#: ../../configuration/interfaces/openvpn.rst:431
+#: ../../configuration/interfaces/openvpn.rst:483
msgid "Active Directory"
msgstr "Directorio Activo"
@@ -1737,7 +1725,7 @@ msgstr "Agregue la parte de la clave privada de este certificado a la CLI. Esto
msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI."
msgstr "Agregue el certificado de CA público para la CA denominada &quot;nombre&quot; a la CLI de VyOS."
-#: ../../configuration/vpn/openconnect.rst:169
+#: ../../configuration/vpn/openconnect.rst:176
msgid "Adding a 2FA with an OTP-key"
msgstr "Agregar un 2FA con una clave OTP"
@@ -1753,7 +1741,7 @@ msgstr "Opción adicional para ejecutar el servidor TFTP en el contexto :abbr:`V
msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
msgstr "Además, cada cliente necesita una copia de ca cert y su propia clave de cliente y archivos de certificado. Los archivos son texto sin formato, por lo que pueden copiarse manualmente desde la CLI. Los archivos de clave y certificado del cliente deben firmarse con el certificado ca adecuado y generarse en el lado del servidor."
-#: ../../configuration/nat/nat44.rst:738
+#: ../../configuration/nat/nat44.rst:760
msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
msgstr "Además, queremos usar VPN solo en nuestra interfaz eth1 (la interfaz externa en la imagen de arriba)"
@@ -1765,7 +1753,7 @@ msgstr "Además, debe tener en cuenta que esta función desactiva fundamentalmen
msgid "Address"
msgstr "DIRECCIÓN"
-#: ../../configuration/nat/nat44.rst:219
+#: ../../configuration/nat/nat44.rst:231
msgid "Address Conversion"
msgstr "Conversión de direcciones"
@@ -1773,20 +1761,19 @@ msgstr "Conversión de direcciones"
msgid "Address Families"
msgstr "Familias de direcciones"
-#: ../../configuration/firewall/general.rst:192
-#: ../../configuration/firewall/general-legacy.rst:168
+#: ../../configuration/firewall/groups.rst:19
msgid "Address Groups"
msgstr "Grupos de direcciones"
-#: ../../configuration/service/dhcp-server.rst:662
+#: ../../configuration/service/dhcp-server.rst:592
msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
msgstr "El grupo de direcciones será ``2001:db8::100`` hasta ``2001:db8::199``."
-#: ../../configuration/service/dhcp-server.rst:652
+#: ../../configuration/service/dhcp-server.rst:582
msgid "Address pools"
msgstr "Grupos de direcciones"
-#: ../../configuration/service/https.rst:42
+#: ../../configuration/service/https.rst:33
msgid "Address to listen for HTTPS requests"
msgstr "Dirección para escuchar solicitudes HTTPS"
@@ -1798,7 +1785,7 @@ msgstr "Agrega el registro a la lista de registros de búsqueda no calificados.
msgid "Administrative Distance"
msgstr "Distancia administrativa"
-#: ../../configuration/nat/nat44.rst:289
+#: ../../configuration/nat/nat44.rst:301
msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
@@ -1818,7 +1805,7 @@ msgstr "Publicidad de un prefijo"
msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
msgstr "Después de confirmar, las contraseñas de texto sin formato se cifrarán y almacenarán en su configuración. La configuración de CLI resultante se verá así:"
-#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:325
msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
msgstr "Después de confirmar la configuración, podemos verificar que todas las rutas filtradas estén instaladas e intentar hacer ping ICMP a la PC1 desde la PC3."
@@ -1846,7 +1833,7 @@ msgstr "Algoritmo"
msgid "Aliases"
msgstr "Alias"
-#: ../../configuration/service/dns.rst:154
+#: ../../configuration/service/dns.rst:167
msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
msgstr "Todas las solicitudes de DNS para ejemplo.com deben reenviarse a un servidor DNS en 192.0.2.254 y 2001:db8:cafe::1"
@@ -1874,7 +1861,7 @@ msgstr "Todas las interfaces utilizadas para el relé DHCP deben configurarse. E
msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
msgstr "Todos los elementos de un grupo de sincronización deben configurarse de manera similar. Si un grupo de VRRP se configura con un retraso o una prioridad de prioridad diferente, se produciría un ciclo de transición sin fin."
-#: ../../configuration/service/dns.rst:156
+#: ../../configuration/service/dns.rst:169
msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
msgstr "Todas las demás solicitudes de DNS se reenviarán a un conjunto diferente de servidores DNS en 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff y 2001:db8::2:ffff"
@@ -1882,6 +1869,10 @@ msgstr "Todas las demás solicitudes de DNS se reenviarán a un conjunto diferen
msgid "All reply sizes are accepted by default."
msgstr "Todos los tamaños de respuesta se aceptan de forma predeterminada."
+#: ../../configuration/protocols/pim.rst:91
+msgid "All routers in the PIM network must agree on these values."
+msgstr "All routers in the PIM network must agree on these values."
+
#: ../../configuration/system/task-scheduler.rst:10
msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
msgstr "Todos los scripts ejecutados de esta manera se ejecutan como usuario root; esto puede ser peligroso. Junto con :ref:`command-scripting`, se puede usar para automatizar (re)configurar."
@@ -1894,11 +1885,11 @@ msgstr "Todas estas reglas con OTC ayudarán a detectar y mitigar las fugas de r
msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
msgstr "Todos esos protocolos están agrupados bajo ``túnel de interfaces`` en VyOS. Echemos un vistazo más de cerca a los protocolos y opciones compatibles actualmente con VyOS."
-#: ../../configuration/firewall/zone.rst:36
+#: ../../configuration/firewall/zone.rst:55
msgid "All traffic between zones is affected by existing policies"
msgstr "Todo el tráfico entre zonas se ve afectado por las políticas existentes"
-#: ../../configuration/firewall/zone.rst:35
+#: ../../configuration/firewall/zone.rst:54
msgid "All traffic to and from an interface within a zone is permitted."
msgstr "Se permite todo el tráfico hacia y desde una interfaz dentro de una zona."
@@ -1922,7 +1913,7 @@ msgstr "Permita el acceso a los sitios de un dominio sin recuperarlos de la memo
msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
msgstr "Permita que bgp negocie la capacidad de próximo salto extendido con su par. Si está interconectando una dirección local de enlace IPv6, esta capacidad se activa automáticamente. Si está interconectando una dirección global IPv6, al activar este comando permitirá que BGP instale rutas IPv4 con nexthops IPv6 si no tiene IPv4 configurado en las interfaces."
-#: ../../configuration/service/dns.rst:346
+#: ../../configuration/service/dns.rst:359
msgid "Allow explicit IPv6 address for the interface."
msgstr "Permita una dirección IPv6 explícita para la interfaz."
@@ -1930,15 +1921,24 @@ msgstr "Permita una dirección IPv6 explícita para la interfaz."
msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
msgstr "Permitir redes de host en un contenedor. La pila de red del contenedor no está aislada del host y utilizará la IP del host."
+#: ../../configuration/service/mdns.rst:43
+msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+
#: ../../configuration/protocols/bfd.rst:34
msgid "Allow this BFD peer to not be directly connected"
msgstr "Permitir que este par BFD no se conecte directamente"
-#: ../../configuration/firewall/general.rst:1137
#: ../../configuration/firewall/general-legacy.rst:694
msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
msgstr "Valores permitidos para indicadores TCP: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` Al especificar más de una bandera, las banderas deben estar separadas por comas. El ``!`` niega el protocolo seleccionado."
+#: ../../configuration/firewall/ipv4.rst:812
+#: ../../configuration/firewall/ipv6.rst:821
+#: ../../configuration/system/conntrack.rst:199
+msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+
#: ../../configuration/interfaces/bridge.rst:162
msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
msgstr "Permite que las ID de VLAN específicas pasen a través de la interfaz de miembro del puente. Puede ser una identificación de VLAN individual o un rango de identificaciones de VLAN delimitadas por un guión."
@@ -1959,7 +1959,9 @@ msgstr "Le permite configurar la interfaz de siguiente salto para una ruta está
msgid "Already learned known_hosts files of clients need an update as the public key will change."
msgstr "Los archivos de hosts conocidos ya aprendidos de los clientes necesitan una actualización ya que la clave pública cambiará."
-#: ../../configuration/firewall/general.rst:377
+#: ../../configuration/firewall/bridge.rst:123
+#: ../../configuration/firewall/ipv4.rst:166
+#: ../../configuration/firewall/ipv6.rst:166
msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
@@ -1971,7 +1973,7 @@ msgstr "Además, por compatibilidad con versiones anteriores, esta configuració
msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
-#: ../../configuration/nat/nat44.rst:276
+#: ../../configuration/nat/nat44.rst:288
msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
msgstr "Además, en :ref:`destination-nat`, se admite la redirección a localhost. La declaración de redirección es una forma especial de dnat que siempre traduce la dirección de destino a la del host local."
@@ -1983,15 +1985,15 @@ msgstr "Tablas de enrutamiento alternativas"
msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
msgstr "Las tablas de enrutamiento alternativas se utilizan con el enrutamiento basado en políticas utilizando :ref:`vrf`."
-#: ../../configuration/interfaces/vxlan.rst:321
+#: ../../configuration/interfaces/vxlan.rst:342
msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
msgstr "Como alternativa a la multidifusión, la dirección IPv4 remota del túnel VXLAN se puede configurar directamente. Cambiemos el ejemplo de multidifusión de arriba:"
-#: ../../configuration/service/dhcp-server.rst:130
+#: ../../configuration/service/dhcp-server.rst:116
msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
msgstr "Siempre excluya esta dirección de cualquier rango definido. Esta dirección nunca será asignada por el servidor DHCP."
-#: ../../configuration/firewall/general.rst:241
+#: ../../configuration/firewall/groups.rst:68
msgid "An **interface group** represents a collection of interfaces."
msgstr "An **interface group** represents a collection of interfaces."
@@ -2035,6 +2037,10 @@ msgstr "Un agente es un módulo de software de administración de red que reside
msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
msgstr "Un comando alternativo podría ser &quot;mpls-te on&quot; (Ingeniería de tráfico)"
+#: ../../configuration/firewall/ipv4.rst:373
+msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+
#: ../../configuration/firewall/general-legacy.rst:424
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "Se puede aplicar una máscara de red arbitraria a las direcciones de máscara para que solo coincidan con una parte específica. Esto es especialmente útil con IPv6 y un cortafuegos basado en zonas, ya que las reglas seguirán siendo válidas si el prefijo de IPv6 cambia y la parte del host de la dirección IPv6 del sistema es estática (por ejemplo, con SLAAC o direcciones IPv6 tokenizadas).<https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt> `_)"
@@ -2043,7 +2049,7 @@ msgstr "Se puede aplicar una máscara de red arbitraria a las direcciones de má
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
-#: ../../configuration/firewall/general.rst:619
+#: ../../configuration/firewall/ipv6.rst:371
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2072,7 +2078,7 @@ msgstr "Un ejemplo de creación de un puente compatible con VLAN es el siguiente
msgid "An example of key generation:"
msgstr "Un ejemplo de generación de claves:"
-#: ../../configuration/vpn/openconnect.rst:291
+#: ../../configuration/vpn/openconnect.rst:298
msgid "An example of the data captured by a FREERADIUS server with sql accounting:"
msgstr "Un ejemplo de los datos capturados por un servidor FREERADIUS con contabilidad sql:"
@@ -2080,10 +2086,34 @@ msgstr "Un ejemplo de los datos capturados por un servidor FREERADIUS con contab
msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
msgstr "Una opción que toma una cadena entre comillas se establece reemplazando todos los caracteres de comillas con la cadena ``&quot;`` dentro del valor de parámetros de mapeo estático. La línea resultante en dhcpd.conf será ``option pxelinux.configfile &quot;pxelinux.cfg /01-00-15-17-44-2d-aa&quot;;``."
+#: ../../configuration/firewall/flowtables.rst:142
+msgid "Analysis on what happens for desired connection:"
+msgstr "Analysis on what happens for desired connection:"
+
+#: ../../configuration/firewall/bridge.rst:297
+msgid "And, to print only bridge firewall information:"
+msgstr "And, to print only bridge firewall information:"
+
+#: ../../configuration/firewall/ipv4.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+
#: ../../configuration/policy/route.rst:76
msgid "And for ipv6:"
msgstr "Y para ipv6:"
+#: ../../configuration/firewall/groups.rst:165
+msgid "And next, some configuration example where groups are used:"
+msgstr "And next, some configuration example where groups are used:"
+
+#: ../../configuration/firewall/bridge.rst:349
+msgid "And op-mode commands:"
+msgstr "And op-mode commands:"
+
#: ../../configuration/system/ip.rst:84
msgid "And the different IPv4 **reset** commands available:"
msgstr "Y los diferentes comandos IPv4 **reset** disponibles:"
@@ -2093,7 +2123,7 @@ msgstr "Y los diferentes comandos IPv4 **reset** disponibles:"
msgid "And then hash is reduced modulo slave count."
msgstr "Y luego hash se reduce el recuento de esclavos de módulo."
-#: ../../configuration/nat/nat44.rst:590
+#: ../../configuration/nat/nat44.rst:614
msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
msgstr "Otro término que se usa a menudo para DNAT es **NAT 1 a 1**. Para una configuración NAT 1 a 1, tanto DNAT como SNAT se utilizan para NAT todo el tráfico desde una dirección IP externa a una dirección IP interna y viceversa."
@@ -2118,7 +2148,7 @@ msgstr "Aplique un filtro de mapa de ruta a las rutas para el protocolo especifi
msgid "Apply routing policy to **inbound** direction of out VLAN interfaces"
msgstr "Aplique la política de enrutamiento a la dirección **entrante** de las interfaces VLAN de salida"
-#: ../../configuration/firewall/zone.rst:82
+#: ../../configuration/firewall/zone.rst:101
msgid "Applying a Rule-Set to a Zone"
msgstr "Aplicar un conjunto de reglas a una zona"
@@ -2151,49 +2181,11 @@ msgstr "AristaEOS"
msgid "Aruba/HP"
msgstr "Aruba/HP"
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/pppoe.rst:207
#: ../../configuration/interfaces/pppoe.rst:253
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/sstp-client.rst:79
#: ../../_include/interface-ip.txt:4
#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
msgstr "Como el descubrimiento de PMTU en Internet rara vez funciona, a veces necesitamos fijar nuestro valor TCP MSS a un valor específico. Este es un campo en la parte de opciones TCP de un paquete SYN. Al configurar el valor de MSS, le está diciendo al lado remoto inequívocamente &#39;no intente enviarme paquetes más grandes que este valor&#39;."
@@ -2209,6 +2201,10 @@ msgstr "Como VyOS está basado en Linux, el puerto predeterminado que se usa no
msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
msgstr "Como VyOS se basa en Linux y no había un puerto IANA oficial asignado para VXLAN, VyOS usa un puerto predeterminado de 8472. Puede cambiar el puerto por interfaz VXLAN para que funcione con varios proveedores."
+#: ../../configuration/firewall/index.rst:7
+msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+
#: ../../configuration/interfaces/wwan.rst:326
msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
msgstr "Como VyOS utiliza la interfaz QMI para conectarse a las tarjetas de módem WWAN, también se puede reprogramar el firmware."
@@ -2221,10 +2217,14 @@ msgstr "Como referencia: para 10mbit/s en Intel, es posible que necesite al meno
msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
msgstr "Como resultado, el procesamiento de cada paquete se vuelve más eficiente, aprovechando potencialmente el soporte de descarga de cifrado de hardware disponible en el kernel."
-#: ../../configuration/firewall/zone.rst:49
+#: ../../configuration/firewall/zone.rst:68
msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
msgstr "Como alternativa a la aplicación directa de políticas a una interfaz, se puede crear un firewall basado en zonas para simplificar la configuración cuando varias interfaces pertenecen a la misma zona de seguridad. En lugar de aplicar conjuntos de reglas a las interfaces, se aplican a pares de zona de origen y zona de destino."
+#: ../../configuration/firewall/flowtables.rst:109
+msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+
#: ../../configuration/system/option.rst:80
msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
msgstr "A medida que más y más enrutadores se ejecutan en hipervisores, especialmente con un :abbr:`NOS (sistema operativo de red)` como VyOS, tiene cada vez menos sentido usar enlaces de recursos estáticos como ``smp-affinity`` como está presente en VyOS 1.2 y anteriores para anclar ciertos controladores de interrupción a CPU específicas."
@@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys
msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
msgstr "De forma predeterminada y si no se define lo contrario, se utiliza mschap-v2 para la autenticación y mppe de 128 bits (sin estado) para el cifrado. Si no se establece una dirección de puerta de enlace dentro de la configuración, se utiliza la IP más baja del grupo de ip de cliente /24. Por ejemplo, en el siguiente ejemplo sería 192.168.0.1."
+#: ../../configuration/firewall/groups.rst:147
+msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+
#: ../../configuration/trafficpolicy/index.rst:196
msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
msgstr "Como se muestra en el ejemplo anterior, una de las posibilidades para hacer coincidir los paquetes se basa en las marcas realizadas por el firewall, `eso puede brindarle una gran flexibilidad`_."
@@ -2249,11 +2253,11 @@ msgstr "Como se muestra en el ejemplo anterior, una de las posibilidades para ha
msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
msgstr "Como se muestra en el último comando del ejemplo anterior, la configuración `tipo de cola` permite estas combinaciones. Podrás usarlo en muchas pólizas."
-#: ../../configuration/firewall/index.rst:81
+#: ../../configuration/firewall/index.rst:176
msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
-#: ../../configuration/firewall/index.rst:60
+#: ../../configuration/firewall/index.rst:182
msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
@@ -2281,7 +2285,7 @@ msgstr "Al igual que con otras políticas, puede definir diferentes tipos de reg
msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
msgstr "Al igual que con otras políticas, puede incrustar_ otras políticas en las clases (y por defecto) de su política Priority Queue a través de la configuración ``queue-type``:"
-#: ../../configuration/interfaces/vxlan.rst:264
+#: ../../configuration/interfaces/vxlan.rst:285
msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
msgstr "Como puede ver, la configuración de Leaf2 y Leaf3 es casi idéntica. Hay muchos comandos arriba, trataré de dar más detalles a continuación, las descripciones de los comandos se colocan debajo de los cuadros de comando:"
@@ -2309,7 +2313,7 @@ msgstr "Asignar interfaces de miembros a PortChannel"
msgid "Assign static IP address to `<user>` account."
msgstr "Asigne una dirección IP estática a `<user> ` cuenta."
-#: ../../configuration/service/dhcp-server.rst:111
+#: ../../configuration/service/dhcp-server.rst:97
msgid "Assign the IP address to this machine for `<time>` seconds."
msgstr "Asigne la dirección IP a esta máquina para `<time> ` segundos."
@@ -2377,7 +2381,6 @@ msgstr "Reenvío asegurado (AF) 43"
msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
msgstr "En cada ronda, el contador de déficit agrega el cuanto para que incluso los paquetes grandes tengan la oportunidad de ser eliminados."
-#: ../../configuration/firewall/general.rst:1489
#: ../../configuration/firewall/general-legacy.rst:972
msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
msgstr "Por el momento, no es posible ver todo el registro del firewall con los comandos operativos de VyOS. Todos los registros se guardarán en ``/var/logs/messages``. Por ejemplo: ``grep &#39;10.10.0.10&#39; /var/log/messages``"
@@ -2434,7 +2437,7 @@ msgstr "Autenticación: para verificar que el mensaje proviene de una fuente vá
msgid "Authorization token"
msgstr "token de autorización"
-#: ../../configuration/service/pppoe-server.rst:172
+#: ../../configuration/service/pppoe-server.rst:159
msgid "Automatic VLAN Creation"
msgstr "Creación automática de VLAN"
@@ -2442,6 +2445,10 @@ msgstr "Creación automática de VLAN"
msgid "Automatic VLAN creation"
msgstr "Creación automática de VLAN"
+#: ../../configuration/protocols/pim.rst:137
+msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+
#: ../../configuration/system/option.rst:19
msgid "Automatically reboot system on kernel panic after 60 seconds."
msgstr "Reinicie automáticamente el sistema en Kernel Panic después de 60 segundos."
@@ -2450,7 +2457,7 @@ msgstr "Reinicie automáticamente el sistema en Kernel Panic después de 60 segu
msgid "Autonomous Systems"
msgstr "Sistemas Autónomos"
-#: ../../configuration/nat/nat44.rst:370
+#: ../../configuration/nat/nat44.rst:384
msgid "Avoiding \"leaky\" NAT"
msgstr "Evitar NAT &quot;con fugas&quot;"
@@ -2530,7 +2537,7 @@ msgstr "Los roles de BGP se definen en RFC :rfc:`9234` y proporcionan una manera
msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
msgstr "Los enrutadores BGP conectados dentro del mismo AS a través de BGP pertenecen a una sesión BGP interna o IBGP. Para evitar bucles en la tabla de enrutamiento, el hablante de IBGP no anuncia rutas aprendidas por IBGP a otro hablante de IBGP (mecanismo Split Horizon). Como tal, IBGP requiere una malla completa de todos los pares. Para redes grandes, esto rápidamente se vuelve inescalable."
-#: ../../configuration/vrf/index.rst:411
+#: ../../configuration/vrf/index.rst:413
msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
msgstr "Las rutas BGP pueden filtrarse (es decir, copiarse) entre una RIB VRF de unidifusión y la RIB SAFI de VPN de la VRF predeterminada para su uso en L3VPN basadas en MPLS. Las rutas de unidifusión también pueden filtrarse entre cualquier VRF (incluida la RIB de unidifusión de la instancia de BGP predeterminada). También está disponible una sintaxis de acceso directo para especificar fugas de un VRF a otro VRF utilizando la VPN RIB de la instancia predeterminada como intermediario. Una aplicación común de la función VRF-VRF es conectar el dominio de enrutamiento privado de un cliente al servicio VPN de un proveedor. La fuga se configura desde el punto de vista de un VRF individual: la importación se refiere a las rutas filtradas de VPN a un VRF de unidifusión, mientras que la exportación se refiere a las rutas filtradas de un VRF de unidifusión a VPN."
@@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name"
msgstr "Equilibrio basado en el nombre de dominio"
#: ../../configuration/service/ipoe-server.rst:122
-#: ../../configuration/service/pppoe-server.rst:195
+#: ../../configuration/service/pppoe-server.rst:182
#: ../../configuration/vpn/l2tp.rst:113
msgid "Bandwidth Shaping"
msgstr "Conformación de ancho de banda"
@@ -2573,7 +2580,7 @@ msgstr "Conformación de ancho de banda"
msgid "Bandwidth Shaping for local users"
msgstr "Conformación de ancho de banda para usuarios locales"
-#: ../../configuration/service/pppoe-server.rst:197
+#: ../../configuration/service/pppoe-server.rst:184
msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes."
msgstr "Los límites de tasa de ancho de banda se pueden establecer para usuarios locales o atributos basados en RADIUS."
@@ -2585,7 +2592,14 @@ msgstr "Los límites de velocidad de ancho de banda se pueden establecer para us
msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
msgstr "Los límites de tasa de ancho de banda se pueden establecer para usuarios locales dentro de la configuración o mediante atributos basados en RADIUS."
-#: ../../configuration/vpn/dmvpn.rst:34
+#: ../../configuration/firewall/ipv4.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+
#: ../../configuration/vpn/dmvpn.rst:34
msgid "Baseline DMVPN topology"
msgstr "Topología DMVPN de línea base"
@@ -2594,7 +2608,6 @@ msgstr "Topología DMVPN de línea base"
msgid "Basic Concepts"
msgstr "Conceptos básicos"
-#: ../../configuration/protocols/igmp.rst:91
#: ../../configuration/protocols/pim6.rst:26
msgid "Basic commands"
msgstr "Comandos básicos"
@@ -2611,7 +2624,7 @@ msgstr "El filtrado básico también podría aplicarse al tráfico IPv6."
msgid "Basic setup"
msgstr "Configuración básica"
-#: ../../configuration/vpn/openconnect.rst:255
+#: ../../configuration/vpn/openconnect.rst:262
msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
msgstr "Asegúrese de establecer una configuración predeterminada sana en el archivo de configuración predeterminado, esto se cargará en el caso de que un usuario esté autenticado y no se encuentre ningún archivo en el directorio configurado que coincida con el nombre de usuario/grupo de los usuarios."
@@ -2631,11 +2644,11 @@ msgstr "Debido a que las sesiones existentes no conmutan por error automáticame
msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
msgstr "Antes de habilitar cualquier descarga de segmentación de hardware, se requiere una descarga de software correspondiente en GSO. De lo contrario, es posible que una trama se redirija entre dispositivos y termine sin poder transmitirse."
-#: ../../configuration/firewall/zone.rst:84
+#: ../../configuration/firewall/zone.rst:103
msgid "Before you are able to apply a rule-set to a zone you have to create the zones first."
msgstr "Antes de poder aplicar un conjunto de reglas a una zona, primero debe crear las zonas."
-#: ../../configuration/vpn/site2site_ipsec.rst:413
+#: ../../configuration/vpn/site2site_ipsec.rst:422
msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
msgstr "El siguiente diagrama de flujo podría ser una referencia rápida para la combinación de acción de cierre, según cómo esté configurado el par."
@@ -2663,7 +2676,7 @@ msgstr "valor binario"
msgid "Bind listener to specific interface/address, mandatory for IPv6"
msgstr "Vincular el oyente a una interfaz/dirección específica, obligatorio para IPv6"
-#: ../../configuration/interfaces/vxlan.rst:285
+#: ../../configuration/interfaces/vxlan.rst:306
msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
msgstr "Vincula eth1.241 y vxlan241 entre sí al convertirlos en interfaces miembro del mismo puente."
@@ -2695,15 +2708,15 @@ msgstr "Agregación de bonos/enlaces"
msgid "Bond options"
msgstr "Opciones de bonos"
-#: ../../configuration/service/dhcp-server.rst:339
+#: ../../configuration/service/dhcp-server.rst:306
msgid "Boot image length in 512-octet blocks"
msgstr "Longitud de la imagen de arranque en bloques de 512 octetos"
-#: ../../configuration/service/dhcp-server.rst:334
+#: ../../configuration/service/dhcp-server.rst:301
msgid "Bootstrap file name"
msgstr "Nombre de archivo de arranque"
-#: ../../configuration/interfaces/vxlan.rst:102
+#: ../../configuration/interfaces/vxlan.rst:123
msgid "Both IPv4 and IPv6 multicast is possible."
msgstr "Es posible la multidifusión IPv4 e IPv6."
@@ -2712,25 +2725,6 @@ msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Aut
msgstr "Se admiten cuentas :abbr:`RADIUS (Remote Authentication Dial-In User Service)` administradas localmente y administradas remotamente."
#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
msgstr "Tanto las respuestas como las solicitudes de tipo arp gratuito activarán la actualización de la tabla ARP, si esta configuración está activada."
@@ -2746,10 +2740,18 @@ msgstr "Puente"
msgid "Bridge:"
msgstr "Puente:"
+#: ../../configuration/firewall/bridge.rst:7
+msgid "Bridge Firewall Configuration"
+msgstr "Bridge Firewall Configuration"
+
#: ../../configuration/interfaces/bridge.rst:66
msgid "Bridge Options"
msgstr "Opciones de puente"
+#: ../../configuration/firewall/bridge.rst:56
+msgid "Bridge Rules"
+msgstr "Bridge Rules"
+
#: ../../configuration/interfaces/bridge.rst:198
#: ../../configuration/interfaces/bridge.rst:233
msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64"
@@ -2779,7 +2781,7 @@ msgstr "De forma predeterminada, VyOS no anuncia una ruta predeterminada (0.0.0.
msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
msgstr "De forma predeterminada, la aplicación móvil genera un nuevo token cada 30 segundos. Para compensar el posible desfase temporal entre el cliente y el servidor, se permite un token adicional antes y después de la hora actual. Esto permite un sesgo de tiempo de hasta 30 segundos entre el servidor de autenticación y el cliente."
-#: ../../configuration/service/dns.rst:380
+#: ../../configuration/service/dns.rst:393
msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
msgstr "De manera predeterminada, ddclient_ actualizará un registro dns dinámico usando la dirección IP directamente adjunta a la interfaz. Si su instancia de VyOS está detrás de NAT, su registro se actualizará para apuntar a su IP interna."
@@ -2792,7 +2794,7 @@ msgstr "De manera predeterminada, habilitar RPKI no cambia la selección de la m
msgid "By default, it supports both planned and unplanned outages."
msgstr "De forma predeterminada, admite interrupciones planificadas y no planificadas."
-#: ../../configuration/service/https.rst:54
+#: ../../configuration/service/https.rst:45
msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
msgstr "De forma predeterminada, nginx expone la API local en todos los servidores virtuales. Use esto para restringir nginx a uno o más hosts virtuales."
@@ -2808,8 +2810,7 @@ msgstr "De forma predeterminada, el prefijo BGP se anuncia incluso si no está p
msgid "By default, this bridging is allowed."
msgstr "De forma predeterminada, este puente está permitido."
-#: ../../configuration/firewall/general.rst:90
-#: ../../configuration/firewall/general-legacy.rst:42
+#: ../../configuration/firewall/global-options.rst:27
msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
msgstr "De manera predeterminada, cuando VyOS recibe un paquete de solicitud de eco ICMP destinado a sí mismo, responderá con una respuesta de eco ICMP, a menos que lo evite a través de su firewall."
@@ -2876,7 +2877,7 @@ msgstr "Certificados"
msgid "Change system keyboard layout to given language."
msgstr "Cambie el diseño del teclado del sistema al idioma dado."
-#: ../../configuration/firewall/zone.rst:75
+#: ../../configuration/firewall/zone.rst:94
msgid "Change the default-action with this setting."
msgstr "Cambie la acción predeterminada con esta configuración."
@@ -2896,6 +2897,10 @@ msgstr "Cambiar el mapa de teclas solo tiene un efecto en la consola del sistema
msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
msgstr "Número de canal (IEEE 802.11), para canales de 2,4 Ghz (802.11 b/g/n) entre 1 y 14. En 5Ghz (802.11 a/h/j/n/ac) los canales disponibles son 0, 34 a 173"
+#: ../../configuration/system/updates.rst:28
+msgid "Check:"
+msgstr "Check:"
+
#: ../../configuration/system/acceleration.rst:32
msgid "Check if the Intel® QAT device is up and ready to do the job."
msgstr "Compruebe si el dispositivo Intel® QAT está activo y listo para hacer el trabajo."
@@ -2908,10 +2913,14 @@ msgstr "Comprobar estado"
msgid "Check the many parameters available for the `show ipv6 route` command:"
msgstr "Verifique los muchos parámetros disponibles para el comando `show ipv6 route`:"
-#: ../../configuration/service/pppoe-server.rst:320
+#: ../../configuration/service/pppoe-server.rst:307
msgid "Checking connections"
msgstr "Comprobación de conexiones"
+#: ../../configuration/firewall/flowtables.rst:165
+msgid "Checks"
+msgstr "Checks"
+
#: ../../configuration/service/tftp-server.rst:21
msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
msgstr "Elija la ubicación de su ``directorio`` con cuidado o perderá el contenido en las actualizaciones de imágenes. Cualquier directorio bajo ``/config`` que se guarde en este será migrado."
@@ -2921,25 +2930,6 @@ msgid "Cisco Catalyst"
msgstr "catalizador de cisco"
#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
msgid "Cisco and Allied Telesyn call it Private VLAN"
msgstr "Cisco y Allied Telesyn lo llaman VLAN privada"
@@ -2955,7 +2945,7 @@ msgstr "trato de clase"
msgid "Classes"
msgstr "Clases"
-#: ../../configuration/service/dhcp-server.rst:359
+#: ../../configuration/service/dhcp-server.rst:326
msgid "Classless static route"
msgstr "Ruta estática sin clase"
@@ -2975,7 +2965,7 @@ msgstr "Cliente:"
msgid "Client Address Pools"
msgstr "Grupos de direcciones de clientes"
-#: ../../configuration/interfaces/openvpn.rst:388
+#: ../../configuration/interfaces/openvpn.rst:440
msgid "Client Authentication"
msgstr "Autenticación del cliente"
@@ -2983,7 +2973,7 @@ msgstr "Autenticación del cliente"
msgid "Client Configuration"
msgstr "Client Configuration"
-#: ../../configuration/vpn/sstp.rst:278
+#: ../../configuration/vpn/sstp.rst:289
msgid "Client IP addresses will be provided from pool `192.0.2.0/25`"
msgstr "Las direcciones IP de los clientes se proporcionarán desde el grupo `192.0.2.0/25`"
@@ -2995,11 +2985,11 @@ msgstr "Lado del cliente"
msgid "Client configuration"
msgstr "Configuración del cliente"
-#: ../../configuration/service/dhcp-server.rst:299
+#: ../../configuration/service/dhcp-server.rst:266
msgid "Client domain name"
msgstr "nombre de dominio del cliente"
-#: ../../configuration/service/dhcp-server.rst:354
+#: ../../configuration/service/dhcp-server.rst:321
msgid "Client domain search"
msgstr "Búsqueda de dominio de cliente"
@@ -3011,7 +3001,7 @@ msgstr "El aislamiento del cliente se puede utilizar para evitar puentes de tram
msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
msgstr "Los clientes se identifican por el campo CN de sus certificados x.509, en este ejemplo el CN es ``client0``:"
-#: ../../configuration/service/dhcp-server.rst:590
+#: ../../configuration/service/dhcp-server.rst:514
msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
msgstr "Los clientes que reciben mensajes publicitarios de varios servidores eligen el servidor con el valor de preferencia más alto. El rango para este valor es ``0...255``."
@@ -3023,7 +3013,9 @@ msgstr "Demonio del reloj"
msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
msgstr "La finalización del comando se puede utilizar para enumerar las zonas horarias disponibles. El ajuste del horario de verano se realizará automáticamente en función de la época del año."
-#: ../../configuration/firewall/general.rst:530
+#: ../../configuration/firewall/bridge.rst:216
+#: ../../configuration/firewall/ipv4.rst:298
+#: ../../configuration/firewall/ipv6.rst:298
msgid "Command for disabling a rule but keep it in the configuration."
msgstr "Command for disabling a rule but keep it in the configuration."
@@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration."
msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
msgstr "El comando probablemente debería extenderse para enumerar también las interfaces reales asignadas a este VRF para obtener una mejor visión general."
-#: ../../configuration/firewall/general.rst:1544
-#: ../../configuration/firewall/general-legacy.rst:1054
+#: ../../configuration/firewall/ipv4.rst:1179
+#: ../../configuration/firewall/ipv6.rst:1195
msgid "Command used to update GeoIP database and firewall sets."
msgstr "Comando utilizado para actualizar la base de datos GeoIP y los conjuntos de firewall."
-#: ../../configuration/service/dhcp-server.rst:438
+#: ../../configuration/firewall/flowtables.rst:119
+msgid "Commands"
+msgstr "Commands"
+
+#: ../../configuration/service/dhcp-server.rst:379
msgid "Common configuration, valid for both primary and secondary node."
msgstr "Configuración común, válida tanto para el nodo primario como para el secundario."
@@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut
msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una fuente no autorizada."
#: ../../configuration/container/index.rst:12
-#: ../../configuration/firewall/zone.rst:47
+#: ../../configuration/firewall/global-options.rst:23
+#: ../../configuration/firewall/groups.rst:11
+#: ../../configuration/firewall/zone.rst:66
#: ../../configuration/interfaces/bonding.rst:17
#: ../../configuration/interfaces/bridge.rst:21
#: ../../configuration/interfaces/dummy.rst:28
@@ -3081,6 +3079,7 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una
#: ../../configuration/interfaces/l2tpv3.rst:31
#: ../../configuration/interfaces/loopback.rst:26
#: ../../configuration/interfaces/macsec.rst:20
+#: ../../configuration/interfaces/openvpn.rst:585
#: ../../configuration/interfaces/pppoe.rst:59
#: ../../configuration/interfaces/pseudo-ethernet.rst:45
#: ../../configuration/interfaces/sstp-client.rst:20
@@ -3090,7 +3089,7 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una
#: ../../configuration/interfaces/wireless.rst:30
#: ../../configuration/interfaces/wwan.rst:16
#: ../../configuration/loadbalancing/reverse-proxy.rst:13
-#: ../../configuration/nat/nat44.rst:681
+#: ../../configuration/nat/nat44.rst:705
#: ../../configuration/policy/access-list.rst:13
#: ../../configuration/policy/as-path-list.rst:10
#: ../../configuration/policy/community-list.rst:10
@@ -3101,7 +3100,7 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una
#: ../../configuration/policy/route-map.rst:10
#: ../../configuration/protocols/bfd.rst:143
#: ../../configuration/protocols/bgp.rst:164
-#: ../../configuration/protocols/igmp.rst:186
+#: ../../configuration/protocols/igmp-proxy.rst:14
#: ../../configuration/protocols/isis.rst:28
#: ../../configuration/protocols/ospf.rst:22
#: ../../configuration/protocols/ospf.rst:1076
@@ -3112,13 +3111,13 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una
#: ../../configuration/service/dhcp-relay.rst:19
#: ../../configuration/service/dhcp-relay.rst:137
#: ../../configuration/service/dhcp-server.rst:22
-#: ../../configuration/service/dhcp-server.rst:586
+#: ../../configuration/service/dhcp-server.rst:510
#: ../../configuration/service/dns.rst:8
-#: ../../configuration/service/dns.rst:214
+#: ../../configuration/service/dns.rst:227
#: ../../configuration/service/https.rst:14
#: ../../configuration/service/ipoe-server.rst:28
#: ../../configuration/service/lldp.rst:36
-#: ../../configuration/service/mdns.rst:18
+#: ../../configuration/service/mdns.rst:19
#: ../../configuration/service/ntp.rst:40
#: ../../configuration/service/pppoe-server.rst:17
#: ../../configuration/service/salt-minion.rst:25
@@ -3131,28 +3130,31 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una
#: ../../configuration/system/login.rst:241
#: ../../configuration/system/login.rst:310
#: ../../configuration/system/sflow.rst:12
+#: ../../configuration/system/updates.rst:8
#: ../../configuration/vpn/dmvpn.rst:38
#: ../../configuration/vpn/dmvpn.rst:182
#: ../../configuration/vpn/openconnect.rst:21
#: ../../configuration/vpn/sstp.rst:65
#: ../../configuration/vrf/index.rst:16
#: ../../configuration/vrf/index.rst:253
-#: ../../configuration/vrf/index.rst:286
-#: ../../configuration/vrf/index.rst:434
+#: ../../configuration/vrf/index.rst:288
+#: ../../configuration/vrf/index.rst:436
msgid "Configuration"
msgstr "Configuración"
+#: ../../configuration/firewall/flowtables.rst:100
#: ../../configuration/protocols/babel.rst:188
-#: ../../configuration/protocols/ospf.rst:1314
+#: ../../configuration/protocols/ospf.rst:1316
#: ../../configuration/protocols/pim6.rst:78
#: ../../configuration/protocols/rip.rst:239
#: ../../configuration/protocols/segment-routing.rst:187
#: ../../configuration/system/login.rst:279
-#: ../../configuration/system/login.rst:348
+#: ../../configuration/system/login.rst:350
msgid "Configuration Example"
msgstr "Ejemplo de configuración"
-#: ../../configuration/nat/nat44.rst:313
+#: ../../configuration/nat/nat44.rst:325
+#: ../../configuration/nat/nat64.rst:38
#: ../../configuration/nat/nat66.rst:109
msgid "Configuration Examples"
msgstr "Ejemplos de configuración"
@@ -3165,6 +3167,10 @@ msgstr "Guía de configuración"
msgid "Configuration Options"
msgstr "Opciones de configuración"
+#: ../../configuration/firewall/global-options.rst:17
+msgid "Configuration commands covered in this section:"
+msgstr "Configuration commands covered in this section:"
+
#: ../../configuration/vpn/ipsec.rst:284
msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Los comandos de configuración para la clave privada y pública se mostrarán en la pantalla que primero debe configurarse en el enrutador. Tenga en cuenta el comando con la clave pública (set pki key-pair ipsec-LEFT public key &#39;MIIBIjANBgkqh...&#39;). Luego haga lo mismo en el enrutador opuesto:"
@@ -3173,7 +3179,11 @@ msgstr "Los comandos de configuración para la clave privada y pública se mostr
msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Se mostrarán los comandos de configuración. Tenga en cuenta el comando con la clave pública (set pki key-pair ipsec-LEFT public key &#39;MIIBIjANBgkqh...&#39;). Luego haga lo mismo en el enrutador opuesto:"
-#: ../../configuration/vrf/index.rst:428
+#: ../../configuration/firewall/bridge.rst:323
+msgid "Configuration example:"
+msgstr "Configuration example:"
+
+#: ../../configuration/vrf/index.rst:430
msgid "Configuration for these exported routes must, at a minimum, specify these two parameters."
msgstr "La configuración de estas rutas exportadas debe, como mínimo, especificar estos dos parámetros."
@@ -3181,11 +3191,11 @@ msgstr "La configuración de estas rutas exportadas debe, como mínimo, especifi
msgid "Configuration of :ref:`routing-static`"
msgstr "Configuración de :ref:`routing-static`"
-#: ../../configuration/service/dhcp-server.rst:430
+#: ../../configuration/service/dhcp-server.rst:371
msgid "Configuration of a DHCP failover pair"
msgstr "Configuración de un par de conmutación por error DHCP"
-#: ../../configuration/vrf/index.rst:436
+#: ../../configuration/vrf/index.rst:438
msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
msgstr "La configuración de la fuga de rutas entre una RIB VRF de unidifusión y la RIB SAFI de VPN de la VRF predeterminada se logra a través de comandos en el contexto de una familia de direcciones VRF."
@@ -3198,11 +3208,11 @@ msgstr "Configurar"
msgid "Configure BFD"
msgstr "Configurar BFD"
-#: ../../configuration/service/dns.rst:245
+#: ../../configuration/service/dns.rst:258
msgid "Configure DNS `<record>` which should be updated. This can be set multiple times."
msgstr "Configurar DNS `<record> ` que debe ser actualizado. Esto se puede configurar varias veces."
-#: ../../configuration/service/dns.rst:240
+#: ../../configuration/service/dns.rst:253
msgid "Configure DNS `<zone>` to be updated."
msgstr "Configurar DNS `<zone> ` para ser actualizado."
@@ -3224,59 +3234,42 @@ msgstr "Configure el reinicio elegante :rfc:`3623` soporte de reinicio. Cuando e
msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
msgstr "Configurar la dirección IP del DHCP `<server> ` que manejará los paquetes retransmitidos."
-#: ../../configuration/vpn/sstp.rst:203
+#: ../../configuration/vpn/sstp.rst:214
msgid "Configure RADIUS `<server>` and its required port for authentication requests."
msgstr "Configurar RADIO `<server> ` y su puerto requerido para las solicitudes de autenticación."
-#: ../../configuration/vpn/sstp.rst:207
+#: ../../configuration/vpn/sstp.rst:218
msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
msgstr "Configurar RADIO `<server> ` y su requerido compartido `<secret> ` para comunicarse con el servidor RADIUS."
-#: ../../configuration/nat/nat44.rst:210
+#: ../../configuration/nat/nat44.rst:222
msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
msgstr "Configure la regla SNAT (40) solo para paquetes NAT con una dirección de destino de 192.0.2.1."
#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
msgstr "Configure :abbr:`MTU (Unidad máxima de transmisión)` en ` dado<interface> `. Es el tamaño (en bytes) de la trama Ethernet más grande enviada en este enlace."
-#: ../../configuration/system/login.rst:373
+#: ../../configuration/system/login.rst:375
msgid "Configure `<message>` which is shown after user has logged in to the system."
msgstr "Configurar `<message> ` que se muestra después de que el usuario haya iniciado sesión en el sistema."
-#: ../../configuration/system/login.rst:368
+#: ../../configuration/system/login.rst:370
msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in."
msgstr "Configurar `<message> ` que se muestra durante la conexión SSH y antes de que un usuario inicie sesión."
-#: ../../configuration/service/dns.rst:328
+#: ../../configuration/service/dns.rst:341
msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
msgstr "Configurar `<password> ` utilizado al autenticar la solicitud de actualización para el servicio DynDNS identificado por `<service> `."
-#: ../../configuration/service/dns.rst:321
+#: ../../configuration/service/dns.rst:334
msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
msgstr "Configurar `<username> ` utilizado al autenticar la solicitud de actualización para el servicio DynDNS identificado por `<service> `. Para Namecheap, configure el<domain> desea actualizar."
+#: ../../configuration/system/updates.rst:17
+msgid "Configure a URL that contains information about images."
+msgstr "Configure a URL that contains information about images."
+
#: ../../configuration/system/flow-accounting.rst:158
msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
msgstr "Configure una dirección de agente de sFlow. Puede ser una dirección IPv4 o IPv6, pero debe establecer el mismo protocolo que se usa para las direcciones del recopilador sFlow. De manera predeterminada, se usa el id del enrutador del protocolo BGP o OSPF, o la dirección IP principal de la primera interfaz."
@@ -3311,7 +3304,7 @@ msgstr "Configure la dirección IP del agente asociada con esta interfaz."
msgid "Configure aggregation delay timer interval."
msgstr "Configure el intervalo del temporizador de retraso de agregación."
-#: ../../configuration/vpn/openconnect.rst:278
+#: ../../configuration/vpn/openconnect.rst:285
msgid "Configure an accounting server and enable accounting with:"
msgstr "Configure un servidor de contabilidad y habilite la contabilidad con:"
@@ -3323,10 +3316,18 @@ msgstr "Configure y habilite la recopilación de información de flujo para la i
msgid "Configure and enable collection of flow information for the interface identified by `<interface>`."
msgstr "Configure y habilite la recopilación de información de flujo para la interfaz identificada por `<interface> `."
+#: ../../configuration/system/updates.rst:12
+msgid "Configure auto-checking for new images"
+msgstr "Configure auto-checking for new images"
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:114
msgid "Configure backend `<name>` mode TCP or HTTP"
msgstr "Configurar back-end `<name> ` modo TCP o HTTP"
+#: ../../configuration/nat/nat66.rst:148
+msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+
#: ../../configuration/service/console-server.rst:49
msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
msgstr "Configure uno o dos bits de parada. Esto por defecto es un bit de parada si se deja sin configurar."
@@ -3339,75 +3340,16 @@ msgstr "Configure siete u ocho bits de datos. Esto tiene un valor predeterminado
msgid "Configure individual bridge port `<priority>`."
msgstr "Configurar puerto de puente individual `<priority> `."
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/pppoe.rst:223
#: ../../configuration/interfaces/pppoe.rst:269
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/sstp-client.rst:95
#: ../../_include/interface-ip.txt:59
#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
msgstr "Configure el comportamiento del host/enrutador específico de la interfaz. Si se establece, la interfaz cambiará al modo host y el reenvío de IPv6 se desactivará en esta interfaz."
#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
msgid "Configure interface `<interface>` with one or more interface addresses."
msgstr "Configurar interfaz `<interface> ` con una o más direcciones de interfaz."
@@ -3439,7 +3381,7 @@ msgstr "Configure uno o más atributos para el servidor NTP dado."
msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
msgstr "Configure uno o más servidores para la sincronización. El nombre del servidor puede ser una dirección IP o :abbr:`FQDN (Nombre de dominio completo)`."
-#: ../../configuration/service/dns.rst:251
+#: ../../configuration/service/dns.rst:264
msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
msgstr "Configure el valor TTL opcional en el registro de recursos dado. Esto por defecto es de 600 segundos."
@@ -3452,14 +3394,10 @@ msgid "Configure physical interface speed setting."
msgstr "Configure la configuración de velocidad de la interfaz física."
#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure la duplicación de puertos para el tráfico entrante de la &quot;interfaz&quot; y copie el tráfico en la &quot;interfaz del monitor&quot;."
#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure la duplicación de puertos para el tráfico saliente de la &quot;interfaz&quot; y copie el tráfico en la &quot;interfaz del monitor&quot;."
@@ -3491,7 +3429,7 @@ msgstr "Configurar servicio `<name> ` modo TCP o HTTP"
msgid "Configure service `<name>` to use the backend <name>"
msgstr "Configurar servicio `<name> ` para usar el backend<name>"
-#: ../../configuration/system/login.rst:392
+#: ../../configuration/system/login.rst:394
msgid "Configure session timeout after which the user will be logged out."
msgstr "Configure el tiempo de espera de la sesión después del cual se cerrará la sesión del usuario."
@@ -3499,7 +3437,15 @@ msgstr "Configure el tiempo de espera de la sesión después del cual se cerrar
msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
msgstr "Configure el nombre de dominio del sistema. Un nombre de dominio debe comenzar y terminar con una letra o un dígito, y tener como caracteres interiores solo letras, dígitos o un guión."
-#: ../../configuration/service/dns.rst:234
+#: ../../configuration/nat/nat66.rst:182
+msgid "Configure the A-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the A-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/nat/nat66.rst:204
+msgid "Configure the B-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the B-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/service/dns.rst:247
msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
msgstr "Configurar el DNS `<server> ` IP/FQDN utilizado al actualizar esta asignación dinámica."
@@ -3524,26 +3470,13 @@ msgid "Configure the load-balancing reverse-proxy service for HTTP."
msgstr "Configure el servicio de proxy inverso de equilibrio de carga para HTTP."
#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
msgstr "Configure la dirección :abbr:`MAC (Control de acceso a medios)` definida por el usuario en `<interface> `."
+#: ../../configuration/protocols/pim.rst:180
+msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+
#: ../../configuration/vrf/index.rst:28
msgid "Configured routing table `<id>` is used by VRF `<name>`."
msgstr "Tabla de enrutamiento configurada `<id> ` es usado por VRF `<name> `."
@@ -3556,7 +3489,7 @@ msgstr "Valor configurado"
msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
msgstr "Configura el altavoz BGP para que solo acepte conexiones entrantes, pero no inicie conexiones salientes con el par o grupo de pares."
-#: ../../configuration/vpn/openconnect.rst:272
+#: ../../configuration/vpn/openconnect.rst:279
msgid "Configuring RADIUS accounting"
msgstr "Configuración de la contabilidad de RADIUS"
@@ -3569,11 +3502,15 @@ msgstr "La configuración de una dirección de escucha es esencial para que el s
msgid "Connect/Disconnect"
msgstr "Conectar/Desconectar"
-#: ../../configuration/vpn/sstp.rst:144
+#: ../../configuration/vpn/sstp.rst:155
msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
msgstr "El cliente conectado debe usar `<address> ` como su servidor DNS. Este comando acepta direcciones IPv4 e IPv6. Se pueden configurar hasta dos servidores de nombres para IPv4, hasta tres para IPv6."
#: ../../configuration/protocols/rpki.rst:129
+msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+
+#: ../../configuration/protocols/rpki.rst:129
msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
msgstr "Las conexiones al servidor de almacenamiento en caché RPKI no solo pueden establecerse mediante HTTP/TLS, sino que también puede confiar en una sesión SSH segura con el servidor. Para habilitar SSH, primero debe crear usted mismo un par de claves de cliente SSH usando ``generate ssh client-key /config/auth/id_rsa_rpki``. Una vez que se crea su clave, puede configurar la conexión."
@@ -3585,10 +3522,18 @@ msgstr "Contraseña"
msgid "Conntrack Sync"
msgstr "Sincronización de seguimiento"
-#: ../../configuration/service/conntrack-sync.rst:None
+#: ../../configuration/service/conntrack-sync.rst:-1
msgid "Conntrack Sync Example"
msgstr "Ejemplo de sincronización de Conntrack"
+#: ../../configuration/system/conntrack.rst:178
+msgid "Conntrack ignore rules"
+msgstr "Conntrack ignore rules"
+
+#: ../../configuration/system/conntrack.rst:204
+msgid "Conntrack log"
+msgstr "Conntrack log"
+
#: ../../configuration/system/syslog.rst:21
msgid "Console"
msgstr "Consola"
@@ -3605,6 +3550,10 @@ msgstr "Restringe la memoria disponible para el contenedor."
msgid "Container"
msgstr "Envase"
+#: ../../configuration/system/conntrack.rst:65
+msgid "Contrack Timeouts"
+msgstr "Contrack Timeouts"
+
#: ../../configuration/nat/nat66.rst:98
msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
msgstr "Convierta el prefijo de dirección de una sola red `fc00::/64` a `fc01::/64`"
@@ -3629,11 +3578,11 @@ msgstr "Crear política de lista comunitaria identificada por nombre<text> ."
msgid "Creat extcommunity-list policy identified by name <text>."
msgstr "Crear política de lista de comunidades externas identificada por nombre<text> ."
-#: ../../configuration/service/dhcp-server.rst:118
+#: ../../configuration/service/dhcp-server.rst:104
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
msgstr "Cree un rango de direcciones DHCP con una identificación de rango de `<n> `. Las concesiones de DHCP se toman de este grupo. El grupo comienza en la dirección `<address> `."
-#: ../../configuration/service/dhcp-server.rst:124
+#: ../../configuration/service/dhcp-server.rst:110
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
msgstr "Cree un rango de direcciones DHCP con una identificación de rango de `<n> `. Las concesiones de DHCP se toman de este grupo. La piscina se detiene con la dirección `<address> `."
@@ -3657,16 +3606,11 @@ msgstr "Cree un archivo llamado ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` u
msgid "Create a load balancing rule, it can be a number between 1 and 9999:"
msgstr "Cree una regla de equilibrio de carga, puede ser un número entre 1 y 9999:"
-#: ../../configuration/service/dhcp-server.rst:218
+#: ../../configuration/service/dhcp-server.rst:183
msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
msgstr "Cree una nueva asignación estática de DHCP llamada `<description> ` que es válido para el host identificado por su MAC `<address> `."
#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
msgstr "Cree una nueva interfaz VLAN en la interfaz `<interface> ` utilizando el número de VLAN proporcionado a través de `<vlan-id> `."
@@ -3714,6 +3658,22 @@ msgstr "Cree una asignación de nombre de host estática que siempre resolverá
msgid "Create as-path-policy identified by name <text>."
msgstr "Crear como política de ruta identificada por nombre<text> ."
+#: ../../configuration/firewall/flowtables.rst:64
+msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+
+#: ../../configuration/firewall/flowtables.rst:95
+msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:90
+msgid "Create firewall rule in forward chain, and set action to ``offload``."
+msgstr "Create firewall rule in forward chain, and set action to ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:61
+msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+
#: ../../configuration/policy/large-community-list.rst:17
msgid "Create large-community-list policy identified by name <text>."
msgstr "Crear una política de lista comunitaria grande identificada por nombre<text> ."
@@ -3726,7 +3686,7 @@ msgstr "Crear llamado `<alias> ` para la asignación estática configurada para
msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
msgstr "Crea una nueva instancia VRF con `<name> `. El nombre se utiliza al colocar interfaces individuales en el VRF."
-#: ../../configuration/service/dns.rst:221
+#: ../../configuration/service/dns.rst:234
msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
msgstr "Cree una nueva configuración de actualización de DNS :rfc:`2136` que actualizará la dirección IP asignada a `<interface> ` en el servicio que configuró en `<service-name> `."
@@ -3750,10 +3710,18 @@ msgstr "Crea una asignación de pares estática de la dirección del protocolo a
msgid "Creating a bridge interface is very simple. In this example, we will have:"
msgstr "Crear una interfaz de puente es muy simple. En este ejemplo tendremos:"
+#: ../../configuration/firewall/flowtables.rst:67
+msgid "Creating a flow table:"
+msgstr "Creating a flow table:"
+
#: ../../configuration/trafficpolicy/index.rst:335
msgid "Creating a traffic policy"
msgstr "Creación de una política de tráfico"
+#: ../../configuration/firewall/flowtables.rst:85
+msgid "Creating rules for using flow tables:"
+msgstr "Creating rules for using flow tables:"
+
#: ../../configuration/system/syslog.rst:178
msgid "Critical"
msgstr "crítico"
@@ -3794,15 +3762,27 @@ msgstr "Actualmente, el enrutamiento dinámico es compatible con los siguientes
msgid "Custom File"
msgstr "Archivo personalizado"
+#: ../../configuration/firewall/bridge.rst:44
+msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+
#: ../../configuration/firewall/general.rst:77
msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+#: ../../configuration/firewall/ipv4.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
+#: ../../configuration/firewall/ipv6.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
#: ../../configuration/highavailability/index.rst:373
msgid "Custom health-check script allows checking real-server availability"
msgstr "El script de verificación de estado personalizado permite verificar la disponibilidad del servidor real"
-#: ../../configuration/system/conntrack.rst:167
+#: ../../configuration/system/conntrack.rst:180
msgid "Customized ignore rules, based on a packet and flow selector."
msgstr "Reglas personalizadas para ignorar, basadas en un selector de paquetes y flujos."
@@ -3822,20 +3802,19 @@ msgstr "Retransmisión DHCP"
msgid "DHCP Server"
msgstr "servidor DHCP"
-#: ../../configuration/service/dhcp-server.rst:384
+#: ../../configuration/service/dhcp-server.rst:351
msgid "DHCP failover parameters"
msgstr "Parámetros de conmutación por error de DHCP"
-#: ../../configuration/service/dhcp-server.rst:374
+#: ../../configuration/service/dhcp-server.rst:341
msgid "DHCP lease range"
msgstr "Rango de concesión de DHCP"
-#: ../../configuration/service/dhcp-server.rst:436
+#: ../../configuration/service/dhcp-server.rst:377
msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
msgstr "El rango de DHCP abarca desde `192.168.189.10` - `192.168.189.250`"
#: ../../configuration/service/dhcp-relay.rst:96
-#: ../../configuration/service/dhcp-relay.rst:96
msgid "DHCP relay example"
msgstr "Ejemplo de retransmisión DHCP"
@@ -3843,20 +3822,19 @@ msgstr "Ejemplo de retransmisión DHCP"
msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
msgstr "El servidor DHCP está ubicado en la dirección IPv4 10.0.1.4 en ``eth2``."
-#: ../../configuration/service/dhcp-server.rst:654
+#: ../../configuration/service/dhcp-server.rst:584
msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
msgstr "Los grupos de direcciones DHCPv6 deben configurarse para que el sistema actúe como un servidor DHCPv6. El siguiente ejemplo describe un escenario común."
-#: ../../configuration/service/dhcp-relay.rst:182
-#: ../../configuration/service/dhcp-relay.rst:182
+#: ../../configuration/service/dhcp-relay.rst:184
msgid "DHCPv6 relay example"
msgstr "Ejemplo de retransmisión DHCPv6"
-#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-relay.rst:176
msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
msgstr "Las solicitudes de DHCPv6 son recibidas por el enrutador en la &quot;interfaz de escucha&quot; &quot;eth1&quot;"
-#: ../../configuration/nat/nat44.rst:735
+#: ../../configuration/nat/nat44.rst:757
msgid "DH Group 14"
msgstr "DH Grupo 14"
@@ -3884,11 +3862,11 @@ msgstr "ADNT"
msgid "DNAT66"
msgstr "DNAT66"
-#: ../../configuration/nat/nat44.rst:494
+#: ../../configuration/nat/nat44.rst:514
msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
msgstr "Por lo general, se hace referencia a DNAT como **Port Forward**. Cuando se usa VyOS como enrutador NAT y firewall, una tarea de configuración común es redirigir el tráfico entrante a un sistema detrás del firewall."
-#: ../../configuration/nat/nat44.rst:268
+#: ../../configuration/nat/nat44.rst:280
msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
msgstr "La regla 10 de DNAT reemplaza la dirección de destino de un paquete entrante con 192.0.2.10"
@@ -3909,11 +3887,11 @@ msgstr "servidores de nombres DNS"
msgid "DNS search list to advertise"
msgstr "Lista de búsqueda de DNS para anunciar"
-#: ../../configuration/service/dhcp-server.rst:294
+#: ../../configuration/service/dhcp-server.rst:261
msgid "DNS server IPv4 address"
msgstr "Dirección IPv4 del servidor DNS"
-#: ../../configuration/service/dhcp-server.rst:661
+#: ../../configuration/service/dhcp-server.rst:591
msgid "DNS server is located at ``2001:db8::ffff``"
msgstr "El servidor DNS está ubicado en ``2001:db8::ffff``"
@@ -3925,8 +3903,8 @@ msgstr "Valores DSCP según :rfc:`2474` y :rfc:`4595`:"
msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
msgstr "Modo DSSS/CCK en 40 MHz, esto establece ``[DSSS_CCK-40]``"
-#: ../../configuration/firewall/general.rst:714
-#: ../../configuration/firewall/general-legacy.rst:480
+#: ../../configuration/firewall/ipv4.rst:444
+#: ../../configuration/firewall/ipv6.rst:451
msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
msgstr "Los datos son proporcionados por DB-IP.com bajo licencia CC-BY-4.0. Se requiere atribución, permite la redistribución para que podamos incluir una base de datos en imágenes (~3 MB comprimidos). Incluye secuencia de comandos cron (invocable manualmente por geoip de actualización de modo operativo) para mantener la base de datos y las reglas actualizadas."
@@ -3943,28 +3921,13 @@ msgid "Default"
msgstr "Por defecto"
#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
msgid "Default: 1"
msgstr "Default: 1"
+#: ../../configuration/service/https.rst:42
+msgid "Default: 443"
+msgstr "Default: 443"
+
#: ../../configuration/protocols/failover.rst:58
msgid "Default 1."
msgstr "Predeterminado 1."
@@ -3977,11 +3940,11 @@ msgstr "Puerta de enlace/ruta predeterminada"
msgid "Default Router Preference"
msgstr "Preferencia de enrutador predeterminado"
-#: ../../configuration/vpn/sstp.rst:190
+#: ../../configuration/vpn/sstp.rst:201
msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
msgstr "Comportamiento predeterminado: no le pida al cliente mppe, pero permítalo si el cliente lo desea. Tenga en cuenta que RADIUS puede anular esta opción mediante el atributo MS-MPPE-Encryption-Policy."
-#: ../../configuration/service/dhcp-server.rst:433
+#: ../../configuration/service/dhcp-server.rst:374
msgid "Default gateway and DNS server is at `192.0.2.254`"
msgstr "La puerta de enlace predeterminada y el servidor DNS están en `192.0.2.254`"
@@ -3998,25 +3961,6 @@ msgid "Default is ``icmp``."
msgstr "El valor predeterminado es ``icmp``."
#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
msgid "Default is to detects physical link state changes."
msgstr "El valor predeterminado es detectar cambios en el estado del enlace físico."
@@ -4044,36 +3988,31 @@ msgstr "Definir tiempos de espera de conexión"
msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
msgstr "Defina la dirección de administración IPv4/IPv6 transmitida a través de LLDP. Se pueden definir varias direcciones. Solo se transmitirán las direcciones conectadas al sistema."
-#: ../../configuration/firewall/general.rst:225
-#: ../../configuration/firewall/general-legacy.rst:201
+#: ../../configuration/firewall/groups.rst:52
msgid "Define a IPv4 or IPv6 Network group."
msgstr "Defina un grupo de red IPv4 o IPv6."
-#: ../../configuration/firewall/general.rst:201
-#: ../../configuration/firewall/general-legacy.rst:177
+#: ../../configuration/firewall/groups.rst:28
msgid "Define a IPv4 or a IPv6 address group"
msgstr "Definir un grupo de direcciones IPv4 o IPv6"
-#: ../../configuration/firewall/zone.rst:59
+#: ../../configuration/firewall/zone.rst:78
msgid "Define a Zone"
msgstr "Definir una zona"
-#: ../../configuration/nat/nat44.rst:246
+#: ../../configuration/nat/nat44.rst:258
msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
msgstr "Defina una dirección IP de origen discreta de 100.64.0.1 para la regla SNAT 20"
-#: ../../configuration/firewall/general.rst:306
-#: ../../configuration/firewall/general-legacy.rst:261
+#: ../../configuration/firewall/groups.rst:133
msgid "Define a domain group."
msgstr "Defina un grupo de dominio."
-#: ../../configuration/firewall/general.rst:288
-#: ../../configuration/firewall/general-legacy.rst:246
+#: ../../configuration/firewall/groups.rst:115
msgid "Define a mac group."
msgstr "Defina un grupo mac."
-#: ../../configuration/firewall/general.rst:268
-#: ../../configuration/firewall/general-legacy.rst:226
+#: ../../configuration/firewall/groups.rst:95
msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
msgstr "Defina un grupo de puertos. Un nombre de puerto puede ser cualquier nombre definido en /etc/services. por ejemplo: http"
@@ -4081,119 +4020,51 @@ msgstr "Defina un grupo de puertos. Un nombre de puerto puede ser cualquier nomb
msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
msgstr "Defina los cifrados permitidos utilizados para la conexión SSH. Se puede especificar una cantidad de cifrados permitidos, use múltiples ocurrencias para permitir múltiples cifrados."
-#: ../../configuration/firewall/general.rst:245
+#: ../../configuration/firewall/groups.rst:72
msgid "Define an interface group. Wildcard are accepted too."
msgstr "Define an interface group. Wildcard are accepted too."
#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
msgstr "Defina el comportamiento de las tramas ARP gratuitas cuya IP aún no está presente en la tabla ARP. Si está configurado, cree nuevas entradas en la tabla ARP."
#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
msgstr "Defina diferentes modos para el reenvío de difusión dirigido por IP como se describe en :rfc:`1812` y :rfc:`2644`."
#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
msgstr "Defina diferentes modos para enviar respuestas en respuesta a las solicitudes ARP recibidas que resuelven las direcciones IP de destino locales:"
#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
msgstr "Defina diferentes niveles de restricción para anunciar la dirección IP de origen local de los paquetes IP en las solicitudes ARP enviadas en la interfaz."
-#: ../../configuration/firewall/general.rst:476
-#: ../../configuration/firewall/general-legacy.rst:361
+#: ../../configuration/firewall/flowtables.rst:71
+msgid "Define interfaces to be used in the flowtable."
+msgstr "Define interfaces to be used in the flowtable."
+
+#: ../../configuration/firewall/bridge.rst:187
+#: ../../configuration/firewall/ipv4.rst:252
+#: ../../configuration/firewall/ipv6.rst:252
msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
msgstr "Defina la longitud de la carga útil del paquete para incluir en el mensaje de enlace de red. Solo se aplica si el registro de reglas está habilitado y el grupo de registros está definido."
-#: ../../configuration/firewall/general.rst:450
-#: ../../configuration/firewall/general-legacy.rst:347
+#: ../../configuration/firewall/bridge.rst:173
+#: ../../configuration/firewall/ipv4.rst:230
+#: ../../configuration/firewall/ipv6.rst:230
msgid "Define log-level. Only applicable if rule log is enable."
msgstr "Defina el nivel de registro. Solo se aplica si el registro de reglas está habilitado."
-#: ../../configuration/firewall/general.rst:463
-#: ../../configuration/firewall/general-legacy.rst:354
+#: ../../configuration/firewall/bridge.rst:180
+#: ../../configuration/firewall/ipv4.rst:241
+#: ../../configuration/firewall/ipv6.rst:241
msgid "Define log group to send message to. Only applicable if rule log is enable."
msgstr "Defina el grupo de registro al que enviar el mensaje. Solo se aplica si el registro de reglas está habilitado."
-#: ../../configuration/firewall/general.rst:490
-#: ../../configuration/firewall/general-legacy.rst:369
+#: ../../configuration/firewall/bridge.rst:195
+#: ../../configuration/firewall/ipv4.rst:264
+#: ../../configuration/firewall/ipv6.rst:264
msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
msgstr "Defina la cantidad de paquetes para poner en cola dentro del kernel antes de enviarlos al espacio de usuario. Solo se aplica si el registro de reglas está habilitado y el grupo de registros está definido."
@@ -4201,15 +4072,19 @@ msgstr "Defina la cantidad de paquetes para poner en cola dentro del kernel ante
msgid "Define the time interval to update the local cache"
msgstr "Definir el intervalo de tiempo para actualizar el caché local"
-#: ../../configuration/firewall/zone.rst:70
+#: ../../configuration/firewall/zone.rst:89
msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
msgstr "Defina la zona como una zona local. Una zona local no tiene interfaces y se aplicará al propio enrutador."
+#: ../../configuration/firewall/flowtables.rst:80
+msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+
#: ../../configuration/protocols/rpki.rst:114
msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
msgstr "Definió el IPv4, IPv6 o FQDN y el número de puerto de la instancia de almacenamiento en caché RPKI de almacenamiento en caché que se utiliza."
-#: ../../configuration/protocols/igmp.rst:202
+#: ../../configuration/protocols/igmp-proxy.rst:30
msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
msgstr "Define fuentes alternativas para multidifusión y datos IGMP. La dirección de red debe tener el siguiente formato &#39;abcd/n&#39;. De manera predeterminada, el enrutador aceptará datos de fuentes en la misma red configurada en una interfaz. Si la fuente de multidifusión se encuentra en una red remota, se debe definir desde dónde se debe aceptar el tráfico."
@@ -4233,7 +4108,7 @@ msgstr "Define la distancia del siguiente salto para esta ruta, las rutas con me
msgid "Defines protocols for checking ARP, ICMP, TCP"
msgstr "Define protocolos para verificar ARP, ICMP, TCP"
-#: ../../configuration/vpn/sstp.rst:167
+#: ../../configuration/vpn/sstp.rst:178
msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
msgstr "Define el máximo `<number> ` de solicitudes de eco no respondidas. Al llegar al valor `<number> `, la sesión se reiniciará."
@@ -4245,7 +4120,7 @@ msgstr "Define el dispositivo especificado como una consola del sistema. Los dis
msgid "Defining Peers"
msgstr "Definición de compañeros"
-#: ../../configuration/service/dhcp-server.rst:649
+#: ../../configuration/service/dhcp-server.rst:579
msgid "Delegate prefixes from the range indicated by the start and stop qualifier."
msgstr "Prefijos delegados del rango indicado por el calificador de inicio y fin."
@@ -4282,7 +4157,6 @@ msgid "Depending on the location, not all of these channels may be available for
msgstr "Según la ubicación, es posible que no todos estos canales estén disponibles para su uso."
#: ../../configuration/service/router-advert.rst:1
-#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/system/syslog.rst:107
#: ../../configuration/system/syslog.rst:167
#: ../../configuration/trafficpolicy/index.rst:262
@@ -4297,11 +4171,11 @@ msgstr "A pesar de que la política Drop-Tail no ralentiza los paquetes, si se v
msgid "Despite the fact that AD is a superset of LDAP"
msgstr "A pesar de que AD es un superconjunto de LDAP"
-#: ../../configuration/nat/nat44.rst:261
+#: ../../configuration/nat/nat44.rst:273
msgid "Destination Address"
msgstr "Dirección de destino"
-#: ../../configuration/nat/nat44.rst:492
+#: ../../configuration/nat/nat44.rst:512
msgid "Destination NAT"
msgstr "NAT de destino"
@@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r
msgstr "Los dispositivos que evalúan si una dirección IPv4 es pública deben actualizarse para reconocer el nuevo espacio de direcciones. La asignación de más espacio privado de direcciones IPv4 para dispositivos NAT podría prolongar la transición a IPv6."
#: ../../configuration/nat/nat44.rst:71
+#: ../../configuration/nat/nat64.rst:21
#: ../../configuration/nat/nat66.rst:18
msgid "Different NAT Types"
msgstr "Diferentes tipos de NAT"
@@ -4350,7 +4225,8 @@ msgstr "Deshabilitar un compañero BFD"
msgid "Disable a container."
msgstr "Deshabilitar un contenedor."
-#: ../../configuration/firewall/general.rst:1283
+#: ../../configuration/firewall/ipv4.rst:930
+#: ../../configuration/firewall/ipv6.rst:939
msgid "Disable conntrack loose track option"
msgstr "Disable conntrack loose track option"
@@ -4363,29 +4239,6 @@ msgid "Disable dhcpv6-relay service."
msgstr "Deshabilite el servicio de retransmisión dhcpv6."
#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
msgstr "Deshabilitar dado `<interface> `. Se colocará en estado administrativamente inactivo (``A/D``)."
@@ -4397,6 +4250,10 @@ msgstr "Deshabilite el restablecimiento inmediato de la sesión si el enlace con
msgid "Disable password based authentication. Login via SSH keys only. This hardens security!"
msgstr "Deshabilite la autenticación basada en contraseña. Inicie sesión solo a través de claves SSH. ¡Esto fortalece la seguridad!"
+#: ../../configuration/protocols/pim.rst:167
+msgid "Disable sending and receiving PIM control packets on the interface."
+msgstr "Disable sending and receiving PIM control packets on the interface."
+
#: ../../configuration/service/ssh.rst:64
msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
msgstr "Deshabilite la validación del host a través de búsquedas DNS inversas: puede acelerar el tiempo de inicio de sesión cuando no es posible la búsqueda inversa."
@@ -4413,7 +4270,7 @@ msgstr "Deshabilite esta entrada de ruta estática IPv4."
msgid "Disable this IPv6 static route entry."
msgstr "Deshabilite esta entrada de ruta estática IPv6."
-#: ../../configuration/protocols/igmp.rst:228
+#: ../../configuration/protocols/igmp-proxy.rst:56
msgid "Disable this service."
msgstr "Deshabilitar este servicio."
@@ -4437,7 +4294,7 @@ msgstr "Deshabilita la ruta estática IPv4 basada en la interfaz."
msgid "Disables interface-based IPv6 static route."
msgstr "Deshabilita la ruta estática IPv6 basada en la interfaz."
-#: ../../configuration/protocols/igmp.rst:215
+#: ../../configuration/protocols/igmp-proxy.rst:43
msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
msgstr "Desactiva el modo de salida rápida. En este modo, el daemon no enviará un mensaje Leave IGMP upstream tan pronto como reciba un mensaje Leave para cualquier interfaz downstream. El daemon no solicitará informes de Membresía en las interfaces descendentes, y si se recibe un informe, el grupo no se vuelve a unir al ascendente."
@@ -4534,25 +4391,6 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege
msgstr "*No* edite manualmente `/etc/hosts`. Este archivo se regenerará automáticamente al arrancar según la configuración de esta sección, lo que significa que perderá todas las ediciones manuales. En su lugar, configure las asignaciones de host estático de la siguiente manera."
#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
msgid "Do not assign a link-local IPv6 address to this interface."
msgstr "No asigne una dirección IPv6 de enlace local a esta interfaz."
@@ -4565,25 +4403,6 @@ msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP se
msgstr "No use el archivo ``/etc/hosts`` local en la resolución de nombres. El servidor DHCP de VyOS utilizará este archivo para agregar resolutores a las direcciones asignadas."
#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
msgid "Does not need to be used together with proxy_arp."
msgstr "No es necesario utilizarlo junto con proxy_arp."
@@ -4591,8 +4410,7 @@ msgstr "No es necesario utilizarlo junto con proxy_arp."
msgid "Domain"
msgstr "Dominio"
-#: ../../configuration/firewall/general.rst:300
-#: ../../configuration/firewall/general-legacy.rst:255
+#: ../../configuration/firewall/groups.rst:127
msgid "Domain Groups"
msgstr "Grupos de dominio"
@@ -4600,7 +4418,7 @@ msgstr "Grupos de dominio"
msgid "Domain Name"
msgstr "Nombre de dominio"
-#: ../../configuration/service/https.rst:59
+#: ../../configuration/service/https.rst:50
msgid "Domain name(s) for which to obtain certificate"
msgstr "Nombre(s) de dominio para los cuales obtener el certificado"
@@ -4608,6 +4426,10 @@ msgstr "Nombre(s) de dominio para los cuales obtener el certificado"
msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
msgstr "Los nombres de dominio pueden incluir letras, números, guiones y puntos con una longitud máxima de 253 caracteres."
+#: ../../configuration/pki/index.rst:259
+msgid "Domain names to apply, multiple domain-names can be specified."
+msgstr "Domain names to apply, multiple domain-names can be specified."
+
#: ../../configuration/system/name-server.rst:13
#: ../../configuration/system/name-server.rst:45
msgid "Domain search order"
@@ -4617,15 +4439,15 @@ msgstr "Orden de búsqueda de dominio"
msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
msgstr "No tenga miedo de que necesite volver a hacer su configuración. La transformación clave está a cargo, como siempre, de nuestros scripts de migración, por lo que esta será una transición sin problemas para usted."
-#: ../../configuration/protocols/bgp.rst:1171
+#: ../../configuration/protocols/bgp.rst:1172
msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "No olvide, el CIDR declarado en la declaración de red **DEBE existir en su tabla de enrutamiento (dinámica o estática), la mejor manera de asegurarse de que sea cierto es creando una ruta estática:**"
-#: ../../configuration/protocols/bgp.rst:1125
+#: ../../configuration/protocols/bgp.rst:1126
msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "No olvide que el CIDR declarado en la declaración de red DEBE **existir en su tabla de enrutamiento (dinámico o estático), la mejor manera de asegurarse de que sea cierto es creando una ruta estática:**"
-#: ../../configuration/vpn/site2site_ipsec.rst:295
+#: ../../configuration/vpn/site2site_ipsec.rst:299
msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
msgstr "No se confunda con la subred del túnel /31 utilizada. :rfc:`3021` le brinda información adicional para usar subredes /31 en enlaces punto a punto."
@@ -4657,7 +4479,7 @@ msgstr "Tasa de abandono"
msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
msgstr "Los paquetes descartados informados en el canal DROPMON Netlink por el kernel de Linux se exportan a través de la extensión estándar sFlow v5 para informar paquetes descartados"
-#: ../../configuration/service/pppoe-server.rst:380
+#: ../../configuration/service/pppoe-server.rst:367
msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgstr "Aprovisionamiento de doble pila IPv4/IPv6 con delegación de prefijo"
@@ -4665,7 +4487,7 @@ msgstr "Aprovisionamiento de doble pila IPv4/IPv6 con delegación de prefijo"
msgid "Dummy"
msgstr "Ficticio"
-#: ../../configuration/nat/nat44.rst:692
+#: ../../configuration/nat/nat44.rst:716
msgid "Dummy interface"
msgstr "Interfaz ficticia"
@@ -4677,11 +4499,15 @@ msgstr "Las interfaces ficticias se pueden usar como interfaces que siempre perm
msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
msgstr "Los paquetes duplicados no se incluyen en el cálculo de pérdida de paquetes, aunque el tiempo de ida y vuelta de estos paquetes se usa para calcular los números de tiempo de ida y vuelta mínimo/promedio/máximo."
+#: ../../configuration/pki/index.rst:285
+msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/service/ssh.rst:113
msgid "Dynamic-protection"
msgstr "Protección dinámica"
-#: ../../configuration/service/dns.rst:199
+#: ../../configuration/service/dns.rst:212
msgid "Dynamic DNS"
msgstr "DNS Dinámico"
@@ -4689,7 +4515,7 @@ msgstr "DNS Dinámico"
msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
msgstr "EAPoL viene con una opción de identificación. Usamos automáticamente la dirección MAC de la interfaz como parámetro de identidad."
-#: ../../configuration/nat/nat44.rst:731
+#: ../../configuration/nat/nat44.rst:753
msgid "ESP Phase:"
msgstr "Fase ESP:"
@@ -4757,10 +4583,14 @@ msgstr "Cada compañero de sitio a sitio tiene las siguientes opciones:"
msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
msgstr "Habilita la extensión del protocolo genérico (VXLAN-GPE). Actualmente, esto solo se admite junto con la palabra clave externa."
-#: ../../configuration/service/https.rst:63
+#: ../../configuration/service/https.rst:54
msgid "Email address to associate with certificate"
msgstr "Dirección de correo electrónico para asociar con el certificado"
+#: ../../configuration/pki/index.rst:265
+msgid "Email used for registration and recovery contact."
+msgstr "Email used for registration and recovery contact."
+
#: ../../configuration/trafficpolicy/index.rst:300
msgid "Embedding one policy into another one"
msgstr "Incrustar una política en otra"
@@ -4809,6 +4639,10 @@ msgstr "Habilite la configuración de conmutación por error de DHCP para este c
msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
msgstr "Habilitar reconocimiento de bloque retardado HT ``[DELAYED-BA]``"
+#: ../../configuration/system/frr.rst:24
+msgid "Enable ICMP Router Discovery Protocol support"
+msgstr "Enable ICMP Router Discovery Protocol support"
+
#: ../../configuration/interfaces/bridge.rst:81
msgid "Enable IGMP and MLD querier."
msgstr "Habilite el buscador IGMP y MLD."
@@ -4817,23 +4651,23 @@ msgstr "Habilite el buscador IGMP y MLD."
msgid "Enable IGMP and MLD snooping."
msgstr "Habilite la indagación IGMP y MLD."
-#: ../../configuration/service/dhcp-server.rst:304
+#: ../../configuration/service/dhcp-server.rst:271
msgid "Enable IP forwarding on client"
msgstr "Habilitar el reenvío de IP en el cliente"
-#: ../../configuration/protocols/isis.rst:311
+#: ../../configuration/protocols/isis.rst:339
msgid "Enable IS-IS"
msgstr "Habilitar IS-IS"
-#: ../../configuration/protocols/isis.rst:427
+#: ../../configuration/protocols/isis.rst:455
msgid "Enable IS-IS and IGP-LDP synchronization"
msgstr "Habilitar sincronización IS-IS e IGP-LDP"
-#: ../../configuration/protocols/isis.rst:386
+#: ../../configuration/protocols/isis.rst:414
msgid "Enable IS-IS and redistribute routes not natively in IS-IS"
msgstr "Habilite IS-IS y redistribuya rutas que no sean nativas en IS-IS"
-#: ../../configuration/protocols/isis.rst:465
+#: ../../configuration/protocols/isis.rst:493
#: ../../configuration/protocols/segment-routing.rst:193
msgid "Enable IS-IS with Segment Routing (Experimental)"
msgstr "Habilite IS-IS con enrutamiento de segmentos (experimental)"
@@ -4883,6 +4717,10 @@ msgstr "Habilite la función de descarga del canal de datos OpenVPN cargando el
msgid "Enable SNMP queries of the LLDP database"
msgstr "Habilitar consultas SNMP de la base de datos LLDP"
+#: ../../configuration/system/frr.rst:28
+msgid "Enable SNMP support for an individual routing daemon."
+msgstr "Enable SNMP support for an individual routing daemon."
+
#: ../../configuration/interfaces/bridge.rst:197
#: ../../configuration/interfaces/bridge.rst:232
msgid "Enable STP"
@@ -4900,6 +4738,14 @@ msgstr "Habilitar el modo de ahorro de energía VHT TXOP"
msgid "Enable VLAN-Aware Bridge"
msgstr "Habilitar puente compatible con VLAN"
+#: ../../configuration/system/frr.rst:13
+msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+
+#: ../../configuration/service/https.rst:46
+msgid "Enable automatic redirect from http to https."
+msgstr "Enable automatic redirect from http to https."
+
#: ../../configuration/vpn/dmvpn.rst:132
msgid "Enable creation of shortcut routes."
msgstr "Habilite la creación de rutas de acceso directo."
@@ -4916,18 +4762,22 @@ msgstr "Habilite el protocolo heredado dado en esta instancia LLDP. Los protocol
msgid "Enable layer 7 HTTP health check"
msgstr "Habilitar la comprobación de estado HTTP de la capa 7"
-#: ../../configuration/firewall/general.rst:177
-#: ../../configuration/firewall/general-legacy.rst:126
+#: ../../configuration/firewall/bridge.rst:157
+#: ../../configuration/firewall/ipv4.rst:206
+#: ../../configuration/firewall/ipv6.rst:206
+msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+
+#: ../../configuration/firewall/global-options.rst:114
msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
msgstr "Habilite o deshabilite VyOS para que se ajuste a :rfc:`1337`. Se modificará el siguiente parámetro del sistema:"
-#: ../../configuration/firewall/general.rst:169
-#: ../../configuration/firewall/general-legacy.rst:119
+#: ../../configuration/firewall/global-options.rst:106
msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
msgstr "Habilite o deshabilite si VyOS usa cookies IPv4 TCP SYN. Se modificará el siguiente parámetro del sistema:"
-#: ../../configuration/firewall/general.rst:426
-#: ../../configuration/firewall/general-legacy.rst:340
+#: ../../configuration/firewall/ipv4.rst:173
+#: ../../configuration/firewall/ipv6.rst:173
msgid "Enable or disable logging for the matched packet."
msgstr "Habilite o deshabilite el registro para el paquete coincidente."
@@ -4935,28 +4785,9 @@ msgstr "Habilite o deshabilite el registro para el paquete coincidente."
msgid "Enable ospf on an interface and set associated area."
msgstr "Habilite ospf en una interfaz y configure el área asociada."
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/pppoe.rst:228
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/sstp-client.rst:100
#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
msgstr "Habilite la política para la validación de fuente por ruta invertida, como se especifica en :rfc:`3704`. La práctica recomendada actual en :rfc:`3704` es habilitar el modo estricto para evitar la suplantación de IP de los ataques DDos. Si utiliza un enrutamiento asimétrico u otro enrutamiento complicado, se recomienda el modo suelto."
@@ -5002,18 +4833,22 @@ msgstr "Las conexiones PPPoE bajo demanda habilitadas abren el enlace solo cuand
msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
msgstr "Habilita la autenticación estilo Cisco en paquetes NHRP. Esto incrusta la contraseña secreta de texto sin formato en los paquetes NHRP salientes. Los paquetes NHRP entrantes en esta interfaz se descartan a menos que esté presente la contraseña secreta. La longitud máxima del secreto es de 8 caracteres."
-#: ../../configuration/vrf/index.rst:459
+#: ../../configuration/vrf/index.rst:461
msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
msgstr "Permite adjuntar una etiqueta MPLS a una ruta exportada desde el VRF de unidifusión actual a VPN. Si el valor especificado es automático, el valor de la etiqueta se asigna automáticamente desde un grupo mantenido."
-#: ../../configuration/vpn/sstp.rst:266
+#: ../../configuration/vpn/sstp.rst:277
msgid "Enables bandwidth shaping via RADIUS."
msgstr "Habilita la configuración del ancho de banda a través de RADIUS."
-#: ../../configuration/vrf/index.rst:481
+#: ../../configuration/vrf/index.rst:483
msgid "Enables import or export of routes between the current unicast VRF and VPN."
msgstr "Habilita la importación o exportación de rutas entre el VRF de unidifusión actual y la VPN."
+#: ../../configuration/interfaces/vxlan.rst:72
+msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+
#: ../../configuration/protocols/bfd.rst:30
msgid "Enables the echo transmission mode"
msgstr "Habilita el modo de transmisión de eco"
@@ -5022,7 +4857,7 @@ msgstr "Habilita el modo de transmisión de eco"
msgid "Enabling Advertisments"
msgstr "Habilitación de anuncios"
-#: ../../configuration/interfaces/openvpn.rst:627
+#: ../../configuration/interfaces/openvpn.rst:679
msgid "Enabling OpenVPN DCO"
msgstr "Habilitación de OpenVPN DCO"
@@ -5030,11 +4865,11 @@ msgstr "Habilitación de OpenVPN DCO"
msgid "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
msgstr "Habilitar SSH solo requiere que especifique el puerto ``<port> `` desea que SSH escuche. De forma predeterminada, SSH se ejecuta en el puerto 22."
-#: ../../configuration/protocols/igmp.rst:224
+#: ../../configuration/protocols/igmp-proxy.rst:52
msgid "Enabling this function increases the risk of bandwidth saturation."
msgstr "Habilitar esta función aumenta el riesgo de saturación del ancho de banda."
-#: ../../configuration/service/https.rst:37
+#: ../../configuration/service/https.rst:73
msgid "Enforce strict path checking"
msgstr "Hacer cumplir la verificación de ruta estricta"
@@ -5051,25 +4886,6 @@ msgid "Enterprise installations usually ship a kind of directory service which i
msgstr "Las instalaciones empresariales generalmente incluyen un tipo de servicio de directorio que se utiliza para tener un único almacén de contraseñas para todos los empleados. VyOS y OpenVPN admiten el uso de LDAP/AD como backend de usuario único."
#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
msgstr "Ericsson lo llama Reenvío forzado de MAC (borrador RFC)"
@@ -5090,15 +4906,6 @@ msgid "Ethernet"
msgstr "ethernet"
#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
msgstr "El control de flujo de Ethernet es un mecanismo para detener temporalmente la transmisión de datos en las redes informáticas de la familia Ethernet. El objetivo de este mecanismo es garantizar una pérdida de paquetes cero en presencia de congestión en la red."
@@ -5130,7 +4937,7 @@ msgstr "Secuencia de comandos del controlador de eventos"
msgid "Event handler that monitors the state of interface eth0."
msgstr "Controlador de eventos que monitorea el estado de la interfaz eth0."
-#: ../../configuration/nat/nat44.rst:221
+#: ../../configuration/nat/nat44.rst:233
msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
msgstr "Cada regla NAT tiene un comando de traducción definido. La dirección definida para la traducción es la dirección utilizada cuando se reemplaza la información de dirección en un paquete."
@@ -5162,441 +4969,90 @@ msgstr "Cada conexión WWAN requiere un :abbr:`APN (Nombre de punto de acceso)`
msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
+#: ../../configuration/firewall/bridge.rst:321
#: ../../configuration/highavailability/index.rst:397
#: ../../configuration/interfaces/bonding.rst:291
#: ../../configuration/interfaces/l2tpv3.rst:86
#: ../../configuration/interfaces/pppoe.rst:323
#: ../../configuration/interfaces/virtual-ethernet.rst:92
-#: ../../configuration/interfaces/vxlan.rst:166
+#: ../../configuration/interfaces/vxlan.rst:187
#: ../../configuration/interfaces/wwan.rst:294
#: ../../configuration/protocols/failover.rst:63
-#: ../../configuration/protocols/igmp.rst:35
-#: ../../configuration/protocols/igmp.rst:233
+#: ../../configuration/protocols/igmp-proxy.rst:61
+#: ../../configuration/protocols/pim.rst:217
#: ../../configuration/protocols/rpki.rst:156
#: ../../configuration/service/broadcast-relay.rst:55
#: ../../configuration/service/conntrack-sync.rst:186
#: ../../configuration/service/dhcp-relay.rst:85
-#: ../../configuration/service/dhcp-relay.rst:172
-#: ../../configuration/service/dhcp-server.rst:421
-#: ../../configuration/service/dns.rst:147
-#: ../../configuration/service/dns.rst:263
+#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:276
#: ../../configuration/service/eventhandler.rst:83
#: ../../configuration/service/ipoe-server.rst:150
-#: ../../configuration/service/mdns.rst:34
+#: ../../configuration/service/mdns.rst:50
#: ../../configuration/service/monitoring.rst:134
#: ../../configuration/service/snmp.rst:94
#: ../../configuration/service/snmp.rst:145
#: ../../configuration/service/tftp-server.rst:47
#: ../../configuration/system/acceleration.rst:58
-#: ../../configuration/system/login.rst:395
+#: ../../configuration/system/login.rst:397
#: ../../configuration/system/name-server.rst:28
#: ../../configuration/system/name-server.rst:63
#: ../../configuration/system/sflow.rst:49
+#: ../../configuration/system/updates.rst:21
#: ../../configuration/trafficpolicy/index.rst:530
#: ../../configuration/trafficpolicy/index.rst:1122
#: ../../configuration/vpn/dmvpn.rst:161
#: ../../configuration/vpn/openconnect.rst:97
-#: ../../configuration/vpn/sstp.rst:275
+#: ../../configuration/vpn/sstp.rst:286
#: ../../configuration/vrf/index.rst:99
#: ../../configuration/vrf/index.rst:232
msgid "Example"
msgstr "Ejemplo"
-#: ../../configuration/service/pppoe-server.rst:144
+#: ../../configuration/service/pppoe-server.rst:131
msgid "Example, from radius-server send command for disconnect client with username test"
msgstr "Ejemplo, desde el comando de envío del servidor de radio para desconectar el cliente con la prueba de nombre de usuario"
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-eapol.txt:18
-#: ../../_include/interface-eapol.txt:33
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/pppoe.rst:127
#: ../../configuration/interfaces/pppoe.rst:140
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/sstp-client.rst:49
#: ../../configuration/interfaces/sstp-client.rst:62
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
+#: ../../configuration/nat/nat44.rst:170
+#: ../../configuration/nat/nat44.rst:185
+#: ../../configuration/nat/nat44.rst:199
+#: ../../configuration/nat/nat44.rst:220
+#: ../../configuration/nat/nat44.rst:256
+#: ../../configuration/nat/nat44.rst:278
+#: ../../configuration/nat/nat44.rst:425
+#: ../../configuration/nat/nat66.rst:78
+#: ../../configuration/nat/nat66.rst:96
+#: ../../configuration/protocols/static.rst:174
+#: ../../configuration/service/dns.rst:363
+#: ../../configuration/service/monitoring.rst:69
+#: ../../configuration/service/monitoring.rst:98
+#: ../../configuration/service/ssh.rst:165
+#: ../../configuration/service/ssh.rst:200
+#: ../../configuration/system/flow-accounting.rst:164
+#: ../../configuration/vpn/l2tp.rst:41
+#: ../../configuration/vpn/site2site_ipsec.rst:162
+#: ../../configuration/vpn/site2site_ipsec.rst:273
#: ../../_include/interface-address-with-dhcp.txt:22
+#: ../../_include/interface-address.txt:9
#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
#: ../../_include/interface-dhcp-options.txt:10
#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
+#: ../../_include/interface-dhcp-options.txt:39
+#: ../../_include/interface-dhcp-options.txt:51
+#: ../../_include/interface-dhcp-options.txt:62
+#: ../../_include/interface-dhcp-options.txt:77
+#: ../../_include/interface-dhcp-options.txt:91
#: ../../_include/interface-disable-flow-control.txt:19
#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
+#: ../../_include/interface-eapol.txt:18
+#: ../../_include/interface-eapol.txt:33
#: ../../_include/interface-ip.txt:27
#: ../../_include/interface-ip.txt:50
#: ../../_include/interface-ip.txt:144
@@ -5606,120 +5062,22 @@ msgstr "Ejemplo, desde el comando de envío del servidor de radio para desconect
#: ../../_include/interface-ipv6.txt:51
#: ../../_include/interface-ipv6.txt:83
#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
#: ../../_include/interface-mac.txt:7
#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
+#: ../../_include/interface-per-client-thread.txt:10
#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../configuration/nat/nat44.rst:153
-#: ../../configuration/nat/nat44.rst:163
-#: ../../configuration/nat/nat44.rst:173
-#: ../../configuration/nat/nat44.rst:187
-#: ../../configuration/nat/nat44.rst:208
-#: ../../configuration/nat/nat44.rst:244
-#: ../../configuration/nat/nat44.rst:266
-#: ../../configuration/nat/nat44.rst:411
-#: ../../configuration/nat/nat66.rst:78
-#: ../../configuration/nat/nat66.rst:96
-#: ../../configuration/protocols/static.rst:174
-#: ../../configuration/service/dns.rst:350
-#: ../../configuration/service/monitoring.rst:69
-#: ../../configuration/service/monitoring.rst:98
-#: ../../configuration/service/ssh.rst:165
-#: ../../configuration/service/ssh.rst:200
-#: ../../configuration/system/flow-accounting.rst:164
-#: ../../configuration/vpn/l2tp.rst:41
-#: ../../configuration/vpn/site2site_ipsec.rst:158
-#: ../../configuration/vpn/site2site_ipsec.rst:269
msgid "Example:"
msgstr "Ejemplo:"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
msgstr "Ejemplo: delegue un prefijo /64 a la interfaz eth8 que usará una dirección local en este enrutador de ``<prefix> ::ffff``, ya que la dirección 65534 corresponderá a ``ffff`` en notación hexadecimal."
-#: ../../configuration/nat/nat44.rst:357
+#: ../../configuration/nat/nat44.rst:371
msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
msgstr "Ejemplo: para una red de ~8000 hosts, se recomienda un grupo NAT de origen de 32 direcciones IP."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
msgstr "Ejemplo: si el ID es 1 y al cliente se le delega un prefijo IPv6 2001:db8:ffff::/48, dhcp6c combinará los dos valores en un solo prefijo IPv6, 2001:db8:ffff:1::/64, y configurar el prefijo en la interfaz especificada."
@@ -5769,24 +5127,24 @@ msgstr "Ejemplo: para agregar se establece en ``vyos.net`` y la URL recibida es
msgid "Example Configuration"
msgstr "Configuración de ejemplo"
-#: ../../configuration/service/dns.rst:365
+#: ../../configuration/service/dns.rst:378
msgid "Example IPv6 only:"
msgstr "Ejemplo de solo IPv6:"
-#: ../../configuration/nat/nat44.rst:666
+#: ../../configuration/nat/nat44.rst:690
msgid "Example Network"
msgstr "Red de ejemplo"
-#: ../../configuration/firewall/general.rst:1495
-#: ../../configuration/firewall/general-legacy.rst:979
+#: ../../configuration/firewall/ipv4.rst:1130
+#: ../../configuration/firewall/ipv6.rst:1153
msgid "Example Partial Config"
msgstr "Ejemplo de configuración parcial"
-#: ../../configuration/protocols/ospf.rst:1346
+#: ../../configuration/protocols/ospf.rst:1348
msgid "Example configuration for WireGuard interfaces:"
msgstr "Configuración de ejemplo para interfaces WireGuard:"
-#: ../../configuration/service/pppoe-server.rst:160
+#: ../../configuration/service/pppoe-server.rst:147
msgid "Example for changing rate-limit via RADIUS CoA."
msgstr "Ejemplo para cambiar el límite de velocidad a través de RADIUS CoA."
@@ -5794,28 +5152,31 @@ msgstr "Ejemplo para cambiar el límite de velocidad a través de RADIUS CoA."
msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
msgstr "Ejemplo para configurar una VPN L2TP simple sobre IPsec para acceso remoto (funciona con clientes VPN nativos de Windows y Mac):"
-#: ../../configuration/nat/nat44.rst:280
+#: ../../configuration/nat/nat44.rst:292
msgid "Example of redirection:"
msgstr "Ejemplo de redirección:"
-#: ../../configuration/firewall/general.rst:1278
+#: ../../configuration/firewall/ipv4.rst:925
+#: ../../configuration/firewall/ipv6.rst:934
msgid "Example synproxy"
msgstr "Example synproxy"
+#: ../../configuration/firewall/groups.rst:145
#: ../../configuration/interfaces/bridge.rst:187
#: ../../configuration/interfaces/macsec.rst:153
#: ../../configuration/interfaces/wireless.rst:541
#: ../../configuration/loadbalancing/reverse-proxy.rst:187
#: ../../configuration/policy/index.rst:46
-#: ../../configuration/protocols/bgp.rst:1095
-#: ../../configuration/protocols/isis.rst:308
+#: ../../configuration/protocols/bgp.rst:1096
+#: ../../configuration/protocols/isis.rst:336
#: ../../configuration/protocols/ospf.rst:834
-#: ../../configuration/service/pppoe-server.rst:356
+#: ../../configuration/service/pppoe-server.rst:343
#: ../../configuration/service/webproxy.rst:419
msgid "Examples"
msgstr "Ejemplos"
-#: ../../configuration/vpn/site2site_ipsec.rst:153
+#: ../../configuration/nat/nat44.rst:154
+#: ../../configuration/vpn/site2site_ipsec.rst:157
msgid "Examples:"
msgstr "Ejemplos:"
@@ -5847,11 +5208,15 @@ msgstr "Salir de la política al coincidir: ir a la regla &lt;1-65535&gt;"
msgid "Expedited forwarding (EF)"
msgstr "Reenvío acelerado (EF)"
+#: ../../configuration/firewall/flowtables.rst:140
+msgid "Explanation"
+msgstr "Explanation"
+
#: ../../configuration/service/salt-minion.rst:33
msgid "Explicitly declare ID for this minion to use (default: hostname)"
msgstr "Declare explícitamente la ID para que la use este minion (predeterminado: nombre de host)"
-#: ../../configuration/service/dhcp-relay.rst:176
+#: ../../configuration/service/dhcp-relay.rst:178
msgid "External DHCPv6 server is at 2001:db8::4"
msgstr "El servidor DHCPv6 externo está en 2001:db8::4"
@@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel está ajustado para funcionar correctamente con sus parámetros
msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
msgstr "FQ-Codel es una política sin configuración (que conserva el trabajo), por lo que solo será útil si su interfaz de salida está realmente llena. De lo contrario, VyOS no será el propietario de la cola y FQ-Codel no tendrá ningún efecto. Si hay ancho de banda disponible en el enlace físico, puede incrustar_ FQ-Codel en una política de modelado con clase para asegurarse de que sea el propietario de la cola. Si no está seguro de si necesita integrar su política FQ-CoDel en un Shaper, hágalo."
+#: ../../configuration/system/frr.rst:5
+msgid "FRR"
+msgstr "FRR"
+
#: ../../configuration/protocols/ospf.rst:213
msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
msgstr "FRR ofrece sólo soporte parcial para algunas de las extensiones de protocolo de enrutamiento que se utilizan con MPLS-TE; no admite una solución RSVP-TE completa."
-#: ../../configuration/interfaces/vxlan.rst:138
+#: ../../configuration/interfaces/vxlan.rst:159
msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
@@ -5905,8 +5274,8 @@ msgstr "Código de instalación"
#: ../../configuration/loadbalancing/wan.rst:218
#: ../../configuration/protocols/failover.rst:3
-#: ../../configuration/service/dhcp-server.rst:171
-#: ../../configuration/service/dhcp-server.rst:428
+#: ../../configuration/service/dhcp-server.rst:136
+#: ../../configuration/service/dhcp-server.rst:369
msgid "Failover"
msgstr "conmutación por error"
@@ -5942,15 +5311,15 @@ msgstr "Características de la implementación actual"
msgid "Field"
msgstr "Campo"
-#: ../../configuration/service/dns.rst:228
+#: ../../configuration/service/dns.rst:241
msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
msgstr "Archivo identificado por `<keyfile> ` que contiene la clave RNDC secreta compartida con el servidor DNS remoto."
-#: ../../configuration/service/pppoe-server.rst:241
+#: ../../configuration/service/pppoe-server.rst:228
msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
msgstr "Filter-Id=2000/3000 (significa tasa de flujo descendente de 2000 Kbit y tasa de flujo ascendente de 3000 Kbit)"
-#: ../../configuration/service/pppoe-server.rst:167
+#: ../../configuration/service/pppoe-server.rst:154
msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
msgstr "Filter-Id=5000/4000 (significa una tasa de flujo descendente de 5000 Kbit y una tasa de flujo ascendente de 4000 Kbit) Si se redefine el atributo Filter-Id, reemplácelo en la solicitud RADIUS CoA."
@@ -5982,6 +5351,14 @@ msgstr "cortafuegos"
msgid "Firewall-Legacy"
msgstr "Firewall-Legacy"
+#: ../../configuration/firewall/ipv4.rst:72
+msgid "Firewall - IPv4 Rules"
+msgstr "Firewall - IPv4 Rules"
+
+#: ../../configuration/firewall/ipv6.rst:72
+msgid "Firewall - IPv6 Rules"
+msgstr "Firewall - IPv6 Rules"
+
#: ../../configuration/firewall/general.rst:7
msgid "Firewall Configuration"
msgstr "Firewall Configuration"
@@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration"
msgid "Firewall Configuration (Deprecated)"
msgstr "Firewall Configuration (Deprecated)"
-#: ../../configuration/firewall/general.rst:495
+#: ../../configuration/firewall/bridge.rst:199
+#: ../../configuration/firewall/ipv4.rst:268
+#: ../../configuration/firewall/ipv6.rst:268
msgid "Firewall Description"
msgstr "Firewall Description"
@@ -5999,7 +5378,9 @@ msgstr "Firewall Description"
msgid "Firewall Exceptions"
msgstr "Excepciones de cortafuegos"
-#: ../../configuration/firewall/general.rst:410
+#: ../../configuration/firewall/bridge.rst:149
+#: ../../configuration/firewall/ipv4.rst:196
+#: ../../configuration/firewall/ipv6.rst:196
msgid "Firewall Logs"
msgstr "Firewall Logs"
@@ -6007,6 +5388,14 @@ msgstr "Firewall Logs"
msgid "Firewall Rules"
msgstr "Firewall Rules"
+#: ../../configuration/firewall/groups.rst:7
+msgid "Firewall groups"
+msgstr "Firewall groups"
+
+#: ../../configuration/firewall/groups.rst:13
+msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+
#: ../../configuration/firewall/general.rst:186
msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
@@ -6023,10 +5412,14 @@ msgstr "Marca de cortafuegos. Es posible equilibrar la carga del tráfico en fun
msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
msgstr "La política de firewall también se puede aplicar a la interfaz del túnel para las direcciones y funciones &quot;locales&quot;, &quot;de entrada&quot; y &quot;de salida&quot; de manera idéntica a las interfaces de Ethernet."
-#: ../../configuration/nat/nat44.rst:620
+#: ../../configuration/nat/nat44.rst:644
msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
msgstr "Las reglas del cortafuegos se escriben normalmente, utilizando la dirección IP interna como origen de las reglas de salida y destino de las reglas de entrada."
+#: ../../configuration/nat/nat44.rst:572
+msgid "Firewall rules for Destination NAT"
+msgstr "Firewall rules for Destination NAT"
+
#: ../../configuration/interfaces/wwan.rst:321
msgid "Firmware Update"
msgstr "actualización de firmware"
@@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi
msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
msgstr "En primer lugar, debe configurar el enrutador BGP con el :abbr:`ASN (Número de sistema autónomo)`. El número AS es un identificador del sistema autónomo. El protocolo BGP utiliza el número AS para detectar si la conexión BGP es interna o externa. VyOS no tiene un comando especial para iniciar el proceso BGP. El proceso BGP comienza cuando se configura el primer vecino."
-#: ../../configuration/nat/nat44.rst:635
+#: ../../configuration/nat/nat44.rst:659
msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
@@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu
msgid "First steps"
msgstr "Primeros pasos"
-#: ../../configuration/vpn/openconnect.rst:171
+#: ../../configuration/vpn/openconnect.rst:178
msgid "First the OTP keys must be generated and sent to the user and to the configuration:"
msgstr "Primero se deben generar las claves OTP y enviarlas al usuario y a la configuración:"
@@ -6103,10 +5496,30 @@ msgstr "Equilibrio basado en flujo y paquetes"
msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
msgstr "Los flujos se pueden exportar a través de dos protocolos diferentes: NetFlow (versiones 5, 9 y 10/IPFIX) y sFlow. Además, puede guardar flujos en una tabla en memoria internamente en un enrutador."
+#: ../../configuration/firewall/flowtables.rst:57
+msgid "Flowtable Configuration"
+msgstr "Flowtable Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:7
+msgid "Flowtables Firewall Configuration"
+msgstr "Flowtables Firewall Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:32
+msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+
#: ../../configuration/loadbalancing/wan.rst:244
msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
msgstr "El vaciado de la tabla de sesiones hará que otras conexiones retrocedan del equilibrio basado en flujo al equilibrio basado en paquetes hasta que se restablezca cada flujo."
+#: ../../configuration/service/ssh.rst:236
+msgid "Follow the SSH dynamic-protection log."
+msgstr "Follow the SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:228
+msgid "Follow the SSH server log."
+msgstr "Follow the SSH server log."
+
#: ../../configuration/vpn/openconnect.rst:102
msgid "Follow the instructions to generate CA cert (in configuration mode):"
msgstr "Siga las instrucciones para generar el certificado de CA (en modo de configuración):"
@@ -6115,6 +5528,10 @@ msgstr "Siga las instrucciones para generar el certificado de CA (en modo de con
msgid "Follow the instructions to generate server cert (in configuration mode):"
msgstr "Siga las instrucciones para generar el certificado del servidor (en modo de configuración):"
+#: ../../configuration/service/mdns.rst:91
+msgid "Follow the logs for mDNS repeater service."
+msgstr "Follow the logs for mDNS repeater service."
+
#: ../../configuration/interfaces/openvpn.rst:258
msgid "For Encryption:"
msgstr "Para el cifrado:"
@@ -6131,11 +5548,11 @@ msgstr "Para que IS-IS top funcione correctamente, se debe hacer el equivalente
msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
msgstr "Para los mapas de rutas entrantes e importados, si recibimos una dirección v6 global y v6 LL para la ruta, entonces preferimos usar la dirección global como el siguiente salto."
-#: ../../configuration/service/pppoe-server.rst:201
+#: ../../configuration/service/pppoe-server.rst:188
msgid "For Local Users"
msgstr "Para usuarios locales"
-#: ../../configuration/service/pppoe-server.rst:236
+#: ../../configuration/service/pppoe-server.rst:223
msgid "For RADIUS users"
msgstr "Para usuarios de RADIUS"
@@ -6147,11 +5564,11 @@ msgstr "Para obtener información sobre el puerto USB, consulte: :ref:`hardware_
msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
msgstr "Para :ref:`bidireccional-nat` se necesita crear una regla tanto para :ref:`source-nat` como para :ref:`destination-nat`."
-#: ../../configuration/nat/nat44.rst:263
+#: ../../configuration/nat/nat44.rst:275
msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
msgstr "Para las reglas :ref:`destination-nat`, la dirección de destino de los paquetes será reemplazada por la dirección especificada en el comando `translation address`."
-#: ../../configuration/nat/nat44.rst:228
+#: ../../configuration/nat/nat44.rst:240
msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
msgstr "Para las reglas :ref:`source-nat`, la dirección de origen de los paquetes se reemplazará con la dirección especificada en el comando de traducción. También se puede especificar una traducción de puerto y es parte de la dirección de traducción."
@@ -6163,7 +5580,7 @@ msgstr "Para comenzar, puede utilizar el siguiente ejemplo sobre cómo crear un
msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
msgstr "Para empezar, puede usar el siguiente ejemplo sobre cómo crear un vínculo con dos interfaces de VyOS a un sistema Juniper EX Switch."
-#: ../../configuration/nat/nat44.rst:248
+#: ../../configuration/nat/nat44.rst:260
msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
msgstr "Para una gran cantidad de máquinas privadas detrás de NAT, su conjunto de direcciones podría ser mayor. Use cualquier dirección en el rango 100.64.0.10 - 100.64.0.20 en la regla 40 de SNAT al hacer la traducción"
@@ -6187,7 +5604,9 @@ msgstr "Por ejemplo:"
msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
-#: ../../configuration/firewall/general.rst:320
+#: ../../configuration/firewall/bridge.rst:58
+#: ../../configuration/firewall/ipv4.rst:74
+#: ../../configuration/firewall/ipv6.rst:74
msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
@@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc
msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
msgstr "Para obtener más información sobre cómo funciona el cambio de etiquetas MPLS, visite `Wikipedia (MPLS)`_."
-#: ../../configuration/service/pppoe-server.rst:312
+#: ../../configuration/service/pppoe-server.rst:299
msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
msgstr "Para el mantenimiento de la red, es una buena idea dirigir a los usuarios a un servidor de respaldo para que el servidor principal pueda quedar fuera de servicio de manera segura. Es posible cambiar su servidor PPPoE al modo de mantenimiento donde mantiene las conexiones ya establecidas, pero rechaza nuevos intentos de conexión."
-#: ../../configuration/interfaces/vxlan.rst:131
+#: ../../configuration/interfaces/vxlan.rst:152
msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
msgstr "Para una escalabilidad óptima, no se debe usar Multicast en absoluto, sino usar BGP para señalar todos los dispositivos conectados entre hojas. Desafortunadamente, VyOS aún no es compatible con esto."
@@ -6235,7 +5654,12 @@ msgstr "Para una escalabilidad óptima, no se debe usar Multicast en absoluto, s
msgid "For outbound updates the order of preference is:"
msgstr "Para las actualizaciones salientes, el orden de preferencia es:"
-#: ../../configuration/firewall/general.rst:497
+#: ../../configuration/firewall/bridge.rst:201
+msgid "For reference, a description can be defined for every defined custom chain."
+msgstr "For reference, a description can be defined for every defined custom chain."
+
+#: ../../configuration/firewall/ipv4.rst:270
+#: ../../configuration/firewall/ipv6.rst:270
msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."
msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain."
@@ -6279,10 +5703,28 @@ msgstr "En aras de la demostración, `ejemplo #1 en la documentación oficial<ht
msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+
+#: ../../configuration/firewall/ipv4.rst:46
+#: ../../configuration/firewall/ipv6.rst:46
+msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+
#: ../../configuration/firewall/general.rst:69
msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
+#: ../../configuration/firewall/ipv4.rst:36
+#: ../../configuration/firewall/ipv6.rst:36
+msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+
#: ../../configuration/firewall/general.rst:62
msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
@@ -6315,6 +5757,14 @@ msgstr "De :rfc:`1930`:"
msgid "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
msgstr "Desde una perspectiva de seguridad, no se recomienda permitir que un tercero cree y comparta la clave privada para una conexión segura. Debe crear la parte privada por su cuenta y solo entregar la clave pública. Tenga esto en cuenta cuando utilice esta característica de conveniencia."
+#: ../../configuration/firewall/bridge.rst:21
+#: ../../configuration/firewall/flowtables.rst:20
+#: ../../configuration/firewall/ipv4.rst:19
+#: ../../configuration/firewall/ipv6.rst:19
+#: ../../configuration/firewall/zone.rst:31
+msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+
#: ../../configuration/highavailability/index.rst:380
msgid "Fwmark"
msgstr "Fwmark"
@@ -6369,6 +5819,10 @@ msgstr "General"
msgid "General Configuration"
msgstr "Configuración general"
+#: ../../configuration/firewall/bridge.rst:291
+msgid "General commands for firewall configuration, counter and statiscits:"
+msgstr "General commands for firewall configuration, counter and statiscits:"
+
#: ../../configuration/interfaces/wireguard.rst:29
msgid "Generate Keypair"
msgstr "Generar par de claves"
@@ -6424,6 +5878,10 @@ msgstr "Obtenga una descripción general de los contadores de cifrado."
msgid "Get detailed information about LLDP neighbors."
msgstr "Obtenga información detallada sobre los vecinos LLDP."
+#: ../../configuration/nat/nat66.rst:160
+msgid "Get the DHCPv6-PD prefixes from both routers:"
+msgstr "Get the DHCPv6-PD prefixes from both routers:"
+
#: ../../configuration/protocols/rpki.rst:39
msgid "Getting started"
msgstr "Empezando"
@@ -6444,6 +5902,10 @@ msgstr "global"
msgid "Global Options"
msgstr "Global Options"
+#: ../../configuration/firewall/global-options.rst:7
+msgid "Global Options Firewall Configuration"
+msgstr "Global Options Firewall Configuration"
+
#: ../../configuration/highavailability/index.rst:224
msgid "Global options"
msgstr "Opciones globales"
@@ -6465,7 +5927,6 @@ msgstr "Reinicio elegante"
msgid "Gratuitous ARP"
msgstr "ARP gratuito"
-#: ../../configuration/firewall/general.rst:184
#: ../../configuration/firewall/general-legacy.rst:153
msgid "Groups"
msgstr "Grupos"
@@ -6482,7 +5943,11 @@ msgstr "El enrutador de HQ requiere los siguientes pasos para generar materiales
msgid "HTTP-API"
msgstr "HTTP-API"
-#: ../../configuration/service/dns.rst:304
+#: ../../configuration/service/https.rst:5
+msgid "HTTP API"
+msgstr "HTTP API"
+
+#: ../../configuration/service/dns.rst:317
msgid "HTTP based services"
msgstr "Servicios basados en HTTP"
@@ -6499,11 +5964,11 @@ msgstr "cliente HTTP"
msgid "HT (High Throughput) capabilities (802.11n)"
msgstr "Capacidades HT (alto rendimiento) (802.11n)"
-#: ../../configuration/nat/nat44.rst:398
+#: ../../configuration/nat/nat44.rst:412
msgid "Hairpin NAT/NAT Reflection"
msgstr "Horquilla NAT/NAT Reflexión"
-#: ../../configuration/service/dhcp-server.rst:643
+#: ../../configuration/service/dhcp-server.rst:573
msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
msgstr "Reparta prefijos de tamaño `<length> ` a los clientes en la subred `<prefix> ` cuando solicitan delegación de prefijo."
@@ -6511,7 +5976,7 @@ msgstr "Reparta prefijos de tamaño `<length> ` a los clientes en la subred `<pr
msgid "Handling and monitoring"
msgstr "Manipulación y seguimiento"
-#: ../../configuration/nat/nat44.rst:389
+#: ../../configuration/nat/nat44.rst:403
msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
msgstr "Tener control sobre la coincidencia del tráfico de estado NO VÁLIDO, por ejemplo, la capacidad de registrar de forma selectiva, es una herramienta importante de solución de problemas para observar el comportamiento del protocolo roto. Por esta razón, VyOS no elimina globalmente el tráfico de estado no válido, sino que permite que el operador determine cómo se maneja el tráfico."
@@ -6527,15 +5992,15 @@ msgstr "Guiones de verificación de estado"
msgid "Health checks"
msgstr "controles de salud"
-#: ../../configuration/nat/nat44.rst:602
+#: ../../configuration/nat/nat44.rst:626
msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
msgstr "Aquí hay un extracto de una configuración NAT 1 a 1 simple con una interfaz interna y una externa:"
-#: ../../configuration/nat/nat44.rst:668
+#: ../../configuration/nat/nat44.rst:692
msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
msgstr "Este es un ejemplo de un entorno de red para un ASP. El ASP solicita que todas las conexiones de esta empresa provengan de 172.29.41.89, una dirección asignada por el ASP y que no está en uso en el sitio del cliente."
-#: ../../configuration/protocols/isis.rst:357
+#: ../../configuration/protocols/isis.rst:385
msgid "Here's the IP routes that are populated. Just the loopback:"
msgstr "Aquí están las rutas IP que están pobladas. Solo el bucle invertido:"
@@ -6563,37 +6028,22 @@ msgstr "Aquí hay un ejemplo de valor :abbr:`NET (Título de entidad de red)`:"
msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
msgstr "Aquí hay un mapa de ruta de ejemplo para aplicar a las rutas aprendidas en la importación. En este filtro, rechazamos los prefijos con el estado &quot;no válido&quot; y establecemos una &quot;preferencia local&quot; más alta si el prefijo es RPKI &quot;válido&quot; en lugar de simplemente &quot;no encontrado&quot;."
-#: ../../configuration/protocols/isis.rst:523
+#: ../../configuration/firewall/groups.rst:150
+msgid "Here is an example were multiple groups are created:"
+msgstr "Here is an example were multiple groups are created:"
+
+#: ../../configuration/protocols/isis.rst:551
#: ../../configuration/protocols/ospf.rst:1036
#: ../../configuration/protocols/segment-routing.rst:251
#: ../../configuration/protocols/segment-routing.rst:330
msgid "Here is the routing tables showing the MPLS segment routing label operations:"
msgstr "Aquí están las tablas de enrutamiento que muestran las operaciones de la etiqueta de enrutamiento del segmento MPLS:"
-#: ../../configuration/nat/nat44.rst:633
+#: ../../configuration/nat/nat44.rst:657
msgid "Here we provide two examples on how to apply NAT Load Balance."
msgstr "Here we provide two examples on how to apply NAT Load Balance."
#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
msgid "Hewlett-Packard call it Source-Port filtering or port-isolation"
msgstr "Hewlett-Packard lo llama filtrado de puerto de origen o aislamiento de puerto"
@@ -6624,7 +6074,7 @@ msgstr "Información del anfitrión"
msgid "Host name"
msgstr "Nombre de anfitrión"
-#: ../../configuration/service/dhcp-server.rst:698
+#: ../../configuration/service/dhcp-server.rst:630
msgid "Host specific mapping shall be named ``client1``"
msgstr "El mapeo específico del host se llamará ``client1``"
@@ -6677,17 +6127,10 @@ msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in
msgstr "Ventana de protección de reproducción IEEE 802.1X/MACsec. Esto determina una ventana en la que se tolera la reproducción, para permitir la recepción de tramas que la red ha ordenado incorrectamente."
#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
msgstr "IEEE 802.1ad_ era un estándar de red Ethernet conocido informalmente como QinQ como una enmienda a las interfaces VLAN estándar IEEE 802.1q como se describe anteriormente. 802.1ad se incorporó al estándar base 802.1q_ en 2011. La técnica también se conoce como puente de proveedor, VLAN apiladas o simplemente QinQ o Q-in-Q. &quot;Q-in-Q&quot; puede aplicarse a los dispositivos compatibles con el apilamiento de etiquetas C en etiquetas C (tipo de Ethernet = 0x8100)."
#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
msgstr "IEEE 802.1q_, a menudo denominado Dot1q, es el estándar de red que admite LAN virtuales (VLAN) en una red Ethernet IEEE 802.3. El estándar define un sistema de etiquetado de VLAN para tramas de Ethernet y los procedimientos que lo acompañan para ser utilizados por puentes y conmutadores en el manejo de dichas tramas. El estándar también contiene disposiciones para un esquema de priorización de calidad de servicio comúnmente conocido como IEEE 802.1p y define el Protocolo de registro de atributos genéricos."
@@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, a menudo denominado Dot1q, es el estándar de red que admi
msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
msgstr "IETF publicó :rfc:`6598`, que detalla un espacio de direcciones compartido para usar en implementaciones de ISP CGN que pueden manejar los mismos prefijos de red que ocurren tanto en las interfaces entrantes como salientes. ARIN devolvió el espacio de direcciones a la :abbr:`IANA (Autoridad de Números Asignados en Internet)` para esta asignación."
-#: ../../configuration/protocols/igmp.rst:179
+#: ../../configuration/protocols/pim.rst:176
+msgid "IGMP - Internet Group Management Protocol)"
+msgstr "IGMP - Internet Group Management Protocol)"
+
+#: ../../configuration/protocols/igmp-proxy.rst:7
msgid "IGMP Proxy"
msgstr "Proxy IGMP"
-#: ../../configuration/nat/nat44.rst:726
+#: ../../configuration/nat/nat44.rst:748
msgid "IKE Phase:"
msgstr "Fase IKE:"
@@ -6711,11 +6158,11 @@ msgstr "Atributos de IKE (intercambio de claves de Internet)"
msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
msgstr "IKE realiza la autenticación mutua entre dos partes y establece una asociación de seguridad (SA) de IKE que incluye información secreta compartida que se puede usar para establecer de manera eficiente las SA para encapsular la carga útil de seguridad (ESP) o el encabezado de autenticación (AH) y un conjunto de algoritmos criptográficos para ser utilizados por las SA para proteger el tráfico que transportan. https://datatracker.ietf.org/doc/html/rfc5996"
-#: ../../configuration/vpn/site2site_ipsec.rst:156
+#: ../../configuration/vpn/site2site_ipsec.rst:160
msgid "IKEv1"
msgstr "IKEv1"
-#: ../../configuration/vpn/site2site_ipsec.rst:267
+#: ../../configuration/vpn/site2site_ipsec.rst:271
msgid "IKEv2"
msgstr "IKEv2"
@@ -6739,11 +6186,11 @@ msgstr "IPIP6"
msgid "IPSec:"
msgstr "IPSec:"
-#: ../../configuration/nat/nat44.rst:722
+#: ../../configuration/nat/nat44.rst:744
msgid "IPSec IKE and ESP"
msgstr "IPSec IKE y ESP"
-#: ../../configuration/nat/nat44.rst:687
+#: ../../configuration/nat/nat44.rst:711
msgid "IPSec IKE and ESP Groups;"
msgstr "Grupos IPSec IKE y ESP;"
@@ -6751,19 +6198,19 @@ msgstr "Grupos IPSec IKE y ESP;"
msgid "IPSec IKEv2 Remote Access VPN"
msgstr "IPSec IKEv2 Remote Access VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN"
msgstr "IPSec IKEv2 sitio a sitio VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
msgstr "IPSec IKEv2 site2site VPN (fuente ./draw.io/vpn_s2s_ikev2.drawio)"
-#: ../../configuration/nat/nat44.rst:758
+#: ../../configuration/nat/nat44.rst:780
msgid "IPSec VPN Tunnels"
msgstr "Túneles VPN IPSec"
-#: ../../configuration/nat/nat44.rst:688
+#: ../../configuration/nat/nat44.rst:712
msgid "IPSec VPN tunnels."
msgstr "Túneles VPN IPSec."
@@ -6771,7 +6218,7 @@ msgstr "Túneles VPN IPSec."
msgid "IP address"
msgstr "dirección IP"
-#: ../../configuration/service/dhcp-server.rst:237
+#: ../../configuration/service/dhcp-server.rst:202
msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
msgstr "La dirección IP ``192.168.1.100`` se asignará estáticamente al cliente llamado ``client1``"
@@ -6780,19 +6227,19 @@ msgstr "La dirección IP ``192.168.1.100`` se asignará estáticamente al client
msgid "IP address ``192.168.2.1/24``"
msgstr "Dirección IP ``192.168.2.1/24``"
-#: ../../configuration/service/dhcp-server.rst:319
+#: ../../configuration/service/dhcp-server.rst:286
msgid "IP address for DHCP server identifier"
msgstr "Dirección IP para el identificador del servidor DHCP"
-#: ../../configuration/service/dhcp-server.rst:309
+#: ../../configuration/service/dhcp-server.rst:276
msgid "IP address of NTP server"
msgstr "Dirección IP del servidor NTP"
-#: ../../configuration/service/dhcp-server.rst:349
+#: ../../configuration/service/dhcp-server.rst:316
msgid "IP address of POP3 server"
msgstr "Dirección IP del servidor POP3"
-#: ../../configuration/service/dhcp-server.rst:344
+#: ../../configuration/service/dhcp-server.rst:311
msgid "IP address of SMTP server"
msgstr "Dirección IP del servidor SMTP"
@@ -6808,7 +6255,7 @@ msgstr "Dirección IP de la ruta para hacer coincidir, según la lista de prefij
msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "Dirección IP de la ruta para hacer coincidir, según la longitud de prefijo especificada. Tenga en cuenta que esto solo se puede usar para rutas del kernel. No aplique a las rutas de los protocolos de enrutamiento dinámico (por ejemplo, BGP, RIP, OSFP), ya que esto puede conducir a resultados inesperados."
-#: ../../configuration/service/dhcp-server.rst:379
+#: ../../configuration/service/dhcp-server.rst:346
msgid "IP address to exclude from DHCP lease range"
msgstr "Dirección IP para excluir del rango de concesión de DHCP"
@@ -6884,19 +6331,23 @@ msgstr "IPsec"
msgid "IPsec policy matching GRE"
msgstr "Política IPsec que coincide con GRE"
-#: ../../configuration/service/pppoe-server.rst:359
+#: ../../configuration/service/pppoe-server.rst:346
msgid "IPv4"
msgstr "IPv4"
-#: ../../configuration/interfaces/vxlan.rst:85
+#: ../../configuration/interfaces/vxlan.rst:106
msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
msgstr "Dirección remota IPv4/IPv6 del túnel VXLAN. Alternativa a la multidifusión, la dirección IPv4/IPv6 remota se puede establecer directamente."
-#: ../../configuration/service/dhcp-server.rst:324
+#: ../../configuration/firewall/ipv4.rst:7
+msgid "IPv4 Firewall Configuration"
+msgstr "IPv4 Firewall Configuration"
+
+#: ../../configuration/service/dhcp-server.rst:291
msgid "IPv4 address of next bootstrap server"
msgstr "Dirección IPv4 del próximo servidor de arranque"
-#: ../../configuration/service/dhcp-server.rst:284
+#: ../../configuration/service/dhcp-server.rst:251
msgid "IPv4 address of router on the client's subnet"
msgstr "Dirección IPv4 del enrutador en la subred del cliente"
@@ -6904,7 +6355,7 @@ msgstr "Dirección IPv4 del enrutador en la subred del cliente"
msgid "IPv4 or IPv6 source address of NetFlow packets"
msgstr "Dirección de origen IPv4 o IPv6 de los paquetes NetFlow"
-#: ../../configuration/protocols/bgp.rst:1098
+#: ../../configuration/protocols/bgp.rst:1099
msgid "IPv4 peering"
msgstr "emparejamiento IPv4"
@@ -6925,7 +6376,7 @@ msgid "IPv4 server"
msgstr "servidor IPv4"
#: ../../configuration/interfaces/pppoe.rst:244
-#: ../../configuration/service/pppoe-server.rst:280
+#: ../../configuration/service/pppoe-server.rst:267
#: ../../configuration/system/ipv6.rst:3
msgid "IPv6"
msgstr "IPv6"
@@ -6942,11 +6393,15 @@ msgstr "Ejemplo de IPv6 DHCPv6-PD"
msgid "IPv6 DNS addresses are optional."
msgstr "Las direcciones DNS IPv6 son opcionales."
+#: ../../configuration/firewall/ipv6.rst:7
+msgid "IPv6 Firewall Configuration"
+msgstr "IPv6 Firewall Configuration"
+
#: ../../configuration/protocols/pim6.rst:5
msgid "IPv6 Multicast"
msgstr "IPv6 Multicast"
-#: ../../configuration/service/pppoe-server.rst:295
+#: ../../configuration/service/pppoe-server.rst:282
msgid "IPv6 Prefix Delegation"
msgstr "Delegación de prefijo IPv6"
@@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC e IA-PD"
msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
msgstr "Los filtros IPv6 TCP solo coincidirán con paquetes IPv6 sin extensión de encabezado, consulte https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
-#: ../../configuration/service/dhcp-server.rst:696
+#: ../../configuration/service/dhcp-server.rst:628
msgid "IPv6 address ``2001:db8::101`` shall be statically mapped"
msgstr "La dirección IPv6 ``2001:db8::101`` se mapeará estáticamente"
@@ -6978,11 +6433,11 @@ msgstr "Dirección IPv6 de la ruta para hacer coincidir, según la lista de pref
msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "Dirección IPv6 de la ruta para hacer coincidir, según la longitud de prefijo especificada. Tenga en cuenta que esto solo se puede usar para rutas del kernel. No aplique a las rutas de los protocolos de enrutamiento dinámico (por ejemplo, BGP, RIP, OSFP), ya que esto puede conducir a resultados inesperados."
-#: ../../configuration/service/pppoe-server.rst:283
+#: ../../configuration/service/pppoe-server.rst:270
msgid "IPv6 client's prefix assignment"
msgstr "Asignación de prefijo del cliente IPv6"
-#: ../../configuration/protocols/bgp.rst:1143
+#: ../../configuration/protocols/bgp.rst:1144
msgid "IPv6 peering"
msgstr "emparejamiento IPv6"
@@ -6990,7 +6445,7 @@ msgstr "emparejamiento IPv6"
msgid "IPv6 prefix."
msgstr "Prefijo IPv6."
-#: ../../configuration/service/dhcp-server.rst:697
+#: ../../configuration/service/dhcp-server.rst:629
msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
msgstr "El prefijo IPv6 ``2001:db8:0:101::/64`` se mapeará estáticamente"
@@ -7002,7 +6457,7 @@ msgstr "retransmisión IPv6"
msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
msgstr "Origen de la ruta IPv6: bgp, conectado, eigrp, isis, kernel, nhrp, ospfv3, ripng, estático."
-#: ../../configuration/service/dhcp-server.rst:578
+#: ../../configuration/service/dhcp-server.rst:502
msgid "IPv6 server"
msgstr "servidor IPv6"
@@ -7022,11 +6477,11 @@ msgstr "Configuración global IS-IS"
msgid "IS-IS SR Configuration"
msgstr "Configuración IS-IS SR"
-#: ../../configuration/service/dhcp-server.rst:266
+#: ../../configuration/service/dhcp-server.rst:233
msgid "ISC-DHCP Option name"
msgstr "Nombre de la opción ISC-DHCP"
-#: ../../configuration/vpn/openconnect.rst:226
+#: ../../configuration/vpn/openconnect.rst:233
msgid "Identity Based Configuration"
msgstr "Configuración basada en identidad"
@@ -7043,10 +6498,17 @@ msgid "If CA is present, this certificate will be included in generated CRLs"
msgstr "Si CA está presente, este certificado se incluirá en las CRL generadas"
#: ../../_include/interface-per-client-thread.txt:8
-#: ../../_include/interface-per-client-thread.txt:8
msgid "If CLI option is not specified, this feature is disabled."
msgstr "If CLI option is not specified, this feature is disabled."
+#: ../../configuration/protocols/pim.rst:35
+msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+
+#: ../../configuration/protocols/pim.rst:42
+msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+
#: ../../configuration/protocols/bgp.rst:225
msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
msgstr "Si se establece :cfgcmd:`strict`, la sesión de BGP no se establecerá hasta que el vecino de BGP establezca el Rol local de su lado. Este parámetro de configuración se define en RFC :rfc:`9234` y se usa para hacer cumplir la configuración correspondiente en el lado de sus contrapartes."
@@ -7072,7 +6534,9 @@ msgstr "Si se escucha una respuesta, se abandona la concesión y el servidor no
msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
msgstr "Si una ruta tiene un atributo ORIGINATOR_ID porque se ha reflejado, se utilizará ese ORIGINATOR_ID. De lo contrario, se utilizará la ID del enrutador del par del que se recibió la ruta."
-#: ../../configuration/firewall/general.rst:329
+#: ../../configuration/firewall/bridge.rst:67
+#: ../../configuration/firewall/ipv4.rst:83
+#: ../../configuration/firewall/ipv6.rst:83
msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
@@ -7088,72 +6552,19 @@ msgstr "Si un ISP implementa un :abbr:`CGN (NAT de grado de operador)` y usa el
msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
msgstr "Si otro puente en el árbol de expansión no envía un paquete de saludo durante un largo período de tiempo, se supone que está inactivo."
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
+#: ../../configuration/protocols/pim.rst:106
+msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
#: ../../_include/interface-ip.txt:72
msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
msgstr "Si está configurado, se reenviarán los paquetes de difusión entrantes dirigidos por IP en esta interfaz."
#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
msgid "If configured, reply only if the target IP address is local address configured on the incoming interface."
msgstr "Si está configurado, responda solo si la dirección IP de destino es una dirección local configurada en la interfaz entrante."
#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
msgstr "Si está configurado, intente evitar direcciones locales que no estén en la subred del objetivo para esta interfaz. Este modo es útil cuando los hosts de destino accesibles a través de esta interfaz requieren que la dirección IP de origen en las solicitudes ARP sea parte de su red lógica configurada en la interfaz de recepción. Cuando generemos la solicitud, verificaremos todas nuestras subredes que incluyen la IP de destino y conservaremos la dirección de origen si es de dicha subred. Si no existe tal subred, seleccionamos la dirección de origen de acuerdo con las reglas para el nivel 2."
@@ -7161,7 +6572,7 @@ msgstr "Si está configurado, intente evitar direcciones locales que no estén e
msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
msgstr "Si configura VXLAN en una máquina virtual VyOS, asegúrese de que se permitan la suplantación de MAC (Hyper-V) o las transmisiones falsificadas (ESX); de lo contrario, el hipervisor podría bloquear las tramas reenviadas."
-#: ../../configuration/nat/nat44.rst:542
+#: ../../configuration/nat/nat44.rst:564
msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
msgstr "Si reenvía el tráfico a un puerto diferente al que llega, también puede configurar el puerto de traducción usando `establecer regla de destino nacional [n] puerto de traducción`."
@@ -7169,7 +6580,15 @@ msgstr "Si reenvía el tráfico a un puerto diferente al que llega, también pue
msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
msgstr "Si se cumple el tráfico garantizado para una clase y hay espacio para más tráfico, el parámetro techo se puede usar para establecer cuánto más ancho de banda se puede usar. Si se cumple el tráfico garantizado y hay varias clases dispuestas a utilizar sus techos, el parámetro de prioridad establecerá el orden en que se asignará ese tráfico adicional. La prioridad puede ser cualquier número del 0 al 7. Cuanto menor sea el número, mayor será la prioridad."
-#: ../../configuration/protocols/igmp.rst:221
+#: ../../configuration/firewall/index.rst:82
+msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:25
+msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+
+#: ../../configuration/protocols/igmp-proxy.rst:49
msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
msgstr "Si es vital que el demonio actúe exactamente como un cliente de multidifusión real en la interfaz ascendente, esta función debe estar habilitada."
@@ -7193,7 +6612,7 @@ msgstr "Si la ruta múltiple está habilitada, verifique si las rutas que aún n
msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
msgstr "Si no se puede establecer una conexión con un servidor de caché RPKI después de un tiempo de espera predefinido, el enrutador procesará rutas sin validación de origen de prefijo. Todavía intentará establecer una conexión con un servidor de caché RPKI en segundo plano."
-#: ../../configuration/nat/nat44.rst:205
+#: ../../configuration/nat/nat44.rst:217
msgid "If no destination is specified the rule will match on any destination address and port."
msgstr "Si no se especifica ningún destino, la regla coincidirá con cualquier dirección y puerto de destino."
@@ -7206,52 +6625,18 @@ msgid "If no option is specified, this defaults to `all`."
msgstr "Si no se especifica ninguna opción, el valor predeterminado es `todos`."
#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
msgstr "Si no se establece (predeterminado), le permite tener múltiples interfaces de red en la misma subred y hacer que los ARP para cada interfaz se respondan en función de si el kernel enrutaría o no un paquete desde la IP de ARP hacia esa interfaz (por lo tanto, usted debe usar el enrutamiento basado en la fuente para que esto funcione)."
+#: ../../configuration/protocols/pim.rst:142
+msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+
#: ../../configuration/system/ip.rst:17
msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
msgstr "Si se establece, el reenvío de difusión dirigido por IPv4 se desactivará por completo independientemente de si el reenvío de difusión dirigido por interfaz está habilitado o no."
#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
msgstr "Si se configura, el núcleo puede responder a las solicitudes de arp con direcciones de otras interfaces. Esto puede parecer incorrecto, pero por lo general tiene sentido, porque aumenta las posibilidades de una comunicación exitosa. Las direcciones IP son propiedad del host completo en Linux, no de interfaces particulares. Solo para configuraciones más complejas como el equilibrio de carga, este comportamiento causa problemas."
@@ -7260,25 +6645,6 @@ msgid "If suffix is omitted, minutes are implied."
msgstr "Si se omite el sufijo, los minutos están implícitos."
#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
msgstr "Si la tabla ARP ya contiene la dirección IP del marco arp gratuito, la tabla arp se actualizará independientemente de si esta configuración está activada o desactivada."
@@ -7318,6 +6684,14 @@ msgstr "Si el tamaño medio de la cola es inferior al **mínimo de umbral**, se
msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
msgstr "Si el tamaño actual de la cola es mayor que **límite de cola**, los paquetes se descartarán. El tamaño medio de la cola depende de su tamaño medio anterior y del actual."
+#: ../../configuration/firewall/index.rst:83
+msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:26
+msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+
#: ../../configuration/interfaces/bonding.rst:187
#: ../../configuration/interfaces/bonding.rst:216
msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash."
@@ -7339,7 +6713,7 @@ msgstr "Si la tabla está vacía y tiene un mensaje de advertencia, significa qu
msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
msgstr "Si no hay direcciones libres pero hay direcciones IP abandonadas, el servidor DHCP intentará reclamar una dirección IP abandonada independientemente del valor del tiempo de concesión de abandono."
-#: ../../configuration/vpn/site2site_ipsec.rst:237
+#: ../../configuration/vpn/site2site_ipsec.rst:241
msgid "If there is SNAT rules on eth1, need to add exclude rule"
msgstr "Si hay reglas SNAT en eth1, debe agregar una regla de exclusión"
@@ -7348,7 +6722,7 @@ msgstr "Si hay reglas SNAT en eth1, debe agregar una regla de exclusión"
msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
msgstr "Si este comando se invoca desde el modo de configuración con el prefijo ``ejecutar``, la clave se instala automáticamente en la interfaz adecuada:"
-#: ../../configuration/service/dhcp-relay.rst:166
+#: ../../configuration/service/dhcp-relay.rst:168
msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
msgstr "Si esto está configurado, el agente de retransmisión insertará la ID de la interfaz. Esta opción se establece automáticamente si se utilizan más de una interfaz de escucha."
@@ -7356,53 +6730,15 @@ msgstr "Si esto está configurado, el agente de retransmisión insertará la ID
msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
msgstr "Si esta opción está habilitada, se omite la verificación ya seleccionada, donde se prefieren las rutas eBGP ya seleccionadas."
-#: ../../configuration/vpn/sstp.rst:172
+#: ../../configuration/vpn/sstp.rst:183
msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
msgstr "Si se especifica esta opción y es mayor que 0, el módulo PPP enviará pings LCP de la solicitud de eco cada `<interval> ` segundos."
#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
msgstr "Si esta opción no está configurada (predeterminada), los paquetes de difusión entrantes dirigidos por IP no se reenviarán."
#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
msgid "If this option is unset (default), reply for any local target IP address, configured on any interface."
msgstr "Si esta opción no está configurada (predeterminada), responda para cualquier dirección IP de destino local, configurada en cualquier interfaz."
@@ -7422,7 +6758,7 @@ msgstr "Si no se establece, las conexiones entrantes al servidor RADIUS utilizar
msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
msgstr "Si no se establece, las conexiones entrantes al servidor TACACS utilizarán la dirección de interfaz más cercana que apunta hacia el servidor, lo que lo hace propenso a errores, por ejemplo, en redes OSPF cuando falla un enlace y se toma una ruta de respaldo."
-#: ../../configuration/nat/nat44.rst:788
+#: ../../configuration/nat/nat44.rst:810
msgid "If you've completed all the above steps you no doubt want to see if it's all working."
msgstr "Si ha completado todos los pasos anteriores, sin duda querrá ver si todo funciona."
@@ -7473,6 +6809,10 @@ msgstr "Si configura una clase para **tráfico de VoIP**, no le dé ningún *top
msgid "If you enable this, you will probably want to set diversity-factor and channel below."
msgstr "Si habilita esto, probablemente querrá establecer el factor de diversidad y el canal a continuación."
+#: ../../configuration/protocols/pim.rst:54
+msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+
#: ../../configuration/interfaces/bonding.rst:312
msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
msgstr "Si ejecuta esto en un entorno virtual como EVE-NG, debe asegurarse de que su NIC de VyOS esté configurada para usar el controlador e1000. Usar el controlador predeterminado ``virtio-net-pci`` o ``vmxnet3`` no funcionará. Los mensajes ICMP no se procesarán correctamente. Son visibles en el cable virtual, pero no llegarán completamente a la pila de redes."
@@ -7493,6 +6833,10 @@ msgstr "Si tiene muchas interfaces y/o muchas subredes, habilitar OSPF a través
msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
msgstr "Si configuró la política &quot;DENTRO-FUERA&quot;, deberá agregar reglas adicionales para permitir el tráfico NAT entrante."
+#: ../../configuration/protocols/pim.rst:171
+msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+
#: ../../configuration/system/flow-accounting.rst:65
msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
msgstr "Si necesita muestrear también el tráfico de salida, es posible que desee configurar la contabilidad del flujo de salida:"
@@ -7541,7 +6885,7 @@ msgstr "Ignorar las fallas de la interfaz principal de VRRP"
msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
msgstr "Afortunadamente, la imagen se tomó prestada de https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG, que está bajo la licencia de documentación libre GNU"
-#: ../../configuration/vpn/site2site_ipsec.rst:275
+#: ../../configuration/vpn/site2site_ipsec.rst:279
msgid "Imagine the following topology"
msgstr "Imagine la siguiente topología"
@@ -7574,35 +6918,14 @@ msgid "In VyOS, a class is identified by a number you can choose when configurin
msgstr "En VyOS, una clase se identifica con un número que puede elegir al configurarla."
#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
msgstr "En VyOS, los términos ``vif-s`` y ``vif-c`` representan las etiquetas ethertype que se utilizan."
#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
msgid "In :rfc:`3069` it is called VLAN Aggregation"
msgstr "En :rfc:`3069` se llama Agregación de VLAN"
-#: ../../configuration/firewall/zone.rst:41
+#: ../../configuration/firewall/zone.rst:60
msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
msgstr "En :vytask:`T2199` se cambió la sintaxis de la configuración de zona. La configuración de la zona se movió de ``zone-policy zone<name> `` a `` zona de cortafuegos<name> ``."
@@ -7611,8 +6934,6 @@ msgid "In a minimal configuration, the following must be provided:"
msgstr "En una configuración mínima, se debe proporcionar lo siguiente:"
#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
msgstr "En un contexto de encabezado de VLAN múltiple, por conveniencia, el término &quot;etiqueta de VLAN&quot; o simplemente &quot;etiqueta&quot; para abreviar se usa a menudo en lugar de &quot;802.1q_ encabezado de VLAN&quot;. QinQ permite múltiples etiquetas VLAN en un marco de Ethernet; juntas, estas etiquetas constituyen una pila de etiquetas. Cuando se usa en el contexto de una trama Ethernet, una trama QinQ es una trama que tiene 2 encabezados VLAN 802.1q_ (doble etiqueta)."
@@ -7632,15 +6953,9 @@ msgstr "Además de :abbr:`RADIUS (Servicio de usuario de marcación de autentica
msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
msgstr "Además de mostrar la información de contabilidad de flujo localmente, también se puede exportar a un servidor de recopilación."
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
#: ../../configuration/pki/index.rst:144
#: ../../configuration/pki/index.rst:159
+#: ../../configuration/pki/pki_cli_import_help.txt:1
msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
msgstr "Además del comando anterior, la salida está en un formato que se puede usar para importar directamente la clave a la CLI de VyOS simplemente copiando y pegando la salida del modo de operación al modo de configuración."
@@ -7656,8 +6971,7 @@ msgstr "Además, especificará la dirección IP o FQDN del cliente al que se con
msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
-#: ../../configuration/firewall/general.rst:194
-#: ../../configuration/firewall/general-legacy.rst:170
+#: ../../configuration/firewall/groups.rst:21
msgid "In an **address group** a single IP address or IP address ranges are defined."
msgstr "En un **grupo de direcciones** se define una sola dirección IP o rangos de direcciones IP."
@@ -7681,6 +6995,10 @@ msgstr "A diferencia de RED simple, la detección aleatoria de VyOS utiliza una
msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
msgstr "En el modo de conmutación por error, una interfaz se establece como interfaz principal y otras interfaces son secundarias o de repuesto. En lugar de equilibrar el tráfico en todas las interfaces en buen estado, solo se utiliza la interfaz principal y, en caso de falla, se hace cargo una interfaz secundaria seleccionada del grupo de interfaces disponibles. La interfaz principal se selecciona en función de su peso y salud, otras se convierten en interfaces secundarias. Las interfaces secundarias para tomar el control de una interfaz principal fallida se eligen del grupo de interfaces del equilibrador de carga, según su peso y estado. Los roles de interfaz también se pueden seleccionar en función del orden de las reglas al incluir interfaces en las reglas de equilibrio y ordenar esas reglas en consecuencia. Para poner el balanceador de carga en modo de conmutación por error, cree una regla de conmutación por error:"
+#: ../../configuration/firewall/bridge.rst:70
+msgid "In firewall bridge rules, the action can be:"
+msgstr "In firewall bridge rules, the action can be:"
+
#: ../../configuration/protocols/ospf.rst:339
msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
msgstr "En general, el protocolo OSPF requiere un área de red troncal (área 0) para ser coherente y estar completamente conectado. Es decir, cualquier enrutador de área de red troncal debe tener una ruta a cualquier otro enrutador de área de red troncal. Además, cada ABR debe tener un enlace al área de red troncal. Sin embargo, no siempre es posible tener un enlace físico a un área de red troncal. En este caso entre dos ABR (uno de ellos tiene enlace al área de backbone) en el área (no área stub) se organiza un enlace virtual."
@@ -7693,7 +7011,7 @@ msgstr "En implementaciones grandes, no es razonable configurar cada usuario ind
msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
msgstr "Para que la información de contabilidad de flujo se recopile y muestre para una interfaz, la interfaz debe estar configurada para la contabilidad de flujo."
-#: ../../configuration/service/dhcp-server.rst:196
+#: ../../configuration/service/dhcp-server.rst:161
msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
msgstr "Para que el servidor DHCP primario y secundario mantengan sus tablas de arrendamiento sincronizadas, deben poder comunicarse entre sí en el puerto TCP 647. Si tiene reglas de firewall vigentes, ajústelas en consecuencia."
@@ -7721,42 +7039,35 @@ msgstr "Para que VyOS Traffic Control funcione, debe seguir 2 pasos:"
msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
msgstr "Para tener control total y hacer uso de múltiples direcciones IP públicas estáticas, su VyOS deberá iniciar la conexión PPPoE y controlarla. Para que este método funcione, tendrá que descubrir cómo hacer que su módem/enrutador DSL cambie a un modo puente para que solo actúe como un dispositivo transceptor DSL para conectarse entre el enlace Ethernet de su VyOS y el cable del teléfono. Una vez que su transceptor DSL esté en modo puente, no debería obtener ninguna dirección IP. Asegúrese de conectarse al puerto Ethernet 1 si su transceptor DSL tiene un interruptor, ya que algunos de ellos solo funcionan de esta manera."
-#: ../../configuration/service/dhcp-server.rst:691
+#: ../../configuration/service/dhcp-server.rst:623
msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
msgstr "Para asignar direcciones IPv6 específicas a hosts específicos, se pueden crear asignaciones estáticas. El siguiente ejemplo explica el proceso."
+#: ../../configuration/interfaces/vxlan.rst:82
+msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+
#: ../../configuration/trafficpolicy/index.rst:402
msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
msgstr "Para separar el tráfico, Fair Queue utiliza un clasificador basado en la dirección de origen, la dirección de destino y el puerto de origen. El algoritmo pone en cola los paquetes en cubos hash en función de esos parámetros de árbol. Cada uno de estos cubos debe representar un flujo único. Debido a que varios flujos pueden tener un hash en el mismo depósito, el algoritmo hash se perturba a intervalos configurables para que la injusticia dure solo por un corto tiempo. Sin embargo, la perturbación puede provocar que se produzca algún reordenamiento de paquetes involuntario. Un valor aconsejable podría ser de 10 segundos."
+#: ../../configuration/protocols/pim.rst:87
+msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+
#: ../../configuration/interfaces/ethernet.rst:95
msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
msgstr "Para usar TSO/LRO con adaptadores VMXNET3, también se debe habilitar la opción de descarga SG."
-#: ../../configuration/nat/nat44.rst:382
+#: ../../configuration/firewall/flowtables.rst:59
+msgid "In order to use flowtables, the minimal configuration needed includes:"
+msgstr "In order to use flowtables, the minimal configuration needed includes:"
+
+#: ../../configuration/nat/nat44.rst:396
msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
msgstr "En otras palabras, el seguimiento de la conexión ya ha observado que la conexión se ha cerrado y ha realizado la transición del flujo a NO VÁLIDO para evitar que los ataques intenten reutilizar la conexión."
#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
msgid "In other words it allows control of which cards (usually 1) will respond to an arp request."
msgstr "En otras palabras, permite controlar qué tarjetas (generalmente 1) responderán a una solicitud de arp."
@@ -7764,7 +7075,7 @@ msgstr "En otras palabras, permite controlar qué tarjetas (generalmente 1) resp
msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
msgstr "En nuestro ejemplo, usamos el nombre de clave ``openvpn-1`` al que haremos referencia en nuestra configuración."
-#: ../../configuration/nat/nat44.rst:507
+#: ../../configuration/nat/nat44.rst:527
msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
msgstr "En nuestro ejemplo, reenviaremos el tráfico del servidor web a un servidor web interno en 192.168.0.100. El tráfico HTTP utiliza el protocolo TCP en el puerto 80. Para conocer otros números de puerto comunes, consulte: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
@@ -7812,15 +7123,15 @@ msgstr "En el caso de que desee aplicar algún tipo de **modelado** a su tráfic
msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
msgstr "En el comando anterior establecemos el tipo de política con la que vamos a trabajar y el nombre que elegimos para ella; una clase (para que podamos diferenciar algo de tráfico) y un número identificable para esa clase; luego configuramos una regla de coincidencia (o filtro) y un nombre para ella."
-#: ../../configuration/service/pppoe-server.rst:272
+#: ../../configuration/service/pppoe-server.rst:259
msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
msgstr "En el ejemplo anterior, las primeras 499 sesiones se conectan sin demora. Los paquetes PADO se retrasarán 50 ms para la conexión de 500 a 999, este truco permite que otros servidores PPPoE envíen PADO más rápido y los clientes se conectarán a otros servidores. El último comando dice que este servidor PPPoE puede servir solo a 3000 clientes."
-#: ../../configuration/nat/nat44.rst:321
+#: ../../configuration/nat/nat44.rst:333
msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
msgstr "En el ejemplo utilizado para la configuración de inicio rápido anterior, demostramos la siguiente configuración:"
-#: ../../configuration/system/login.rst:397
+#: ../../configuration/system/login.rst:399
msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
msgstr "En el siguiente ejemplo, tanto `User1` como `User2` podrán acceder a VyOS mediante SSH como usuario ``vyos`` utilizando sus propias claves. El &#39;Usuario 1&#39; está restringido para que solo pueda conectarse desde una única dirección IP. Además, si se desea iniciar sesión con contraseña para el usuario ``vyos``, se requiere un código de clave 2FA/MFA además de la contraseña."
@@ -7832,7 +7143,7 @@ msgstr "En el siguiente ejemplo, las direcciones IP para los clientes remotos se
msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
msgstr "En el siguiente ejemplo, cuando la VLAN9 hace la transición, la VLAN20 también hará la transición:"
-#: ../../configuration/protocols/igmp.rst:37
+#: ../../configuration/protocols/pim.rst:219
msgid "In the following example we can see a basic multicast setup:"
msgstr "En el siguiente ejemplo podemos ver una configuración básica de multidifusión:"
@@ -7856,11 +7167,11 @@ msgstr "En este árbol de comandos, se manejarán todas las opciones de acelerac
msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
msgstr "En este ejemplo, se utilizan algunos servidores *OpenNIC*, dos direcciones IPv4 y dos direcciones IPv6:"
-#: ../../configuration/nat/nat44.rst:344
+#: ../../configuration/nat/nat44.rst:358
msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
msgstr "En este ejemplo, usamos **masquerade** como dirección de traducción en lugar de una dirección IP. El objetivo **masquerade** es efectivamente un alias para decir &quot;usar cualquier dirección IP que esté en la interfaz de salida&quot;, en lugar de una dirección IP configurada estáticamente. Esto es útil si usa DHCP para su interfaz de salida y no sabe cuál será la dirección externa."
-#: ../../configuration/nat/nat44.rst:498
+#: ../../configuration/nat/nat44.rst:518
msgid "In this example, we will be using the example Quick Start configuration above as a starting point."
msgstr "En este ejemplo, utilizaremos el ejemplo de configuración de inicio rápido anterior como punto de partida."
@@ -7880,10 +7191,38 @@ msgstr "En este ejemplo, usaremos el caso más complicado: una configuración en
msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
msgstr "En este método, el módem/enrutador DSL se conecta al ISP por usted con sus credenciales preprogramadas en el dispositivo. Esto le da una dirección :rfc:`1918`, como ``192.168.1.0/24`` por defecto."
-#: ../../configuration/service/dns.rst:152
+#: ../../configuration/service/dns.rst:165
msgid "In this scenario:"
msgstr "En este escenario:"
+#: ../../configuration/firewall/ipv4.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/ipv6.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+
+#: ../../configuration/firewall/zone.rst:25
+msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:289
+msgid "In this section you can find all useful firewall op-mode commands."
+msgstr "In this section you can find all useful firewall op-mode commands."
+
#: ../../configuration/service/webproxy.rst:95
msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
msgstr "En el modo de proxy transparente, todo el tráfico que llega al puerto 80 y tiene como destino Internet se reenvía automáticamente a través del proxy. Esto permite el reenvío de proxy inmediato sin configurar los navegadores de los clientes."
@@ -7896,7 +7235,7 @@ msgstr "En los usos típicos de SNMP, una o más computadoras administrativas ll
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "En la política basada en zonas, las interfaces se asignan a las zonas y la política de inspección se aplica al tráfico que se mueve entre las zonas y se actúa según las reglas del firewall. Una Zona es un grupo de interfaces que tienen funciones o características similares. Establece las fronteras de seguridad de una red. Una zona define un límite donde el tráfico está sujeto a restricciones de política cuando cruza a otra región de una red."
-#: ../../configuration/firewall/zone.rst:24
+#: ../../configuration/firewall/zone.rst:43
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
@@ -7916,11 +7255,11 @@ msgstr "Aumente la longitud máxima de MPDU a 7991 o 11454 octetos (3895 octetos
msgid "Indication"
msgstr "Indicación"
-#: ../../configuration/service/dhcp-server.rst:84
+#: ../../configuration/service/dhcp-server.rst:64
msgid "Individual Client Subnet"
msgstr "Subred de cliente individual"
-#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:49
msgid "Inform client that the DNS server can be found at `<address>`."
msgstr "Informe al cliente que el servidor DNS se puede encontrar en `<address> `."
@@ -7940,53 +7279,19 @@ msgstr "Mensajes informativos"
msgid "Input from `eth0` network interface"
msgstr "Entrada desde la interfaz de red `eth0`"
+#: ../../configuration/firewall/bridge.rst:390
+msgid "Inspect logs:"
+msgstr "Inspect logs:"
+
#: ../../configuration/vpn/pptp.rst:32
msgid "Install the client software via apt and execute pptpsetup to generate the configuration."
msgstr "Instale el software del cliente a través de apt y ejecute pptpsetup para generar la configuración."
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/pppoe.rst:218
#: ../../configuration/interfaces/pppoe.rst:264
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/sstp-client.rst:90
#: ../../_include/interface-ip.txt:15
#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
msgstr "En lugar de un valor MSS numérico, se puede usar `clamp-mss-to-pmtu` para establecer automáticamente el valor adecuado."
@@ -7995,21 +7300,6 @@ msgid "Instead of password only authentication, 2FA password authentication + OT
msgstr "En lugar de la autenticación de solo contraseña, se puede usar la autenticación de contraseña 2FA + clave OTP. Alternativamente, se puede usar solo la autenticación OTP, sin contraseña. Para hacer esto, se debe agregar una configuración OTP a la configuración anterior:"
#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
msgstr "En lugar de enviar el nombre de host real del sistema al servidor DHCP, sobrescriba el nombre de host con este valor dado."
@@ -8035,7 +7325,7 @@ msgstr "Interconecte el VRF global con vrf &quot;rojo&quot; usando el par veth10
msgid "Interface Configuration"
msgstr "Configuración de la interfaz"
-#: ../../configuration/firewall/general.rst:239
+#: ../../configuration/firewall/groups.rst:66
msgid "Interface Groups"
msgstr "Interface Groups"
@@ -8043,7 +7333,7 @@ msgstr "Interface Groups"
msgid "Interface Routes"
msgstr "Rutas de interfaz"
-#: ../../configuration/protocols/igmp.rst:235
+#: ../../configuration/protocols/igmp-proxy.rst:63
msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
msgstr "La interfaz `eth1` LAN está detrás de NAT. Para suscribirnos a la multidifusión de subred `10.0.0.0/23` que está en `eth0` WAN, necesitamos configurar igmp-proxy."
@@ -8059,11 +7349,16 @@ msgstr "Interfaz para el agente de retransmisión DHCP para reenviar solicitudes
msgid "Interface for DHCP Relay Agent to listen for requests."
msgstr "Interfaz para DHCP Relay Agent para escuchar solicitudes."
+#: ../../configuration/protocols/pim.rst:133
+#: ../../configuration/protocols/pim.rst:186
+msgid "Interface specific commands"
+msgstr "Interface specific commands"
+
#: ../../configuration/service/conntrack-sync.rst:71
msgid "Interface to use for syncing conntrack entries."
msgstr "Interfaz a usar para sincronizar entradas de conntrack."
-#: ../../configuration/interfaces/vxlan.rst:93
+#: ../../configuration/interfaces/vxlan.rst:114
msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
msgstr "Interfaz utilizada para la base de VXLAN. Esto es obligatorio cuando se usa VXLAN a través de una red de multidifusión. El tráfico VXLAN siempre entrará y saldrá de esta interfaz."
@@ -8133,6 +7428,10 @@ msgstr "No es probable que alguien lo necesite pronto, pero existe."
msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
msgstr "Es más lento que IPsec debido a la mayor sobrecarga del protocolo y al hecho de que se ejecuta en modo usuario mientras que IPsec, en Linux, está en modo kernel."
+#: ../../configuration/firewall/flowtables.rst:167
+msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+
#: ../../configuration/system/option.rst:111
msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
msgstr "Deshabilita las páginas grandes transparentes y el equilibrio NUMA automático. También utiliza cpupower para establecer el regulador cpufreq de rendimiento y solicita un valor de cpu_dma_latency de 1. También establece los tiempos de busy_read y busy_poll en 50 us, y tcp_fastopen en 3."
@@ -8150,7 +7449,7 @@ msgstr "Genera el par de claves, que incluye las partes pública y privada. La c
msgid "It helps to support as HELPER only for planned restarts."
msgstr "Ayuda a brindar soporte como AYUDANTE solo para reinicios planificados."
-#: ../../configuration/firewall/zone.rst:87
+#: ../../configuration/firewall/zone.rst:106
msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
msgstr "Ayuda pensar en la sintaxis como: (ver más abajo). El &#39;conjunto de reglas&#39; debe escribirse desde la perspectiva de: *Zona de origen*-a-&gt;*Zona de destino*"
@@ -8158,7 +7457,7 @@ msgstr "Ayuda pensar en la sintaxis como: (ver más abajo). El &#39;conjunto de
msgid "It is compatible with Cisco (R) AnyConnect (R) clients."
msgstr "Es compatible con clientes Cisco (R) AnyConnect (R)."
-#: ../../configuration/service/dhcp-server.rst:660
+#: ../../configuration/service/dhcp-server.rst:590
msgid "It is connected to ``eth1``"
msgstr "Está conectado a ``eth1``"
@@ -8170,11 +7469,15 @@ msgstr "Se recomienda encarecidamente utilizar la autenticación de clave SSH. D
msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
msgstr "Se recomienda encarecidamente utilizar la misma dirección para la identificación del enrutador LDP y la dirección de transporte de descubrimiento, pero para que VyOS MPLS LDP funcione, ambos parámetros deben establecerse explícitamente en la configuración."
+#: ../../configuration/nat/nat44.rst:574
+msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+
#: ../../configuration/nat/nat44.rst:549
msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
msgstr "Es importante tener en cuenta que al crear reglas de firewall, la traducción de DNAT se produce **antes** de que el tráfico atraviese el firewall. En otras palabras, la dirección de destino ya se tradujo a 192.168.0.100."
-#: ../../configuration/vrf/index.rst:503
+#: ../../configuration/vrf/index.rst:505
msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
msgstr "No es suficiente configurar solo un L3VPN VRF, sino que también se deben mantener los L3VPN VRF. Para el mantenimiento de L3VPN VRF, se implementan los siguientes comandos operativos."
@@ -8190,7 +7493,7 @@ msgstr "No es válido usar la opción `vif 1` para puentes que reconocen VLAN po
msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
msgstr "Es posible mejorar la seguridad de la autenticación mediante el uso de la función :abbr:`2FA (Autenticación de dos factores)`/:abbr:`MFA (Autenticación de múltiples factores)` junto con :abbr:`OTP (One-Time-Pad) ` en VyOS. :abbr:`2FA (autenticación de dos factores)`/:abbr:`MFA (autenticación de múltiples factores)` se configura de forma independiente para cada usuario. Si se configura una clave OTP para un usuario, 2FA/MFA se habilita automáticamente para ese usuario en particular. Si un usuario no tiene una clave OTP configurada, no hay verificación 2FA/MFA para ese usuario."
-#: ../../configuration/vrf/index.rst:494
+#: ../../configuration/vrf/index.rst:496
msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
@@ -8211,22 +7514,6 @@ msgid "It uses a stochastic model to classify incoming packets into different fl
msgstr "Utiliza un modelo estocástico para clasificar los paquetes entrantes en diferentes flujos y se utiliza para proporcionar una parte justa del ancho de banda a todos los flujos que utilizan la cola. Cada flujo es administrado por la disciplina de cola CoDel. Se evita reordenar dentro de un flujo ya que Codel utiliza internamente una cola FIFO."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
msgstr "Se combinará con el prefijo delegado y el sla-id para formar una dirección de interfaz completa. El valor predeterminado es utilizar la dirección EUI-64 de la interfaz."
@@ -8258,11 +7545,11 @@ msgstr "Generación de claves"
msgid "Key Management"
msgstr "Gestión de claves"
-#: ../../configuration/vpn/site2site_ipsec.rst:374
+#: ../../configuration/vpn/site2site_ipsec.rst:383
msgid "Key Parameters:"
msgstr "Parámetros clave:"
-#: ../../configuration/firewall/zone.rst:31
+#: ../../configuration/firewall/zone.rst:50
msgid "Key Points:"
msgstr "Puntos clave:"
@@ -8319,7 +7606,7 @@ msgstr "L2TPv3 se describe en :rfc:`3931`."
msgid "L2TPv3 options"
msgstr "Opciones L2TPv3"
-#: ../../configuration/vrf/index.rst:397
+#: ../../configuration/vrf/index.rst:399
msgid "L3VPN VRFs"
msgstr "L3VPN VRF"
@@ -8360,19 +7647,19 @@ msgstr "Protocolo de distribución de etiquetas"
msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
msgstr "Layer 2 Tunneling Protocol Version 3 es un estándar IETF relacionado con L2TP que se puede utilizar como un protocolo alternativo a :ref:`mpls` para la encapsulación del tráfico de comunicaciones multiprotocolo de Capa 2 a través de redes IP. Al igual que L2TP, L2TPv3 proporciona un servicio de pseudocable, pero está escalado para adaptarse a los requisitos del operador."
-#: ../../configuration/service/dhcp-server.rst:663
+#: ../../configuration/service/dhcp-server.rst:593
msgid "Lease time will be left at the default value which is 24 hours"
msgstr "El tiempo de concesión se dejará en el valor predeterminado, que es de 24 horas."
-#: ../../configuration/service/dhcp-server.rst:369
+#: ../../configuration/service/dhcp-server.rst:336
msgid "Lease timeout in seconds (default: 86400)"
msgstr "Tiempo de espera de arrendamiento en segundos (predeterminado: 86400)"
-#: ../../configuration/firewall/index.rst:47
+#: ../../configuration/firewall/index.rst:167
msgid "Legacy Firewall"
msgstr "Legacy Firewall"
-#: ../../configuration/interfaces/vxlan.rst:112
+#: ../../configuration/interfaces/vxlan.rst:133
msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
msgstr "Supongamos que PC4 en Leaf2 quiere hacer ping a PC5 en Leaf3. En lugar de configurar Leaf3 como nuestro extremo remoto manualmente, Leaf2 encapsula el paquete en un paquete UDP y lo envía a su dirección de multidifusión designada a través de Spine1. Cuando Spine1 recibe este paquete, lo reenvía a todas las demás hojas que se han unido al mismo grupo de multidifusión, en este caso Leaf3. Cuando Leaf3 recibe el paquete, lo reenvía, mientras que al mismo tiempo aprende que se puede acceder a PC4 detrás de Leaf2, porque el paquete encapsulado tenía la dirección IP de Leaf2 configurada como IP de origen."
@@ -8404,7 +7691,7 @@ msgstr "Equilibrio de nivel 4"
msgid "Lifetime associated with the default router in units of seconds"
msgstr "Tiempo de vida asociado con el enrutador predeterminado en unidades de segundos"
-#: ../../configuration/service/https.rst:72
+#: ../../configuration/service/https.rst:63
msgid "Lifetime in days; default is 365"
msgstr "Vida útil en días; el valor predeterminado es 365"
@@ -8436,7 +7723,7 @@ msgstr "limitador"
msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
msgstr "Limiter es una de esas políticas que usa clases_ (Ingress qdisc es en realidad una política sin clases, pero los filtros funcionan en ella)."
-#: ../../configuration/system/login.rst:379
+#: ../../configuration/system/login.rst:381
msgid "Limits"
msgstr "Límites"
@@ -8452,7 +7739,7 @@ msgstr "Valor de MTU de enlace colocado en RA, excluido en RA si no está config
msgid "Link aggregation"
msgstr "Agregar un link"
-#: ../../configuration/nat/nat44.rst:372
+#: ../../configuration/nat/nat44.rst:386
msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
msgstr "Linux netfilter no marcará el tráfico NAT como NO VÁLIDO. Esto a menudo confunde a las personas haciéndoles pensar que Linux (o específicamente VyOS) tiene una implementación de NAT rota porque se ve tráfico no NAT que sale de una interfaz externa. En realidad, esto funciona según lo previsto, y una captura de paquetes del tráfico &quot;con fugas&quot; debería revelar que el tráfico es un TCP &quot;RST&quot;, &quot;FIN, ACK&quot; o &quot;RST, ACK&quot; adicional enviado por los sistemas cliente después de Linux netfilter considera la conexión cerrada. El más común es el TCP RST adicional que algunas implementaciones de host envían después de terminar una conexión (que es específico de la implementación)."
@@ -8480,7 +7767,7 @@ msgstr "Lista de algoritmos admitidos: ``diffie-hellman-group1-sha1``, ``diffie-
msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
msgstr "Lista de cifrados compatibles: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr`` ``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
-#: ../../configuration/policy/route-map.rst:360
+#: ../../configuration/policy/route-map.rst:362
msgid "List of well-known communities"
msgstr "Lista de comunidades conocidas"
@@ -8504,15 +7791,15 @@ msgstr "Algoritmos de equilibrio de carga que se utilizarán para distribuir sol
msgid "Load-balancing schedule algorithm:"
msgstr "Algoritmo de programación de equilibrio de carga:"
-#: ../../configuration/nat/nat44.rst:632
+#: ../../configuration/nat/nat44.rst:656
msgid "Load Balance"
msgstr "Load Balance"
-#: ../../configuration/service/pppoe-server.rst:256
+#: ../../configuration/service/pppoe-server.rst:243
msgid "Load Balancing"
msgstr "Balanceo de carga"
-#: ../../configuration/system/login.rst:420
+#: ../../configuration/system/login.rst:422
msgid "Load the container image in op-mode."
msgstr "Cargue la imagen del contenedor en modo operativo."
@@ -8529,7 +7816,7 @@ msgstr "Configuración local:"
msgid "Local Configuration - Annotated:"
msgstr "Configuración local - Anotada:"
-#: ../../configuration/service/dhcp-server.rst:178
+#: ../../configuration/service/dhcp-server.rst:143
msgid "Local IP `<address>` used when communicating to the failover peer."
msgstr "IP local`<address> ` utilizado cuando se comunica con el compañero de conmutación por error."
@@ -8609,7 +7896,7 @@ msgstr "Registrar mensajes de syslog en el archivo especificado a través de `<f
msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
msgstr "Registrar mensajes de syslog en el host remoto especificado por `<address> `. La dirección se puede especificar mediante FQDN o dirección IP. Para obtener una explicación sobre las palabras clave :ref:`syslog_facilities` y las palabras clave :ref:`syslog_severity_level`, consulte las tablas a continuación."
-#: ../../configuration/system/conntrack.rst:187
+#: ../../configuration/system/conntrack.rst:224
msgid "Log the connection tracking events per protocol."
msgstr "Registre los eventos de seguimiento de conexión por protocolo."
@@ -8617,7 +7904,9 @@ msgstr "Registre los eventos de seguimiento de conexión por protocolo."
msgid "Logging"
msgstr "Inicio sesión"
-#: ../../configuration/firewall/general.rst:412
+#: ../../configuration/firewall/bridge.rst:151
+#: ../../configuration/firewall/ipv4.rst:198
+#: ../../configuration/firewall/ipv6.rst:198
msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
@@ -8629,14 +7918,18 @@ msgstr "El inicio de sesión en un host remoto deja intacta la configuración de
msgid "Login/User Management"
msgstr "Inicio de sesión/Administración de usuarios"
-#: ../../configuration/system/login.rst:361
+#: ../../configuration/system/login.rst:363
msgid "Login Banner"
msgstr "Bandera de inicio de sesión"
-#: ../../configuration/system/login.rst:381
+#: ../../configuration/system/login.rst:383
msgid "Login limits"
msgstr "Límites de inicio de sesión"
+#: ../../configuration/protocols/isis.rst:306
+msgid "Loop Free Alternate (LFA)"
+msgstr "Loop Free Alternate (LFA)"
+
#: ../../configuration/interfaces/loopback.rst:7
msgid "Loopback"
msgstr "Bucle invertido"
@@ -8660,8 +7953,7 @@ msgstr "Información MAC/PHY"
msgid "MACVLAN - Pseudo Ethernet"
msgstr "MACVLAN - PseudoEthernet"
-#: ../../configuration/firewall/general.rst:282
-#: ../../configuration/firewall/general-legacy.rst:240
+#: ../../configuration/firewall/groups.rst:109
msgid "MAC Groups"
msgstr "Grupos MAC"
@@ -8701,52 +7993,14 @@ msgstr "MPLS"
msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
msgstr "El soporte de MPLS en VyOS aún no está terminado y, por lo tanto, su funcionalidad es limitada. Actualmente no hay soporte para servicios VPN habilitados para MPLS, como L2VPN y mVPN. La compatibilidad con RSVP tampoco está presente ya que la pila de enrutamiento subyacente (FRR) no la implementa. Actualmente, VyOS implementa LDP como se describe en RFC 5036; Otros estándares LDP son los siguientes: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Porque MPLS ya está disponible (FRR también es compatible con RFC 3031)."
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/pppoe.rst:215
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/sstp-client.rst:87
#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
msgstr "Valor MSS = MTU - 20 (encabezado IP) - 20 (encabezado TCP), lo que da como resultado 1452 bytes en un MTU de 1492 bytes."
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
#: ../../configuration/interfaces/pppoe.rst:261
#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
msgstr "Valor MSS = MTU - 40 (encabezado IPv6) - 20 (encabezado TCP), lo que da como resultado 1432 bytes en un MTU de 1492 bytes."
@@ -8758,11 +8012,19 @@ msgstr "PERSONA"
msgid "Mail system"
msgstr "sistema de correo"
+#: ../../configuration/firewall/index.rst:20
+msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+
+#: ../../configuration/firewall/index.rst:91
+msgid "Main structure VyOS firewall cli is shown next:"
+msgstr "Main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/firewall/general.rst:20
msgid "Main structure is shown next:"
msgstr "Main structure is shown next:"
-#: ../../configuration/service/pppoe-server.rst:308
+#: ../../configuration/service/pppoe-server.rst:295
msgid "Maintenance mode"
msgstr "Modo de mantenimiento"
@@ -8786,11 +8048,15 @@ msgstr "Configuraciones obligatorias"
msgid "Manual Neighbor Configuration"
msgstr "Configuración manual de vecinos"
-#: ../../configuration/interfaces/vxlan.rst:150
+#: ../../configuration/pki/index.rst:336
+msgid "Manually trigger certificate renewal. This will be done twice a day."
+msgstr "Manually trigger certificate renewal. This will be done twice a day."
+
+#: ../../configuration/interfaces/vxlan.rst:171
msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
-#: ../../configuration/vpn/sstp.rst:212
+#: ../../configuration/vpn/sstp.rst:223
msgid "Mark RADIUS server as offline for this given `<time>` in seconds."
msgstr "Marque el servidor RADIUS como fuera de línea para este `<time> ` en segundos."
@@ -8810,7 +8076,8 @@ msgstr "Haga coincidir grandes comunidades BGP."
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
msgstr "Haga coincidir las direcciones IP en función de su geolocalización. Más información: `coincidencia geoip<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching> `_."
-#: ../../configuration/firewall/general.rst:710
+#: ../../configuration/firewall/ipv4.rst:440
+#: ../../configuration/firewall/ipv6.rst:447
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
@@ -8822,18 +8089,18 @@ msgstr "Coincide con el resultado de la validación de RPKI."
msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
msgstr "Coincidir con un criterio de protocolo. Un número de protocolo o un nombre que se define en: ``/etc/protocols``. Los nombres especiales son ``all`` para todos los protocolos y ``tcp_udp`` para paquetes basados en tcp y udp. El ``!`` niega el protocolo seleccionado."
-#: ../../configuration/firewall/general.rst:1091
-#: ../../configuration/firewall/general-legacy.rst:671
+#: ../../configuration/firewall/ipv4.rst:773
+#: ../../configuration/firewall/ipv6.rst:783
msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
msgstr "Coincidir con un criterio de protocolo. Un número de protocolo o un nombre que se define aquí: ``/etc/protocols``. Los nombres especiales son ``all`` para todos los protocolos y ``tcp_udp`` para paquetes basados en tcp y udp. El ``!`` niega el protocolo seleccionado."
-#: ../../configuration/firewall/general.rst:1158
-#: ../../configuration/firewall/general-legacy.rst:709
+#: ../../configuration/firewall/ipv4.rst:831
+#: ../../configuration/firewall/ipv6.rst:840
msgid "Match against the state of a packet."
msgstr "Comparar con el estado de un paquete."
-#: ../../configuration/firewall/general.rst:924
-#: ../../configuration/firewall/general-legacy.rst:590
+#: ../../configuration/firewall/ipv4.rst:620
+#: ../../configuration/firewall/ipv6.rst:630
msgid "Match based on dscp value."
msgstr "Coincidencia basada en el valor de dscp."
@@ -8841,18 +8108,28 @@ msgstr "Coincidencia basada en el valor de dscp."
msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
msgstr "Coincidencia basada en criterios de valor de dscp. Se admiten múltiples valores de 0 a 63 y rangos."
-#: ../../configuration/firewall/general.rst:937
-#: ../../configuration/firewall/general-legacy.rst:597
+#: ../../configuration/firewall/ipv4.rst:631
+#: ../../configuration/firewall/ipv6.rst:641
msgid "Match based on fragment criteria."
msgstr "Coincidencia basada en criterios de fragmentos."
-#: ../../configuration/firewall/general.rst:956
-#: ../../configuration/firewall/general-legacy.rst:604
+#: ../../configuration/firewall/ipv4.rst:642
+msgid "Match based on icmp code and type."
+msgstr "Match based on icmp code and type."
+
+#: ../../configuration/firewall/ipv4.rst:653
+msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:663
+msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:652
#: ../../configuration/policy/route.rst:131
msgid "Match based on icmp|icmpv6 code and type."
msgstr "Coincidencia basada en código y tipo icmp|icmpv6."
-#: ../../configuration/firewall/general.rst:975
#: ../../configuration/firewall/general-legacy.rst:610
msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
msgstr "Coincidencia basada en criterios de nombre de tipo icmp|icmpv6. Use la pestaña para obtener información sobre qué criterios de **nombre de tipo** se admiten."
@@ -8869,8 +8146,20 @@ msgstr "Coincidencia basada en la interfaz de entrada/salida. Se puede utilizar
msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1013
-#: ../../configuration/firewall/general-legacy.rst:630
+#: ../../configuration/firewall/bridge.rst:239
+#: ../../configuration/firewall/ipv4.rst:663
+#: ../../configuration/firewall/ipv6.rst:673
+msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:248
+#: ../../configuration/firewall/ipv4.rst:674
+#: ../../configuration/firewall/ipv6.rst:684
+msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:707
+#: ../../configuration/firewall/ipv6.rst:717
msgid "Match based on ipsec criteria."
msgstr "Coincidencia basada en criterios de ipsec."
@@ -8878,53 +8167,77 @@ msgstr "Coincidencia basada en criterios de ipsec."
msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1064
-#: ../../configuration/firewall/general-legacy.rst:656
+#: ../../configuration/firewall/bridge.rst:256
+#: ../../configuration/firewall/ipv4.rst:684
+#: ../../configuration/firewall/ipv6.rst:694
+msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:265
+#: ../../configuration/firewall/ipv4.rst:695
+#: ../../configuration/firewall/ipv6.rst:705
+msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:750
+#: ../../configuration/firewall/ipv6.rst:760
#: ../../configuration/policy/route.rst:176
msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
msgstr "Coincidencia basada en criterios de longitud de paquete. Se admiten varios valores de 1 a 65535 y rangos."
-#: ../../configuration/firewall/general.rst:1078
-#: ../../configuration/firewall/general-legacy.rst:664
+#: ../../configuration/firewall/ipv4.rst:762
+#: ../../configuration/firewall/ipv6.rst:772
#: ../../configuration/policy/route.rst:184
msgid "Match based on packet type criteria."
msgstr "Coincidencia basada en criterios de tipo de paquete."
-#: ../../configuration/firewall/general.rst:1039
-#: ../../configuration/firewall/general-legacy.rst:644
+#: ../../configuration/firewall/ipv4.rst:729
+#: ../../configuration/firewall/ipv6.rst:739
msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
msgstr "Coincidencia basada en la tasa promedio máxima, especificada como **entero/unidad**. Por ejemplo **5/minutos**"
-#: ../../configuration/firewall/general.rst:1026
-#: ../../configuration/firewall/general-legacy.rst:637
+#: ../../configuration/firewall/ipv4.rst:718
+#: ../../configuration/firewall/ipv6.rst:728
msgid "Match based on the maximum number of packets to allow in excess of rate."
msgstr "Coincidencia basada en el número máximo de paquetes que se permiten por encima de la tasa."
-#: ../../configuration/firewall/general.rst:1124
-#: ../../configuration/firewall/general-legacy.rst:689
+#: ../../configuration/firewall/bridge.rst:273
+msgid "Match based on vlan ID. Range is also supported."
+msgstr "Match based on vlan ID. Range is also supported."
+
+#: ../../configuration/firewall/bridge.rst:280
+msgid "Match based on vlan priority(pcp). Range is also supported."
+msgstr "Match based on vlan priority(pcp). Range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:801
+#: ../../configuration/firewall/ipv6.rst:810
msgid "Match bases on recently seen sources."
msgstr "Coincide con las bases de las fuentes vistas recientemente."
-#: ../../configuration/firewall/general.rst:562
-#: ../../configuration/firewall/general-legacy.rst:394
+#: ../../configuration/firewall/ipv4.rst:325
+#: ../../configuration/firewall/ipv6.rst:325
msgid "Match criteria based on connection mark."
msgstr "Criterios de coincidencia basados en la marca de conexión."
-#: ../../configuration/firewall/general.rst:549
-#: ../../configuration/firewall/general-legacy.rst:387
+#: ../../configuration/firewall/ipv4.rst:314
+#: ../../configuration/firewall/ipv6.rst:314
msgid "Match criteria based on nat connection status."
msgstr "Criterios de coincidencia basados en el estado de la conexión nacional."
-#: ../../configuration/firewall/general.rst:586
+#: ../../configuration/firewall/ipv4.rst:345
+#: ../../configuration/firewall/ipv6.rst:345
msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
+#: ../../configuration/firewall/bridge.rst:232
+msgid "Match criteria based on source and/or destination mac-address."
+msgstr "Match criteria based on source and/or destination mac-address."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:58
msgid "Match domain name"
msgstr "Coincidencia de nombre de dominio"
-#: ../../configuration/firewall/general.rst:1234
-#: ../../configuration/firewall/general-legacy.rst:732
+#: ../../configuration/firewall/ipv6.rst:894
#: ../../configuration/policy/route.rst:234
msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Igualar el parámetro de límite de salto, donde &#39;eq&#39; significa &#39;igual&#39;; &#39;gt&#39; significa &#39;mayor que&#39; y &#39;lt&#39; significa &#39;menor que&#39;."
@@ -8937,19 +8250,19 @@ msgstr "Coincide con la preferencia local."
msgid "Match route metric."
msgstr "Coincidir con la métrica de la ruta."
-#: ../../configuration/firewall/general.rst:1222
-#: ../../configuration/firewall/general-legacy.rst:726
+#: ../../configuration/firewall/ipv4.rst:885
#: ../../configuration/policy/route.rst:229
msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Igualar el tiempo de vida del parámetro, donde &#39;eq&#39; significa &#39;igual&#39;; &#39;gt&#39; significa &#39;mayor que&#39; y &#39;lt&#39; significa &#39;menor que&#39;."
-#: ../../configuration/firewall/general.rst:1259
-#: ../../configuration/firewall/general-legacy.rst:742
+#: ../../configuration/firewall/ipv4.rst:906
+#: ../../configuration/firewall/ipv6.rst:915
msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
msgstr "Coincidencia cuando se ve la cantidad de conexiones &#39;recuento&#39; dentro de &#39;tiempo&#39;. Estos criterios coincidentes se pueden utilizar para bloquear los intentos de fuerza bruta."
-#: ../../configuration/firewall/general.rst:534
-#: ../../configuration/firewall/general-legacy.rst:378
+#: ../../configuration/firewall/bridge.rst:219
+#: ../../configuration/firewall/ipv4.rst:301
+#: ../../configuration/firewall/ipv6.rst:301
#: ../../configuration/policy/route.rst:38
msgid "Matching criteria"
msgstr "Criterios de coincidencia"
@@ -8966,7 +8279,7 @@ msgstr "Longitud máxima de A-MSDU 3839 (predeterminado) o 7935 octetos"
msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
msgstr "Número máximo de entradas de caché de DNS. 1 millón por núcleo de CPU generalmente será suficiente para la mayoría de las instalaciones."
-#: ../../configuration/vpn/sstp.rst:148
+#: ../../configuration/vpn/sstp.rst:159
msgid "Maximum number of IPv4 nameservers"
msgstr "Número máximo de servidores de nombres IPv4"
@@ -8978,7 +8291,11 @@ msgstr "Número máximo de procesos de autenticación para generar. Si comienza
msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
msgstr "Número máximo de estaciones permitidas en la tabla de estaciones. Las nuevas estaciones serán rechazadas una vez que la tabla de estaciones esté llena. IEEE 802.11 tiene un límite de 2007 ID de asociación diferentes, por lo que este número no debe ser mayor."
-#: ../../configuration/vpn/sstp.rst:239
+#: ../../configuration/service/dns.rst:148
+msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+
+#: ../../configuration/vpn/sstp.rst:250
msgid "Maximum number of tries to send Access-Request/Accounting-Request queries"
msgstr "Número máximo de intentos para enviar consultas de Solicitud de acceso/Solicitud de contabilidad"
@@ -9010,6 +8327,26 @@ msgstr "Versión Metris, el valor predeterminado es ``2``"
msgid "Min and max intervals between unsolicited multicast RAs"
msgstr "Intervalos mínimos y máximos entre RA de multidifusión no solicitados"
+#: ../../configuration/firewall/flowtables.rst:106
+msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+
+#: ../../configuration/protocols/pim.rst:49
+msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+
+#: ../../configuration/protocols/pim.rst:59
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
+#: ../../configuration/protocols/pim.rst:98
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+
+#: ../../configuration/protocols/pim.rst:82
+msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+
#: ../../configuration/interfaces/wireless.rst:22
msgid "Monitor, the system passively monitors any kind of wireless traffic"
msgstr "Monitor, el sistema monitorea pasivamente cualquier tipo de tráfico inalámbrico"
@@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN
msgid "Mount a volume into the container"
msgstr "Montar un volumen en el contenedor."
-#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:235
msgid "Multi"
msgstr "Multi"
@@ -9046,16 +8383,15 @@ msgstr "El servidor multicliente es el modo OpenVPN más popular en los enrutado
msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
msgstr "multihogar. En un entorno de red de alojamiento múltiple, el dispositivo NAT66 se conecta a una red interna y se conecta simultáneamente a diferentes redes externas. La traducción de direcciones se puede configurar en cada interfaz del lado de la red externa del dispositivo NAT66 para convertir la misma dirección de red interna en diferentes direcciones de red externa y realizar la asignación de la misma dirección interna a varias direcciones externas."
-#: ../../configuration/service/dhcp-server.rst:392
+#: ../../configuration/service/dhcp-server.rst:359
msgid "Multi: can be specified multiple times."
msgstr "Multi: se puede especificar varias veces."
-#: ../../configuration/interfaces/vxlan.rst:89
-#: ../../configuration/protocols/igmp.rst:7
+#: ../../configuration/interfaces/vxlan.rst:110
msgid "Multicast"
msgstr "multidifusión"
-#: ../../configuration/interfaces/vxlan.rst:209
+#: ../../configuration/interfaces/vxlan.rst:230
msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
msgstr "Se requiere enrutamiento de multidifusión para que las hojas reenvíen el tráfico entre sí de una manera más escalable. Esto también requiere que PIM esté habilitado hacia las hojas para que Spine pueda aprender de qué grupos de multidifusión espera tráfico cada hoja."
@@ -9063,11 +8399,15 @@ msgstr "Se requiere enrutamiento de multidifusión para que las hojas reenvíen
msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
msgstr "Multicast DNS utiliza la dirección 224.0.0.251, que tiene un &quot;ámbito administrativo&quot; y no sale de la subred. Retransmite paquetes mDNS de una interfaz a otras interfaces. Esto permite la compatibilidad con, por ejemplo, dispositivos Apple Airplay en varias VLAN."
-#: ../../configuration/interfaces/vxlan.rst:105
+#: ../../configuration/service/mdns.rst:8
+msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+
+#: ../../configuration/interfaces/vxlan.rst:126
msgid "Multicast VXLAN"
msgstr "VXLAN de multidifusión"
-#: ../../configuration/interfaces/vxlan.rst:99
+#: ../../configuration/interfaces/vxlan.rst:120
msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
msgstr "Dirección de grupo de multidifusión para la interfaz VXLAN. Los túneles VXLAN se pueden construir mediante multidifusión o mediante unidifusión."
@@ -9075,7 +8415,7 @@ msgstr "Dirección de grupo de multidifusión para la interfaz VXLAN. Los túnel
msgid "Multicast group to use for syncing conntrack entries."
msgstr "Grupo de multidifusión que se usará para sincronizar las entradas de conntrack."
-#: ../../configuration/protocols/igmp.rst:26
+#: ../../configuration/protocols/pim.rst:22
msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Los receptores de multidifusión hablarán IGMP con su enrutador local, por lo que, además de tener PIM configurado en cada enrutador, IGMP también debe configurarse en cualquier enrutador donde pueda haber un receptor de multidifusión conectado localmente."
@@ -9083,8 +8423,8 @@ msgstr "Los receptores de multidifusión hablarán IGMP con su enrutador local,
msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
-#: ../../configuration/service/dhcp-server.rst:59
-#: ../../configuration/service/dhcp-server.rst:106
+#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:92
msgid "Multiple DNS servers can be defined."
msgstr "Se pueden definir varios servidores DNS."
@@ -9096,7 +8436,7 @@ msgstr "Se pueden proporcionar múltiples instancias de almacenamiento en caché
msgid "Multiple Uplinks"
msgstr "Múltiples enlaces ascendentes"
-#: ../../configuration/interfaces/vxlan.rst:144
+#: ../../configuration/interfaces/vxlan.rst:165
msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
@@ -9108,7 +8448,7 @@ msgstr "Se pueden especificar varios alias por nombre de host."
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
msgstr "Se pueden especificar múltiples puertos de destino como una lista separada por comas. La lista completa también se puede &quot;negar&quot; usando &#39;!&#39;. Por ejemplo: &#39;!22,telnet,http,123,1001-1005&#39;"
-#: ../../configuration/system/conntrack.rst:122
+#: ../../configuration/system/conntrack.rst:150
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
msgstr "Se pueden especificar múltiples puertos de destino como una lista separada por comas. La lista completa también se puede &quot;negar&quot; usando &#39;!&#39;. Por ejemplo: `!22,telnet,http,123,1001-1005``"
@@ -9125,12 +8465,12 @@ msgstr "Se pueden configurar múltiples redes/direcciones IP de clientes."
msgid "Multiple servers can be specified."
msgstr "Se pueden especificar varios servidores."
-#: ../../configuration/service/dns.rst:361
+#: ../../configuration/service/dns.rst:374
msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"
msgstr "Se pueden utilizar múltiples servicios por interfaz. ¡Simplemente especifique tantos servicios por interfaz como desee!"
-#: ../../configuration/firewall/general.rst:770
-#: ../../configuration/firewall/general-legacy.rst:515
+#: ../../configuration/firewall/ipv4.rst:494
+#: ../../configuration/firewall/ipv6.rst:500
msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
msgstr "Se pueden especificar varios puertos de origen como una lista separada por comas. La lista completa también se puede &quot;negar&quot; usando ``!``. Por ejemplo:"
@@ -9147,18 +8487,18 @@ msgstr "Varios usuarios pueden conectarse al mismo dispositivo serie, pero solo
msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
msgstr "Las extensiones multiprotocolo permiten que BGP transporte información de enrutamiento para múltiples protocolos de capa de red. BGP admite un identificador de familia de direcciones (AFI) para IPv4 e IPv6."
-#: ../../configuration/service/dhcp-server.rst:274
-#: ../../configuration/service/dhcp-server.rst:280
-#: ../../configuration/service/dhcp-server.rst:285
-#: ../../configuration/service/dhcp-server.rst:305
-#: ../../configuration/service/dhcp-server.rst:320
-#: ../../configuration/service/dhcp-server.rst:325
-#: ../../configuration/service/dhcp-server.rst:330
-#: ../../configuration/service/dhcp-server.rst:335
-#: ../../configuration/service/dhcp-server.rst:340
-#: ../../configuration/service/dhcp-server.rst:360
-#: ../../configuration/service/dhcp-server.rst:365
-#: ../../configuration/service/dhcp-server.rst:370
+#: ../../configuration/service/dhcp-server.rst:241
+#: ../../configuration/service/dhcp-server.rst:247
+#: ../../configuration/service/dhcp-server.rst:252
+#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:337
msgid "N"
msgstr "norte"
@@ -9175,19 +8515,31 @@ msgstr "NAT, Enrutamiento, Interacción con Firewall"
msgid "NAT44"
msgstr "NAT44"
+#: ../../configuration/nat/nat64.rst:5
+msgid "NAT64"
+msgstr "NAT64"
+
+#: ../../configuration/nat/nat64.rst:62
+msgid "NAT64 client configuration:"
+msgstr "NAT64 client configuration:"
+
+#: ../../configuration/nat/nat64.rst:44
+msgid "NAT64 server configuration:"
+msgstr "NAT64 server configuration:"
+
#: ../../configuration/nat/nat66.rst:5
msgid "NAT66(NPTv6)"
msgstr "NAT66(NPTv6)"
-#: ../../configuration/nat/nat44.rst:706
+#: ../../configuration/nat/nat44.rst:730
msgid "NAT Configuration"
msgstr "Configuración NAT"
-#: ../../configuration/nat/nat44.rst:287
+#: ../../configuration/nat/nat44.rst:299
msgid "NAT Load Balance"
msgstr "NAT Load Balance"
-#: ../../configuration/nat/nat44.rst:293
+#: ../../configuration/nat/nat44.rst:305
msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
@@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it
msgid "NAT Ruleset"
msgstr "Conjunto de reglas NAT"
-#: ../../configuration/nat/nat44.rst:686
+#: ../../configuration/nat/nat44.rst:710
msgid "NAT (specifically, Source NAT);"
msgstr "NAT (específicamente, Source NAT);"
-#: ../../configuration/nat/nat44.rst:624
+#: ../../configuration/nat/nat44.rst:648
msgid "NAT before VPN"
msgstr "NAT antes de VPN"
-#: ../../configuration/nat/nat44.rst:677
-#: ../../configuration/nat/nat44.rst:677
+#: ../../configuration/nat/nat44.rst:701
msgid "NAT before VPN Topology"
msgstr "NAT antes de VPN Topología"
@@ -9236,7 +8587,7 @@ msgstr "NTP proporciona una advertencia de cualquier ajuste de segundo bisiesto
msgid "Name Server"
msgstr "Nombre del servidor"
-#: ../../configuration/service/dhcp-server.rst:389
+#: ../../configuration/service/dhcp-server.rst:356
msgid "Name of static mapping"
msgstr "Nombre del mapeo estático"
@@ -9244,11 +8595,11 @@ msgstr "Nombre del mapeo estático"
msgid "Name of the single table Only if set group-metrics single-table."
msgstr "Nombre de la tabla única Solo si se establece una tabla única de métricas de grupo."
-#: ../../configuration/service/dhcp-server.rst:329
+#: ../../configuration/service/dhcp-server.rst:296
msgid "Name or IPv4 address of TFTP server"
msgstr "Nombre o dirección IPv4 del servidor TFTP"
-#: ../../configuration/service/dhcp-server.rst:314
+#: ../../configuration/service/dhcp-server.rst:281
msgid "NetBIOS over TCP/IP name server"
msgstr "Servidor de nombres NetBIOS sobre TCP/IP"
@@ -9276,7 +8627,7 @@ msgstr "NetFlow generalmente se habilita por interfaz para limitar la carga en l
msgid "NetFlow v5 example:"
msgstr "Ejemplo de NetFlow v5:"
-#: ../../configuration/firewall/index.rst:16
+#: ../../configuration/firewall/index.rst:13
msgid "Netfilter based"
msgstr "Netfilter based"
@@ -9302,8 +8653,7 @@ msgstr "Control de red"
msgid "Network Emulator"
msgstr "Emulador de red"
-#: ../../configuration/firewall/general.rst:215
-#: ../../configuration/firewall/general-legacy.rst:191
+#: ../../configuration/firewall/groups.rst:42
msgid "Network Groups"
msgstr "Grupos de red"
@@ -9315,7 +8665,7 @@ msgstr "ID de red (SSID) ``Enterprise-TEST``"
msgid "Network ID (SSID) ``TEST``"
msgstr "ID de red (SSID) ``PRUEBA``"
-#: ../../configuration/protocols/igmp.rst:None
+#: ../../configuration/protocols/pim.rst:-1
msgid "Network Topology Diagram"
msgstr "Diagrama de topología de red"
@@ -9339,7 +8689,7 @@ msgstr "El nuevo usuario utilizará SHA/AES para autenticación y privacidad"
msgid "Next-hop interface for the route"
msgstr "Interfaz de siguiente salto para la ruta"
-#: ../../configuration/vpn/openconnect.rst:205
+#: ../../configuration/vpn/openconnect.rst:212
msgid "Next it is necessary to configure 2FA for OpenConnect:"
msgstr "A continuación es necesario configurar 2FA para OpenConnect:"
@@ -9428,7 +8778,7 @@ msgstr "Ahora añadimos la opción al visor, adaptándonos a tu setup"
msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
msgstr "Ahora necesitamos especificar la configuración de red del servidor. En todos los casos, debemos especificar la subred para los puntos finales del túnel del cliente. Dado que queremos que los clientes accedan a una red específica detrás de nuestro enrutador, utilizaremos una opción de ruta de inserción para instalar esa ruta en los clientes."
-#: ../../configuration/vpn/openconnect.rst:212
+#: ../../configuration/vpn/openconnect.rst:219
msgid "Now when connecting the user will first be asked for the password and then the OTP key."
msgstr "Ahora al conectarse al usuario primero se le pedirá la contraseña y luego la clave OTP."
@@ -9480,7 +8830,7 @@ msgstr "Generación de claves OTP"
msgid "Offloading"
msgstr "Descarga"
-#: ../../configuration/service/dhcp-server.rst:278
+#: ../../configuration/service/dhcp-server.rst:245
msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
msgstr "Desplazamiento de la subred del cliente en segundos desde el tiempo universal coordinado (UTC)"
@@ -9555,6 +8905,10 @@ msgstr "En el iniciador, debemos configurar la opción de identificación remota
msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
msgstr "En el iniciador, configuramos la dirección del par a su dirección pública, pero en el respondedor solo configuramos la identificación."
+#: ../../configuration/protocols/pim.rst:120
+msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+
#: ../../configuration/vpn/rsa-keys.rst:57
msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
msgstr "En el respondedor, debemos configurar la identificación local para que el iniciador pueda saber quién está hablando con él para que funcione el punto n. ° 3."
@@ -9564,25 +8918,6 @@ msgid "Once a class has a filter configured, you will also have to define what y
msgstr "Una vez que una clase tiene un filtro configurado, también tendrás que definir qué quieres hacer con el tráfico de esa clase, qué tratamiento específico de Traffic-Control le quieres dar. Tendrás diferentes posibilidades dependiendo de la Política de Tráfico que estés configurando."
#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
msgstr "Una vez que se ha encontrado un vecino, la entrada se considera válida al menos durante este tiempo específico. La validez de una entrada se extenderá si recibe comentarios positivos de los protocolos de nivel superior."
@@ -9606,6 +8941,10 @@ msgstr "Una vez que la contabilidad de flujo está configurada en una interfaz,
msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
+#: ../../configuration/firewall/flowtables.rst:38
+msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+
#: ../../configuration/service/pppoe-server.rst:63
msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
msgstr "Una vez que se ha definido el extremo del túnel local ``set service pppoe-server gateway-address &#39;10.1.1.2&#39;&#39;``, el conjunto de direcciones IP del cliente se puede definir como un rango o como una subred mediante la notación CIDR. Si se usa la notación CIDR, se pueden configurar varias subredes que se usan secuencialmente."
@@ -9614,11 +8953,11 @@ msgstr "Una vez que se ha definido el extremo del túnel local ``set service ppp
msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
msgstr "Una vez que se establecen las reglas de coincidencia para una clase, puede comenzar a configurar cómo desea que se comporte el tráfico coincidente."
-#: ../../configuration/service/pppoe-server.rst:224
+#: ../../configuration/service/pppoe-server.rst:211
msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
msgstr "Una vez que el usuario está conectado, la sesión del usuario utiliza los límites establecidos y se puede mostrar a través de &#39;mostrar sesiones del servidor pppoe&#39;."
-#: ../../configuration/vpn/openconnect.rst:250
+#: ../../configuration/vpn/openconnect.rst:257
msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
msgstr "Una vez que haya realizado los cambios anteriores, puede crear un archivo de configuración en el directorio /config/auth/ocserv/config-per-user que coincida con el nombre de usuario de un usuario que haya creado, por ejemplo, &quot;tst&quot;. Ahora, al iniciar sesión con el usuario &quot;tst&quot;, se cargarán las opciones de configuración que configuró en este archivo."
@@ -9626,7 +8965,7 @@ msgstr "Una vez que haya realizado los cambios anteriores, puede crear un archiv
msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
msgstr "Una vez que tenga un dispositivo Ethernet conectado, es decir, `eth0`, puede configurarlo para abrir la sesión PPPoE para usted y su transceptor DSL (módem/enrutador) simplemente actúa para traducir sus mensajes de una manera que vDSL/aDSL entienda."
-#: ../../configuration/vpn/sstp.rst:295
+#: ../../configuration/vpn/sstp.rst:307
msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
msgstr "Una vez que haya configurado su servidor SSTP, llega el momento de realizar algunas pruebas básicas. El cliente de Linux utilizado para las pruebas se llama sstpc_. sstpc_ requiere un archivo de configuración/par de PPP."
@@ -9651,11 +8990,6 @@ msgid "One of the uses of Fair Queue might be the mitigation of Denial of Servic
msgstr "Uno de los usos de Fair Queue podría ser la mitigación de los ataques de denegación de servicio."
#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgstr "Solo se aceptan paquetes con etiquetas 802.1Q en vifs de Ethernet."
@@ -9663,8 +8997,12 @@ msgstr "Solo se aceptan paquetes con etiquetas 802.1Q en vifs de Ethernet."
msgid "Only VRRP is supported. Required option."
msgstr "Solo se admite VRRP. Opción requerida."
-#: ../../configuration/firewall/general.rst:731
-#: ../../configuration/firewall/general-legacy.rst:490
+#: ../../configuration/service/https.rst:18
+msgid "Only allow certain IP addresses or prefixes to access the https webserver."
+msgstr "Only allow certain IP addresses or prefixes to access the https webserver."
+
+#: ../../configuration/firewall/ipv4.rst:459
+#: ../../configuration/firewall/ipv6.rst:466
msgid "Only in the source criteria, you can specify a mac-address."
msgstr "Solo en los criterios de origen, puede especificar una dirección MAC."
@@ -9672,22 +9010,7 @@ msgstr "Solo en los criterios de origen, puede especificar una dirección MAC."
msgid "Only one SRGB and default SPF Algorithm is supported"
msgstr "Solo se admite un algoritmo SRGB y SPF predeterminado"
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
+#: ../../_include/interface-dhcp-options.txt:48
msgid "Only request an address from the DHCP server but do not request a default gateway."
msgstr "Solo solicite una dirección del servidor DHCP, pero no solicite una puerta de enlace predeterminada."
@@ -9703,6 +9026,10 @@ msgstr "Solo solicite una dirección del servidor SSTP pero no instale ninguna r
msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
msgstr "Solo se utiliza el tipo (``ssh-rsa``) y la clave (``AAAB3N...``). Tenga en cuenta que la clave generalmente tendrá varios cientos de caracteres y deberá copiarla y pegarla. Algunos emuladores de terminal pueden dividir esto accidentalmente en varias líneas. Ojo cuando lo pegues que solo pega como una sola línea. La tercera parte es simplemente un identificador y es para su propia referencia."
+#: ../../configuration/interfaces/vxlan.rst:96
+msgid "Only works with a VXLAN device with external flag set."
+msgstr "Only works with a VXLAN device with external flag set."
+
#: ../../configuration/highavailability/index.rst:457
msgid "Op-mode check virtual-server status"
msgstr "Comprobar el estado del servidor virtual en modo operativo"
@@ -9715,15 +9042,15 @@ msgstr "AbrirConectar"
msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
msgstr "La función de servidor compatible con OpenConnect está disponible a partir de esta versión. Openconnect VPN admite conexión SSL y ofrece acceso completo a la red. La extensión de red SSL VPN conecta el sistema del usuario final a la red corporativa con controles de acceso basados únicamente en la información de la capa de red, como la dirección IP de destino y el número de puerto. Por lo tanto, proporciona una comunicación segura para todo tipo de tráfico de dispositivos a través de redes públicas y redes privadas, también encripta el tráfico con el protocolo SSL."
-#: ../../configuration/vpn/openconnect.rst:274
+#: ../../configuration/vpn/openconnect.rst:281
msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
msgstr "OpenConnect se puede configurar para enviar información de contabilidad a un servidor RADIUS para capturar datos de la sesión del usuario, como la hora de conexión/desconexión, los datos transferidos, etc."
-#: ../../configuration/vpn/openconnect.rst:267
+#: ../../configuration/vpn/openconnect.rst:274
msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
msgstr "El servidor OpenConnect coincide con el nombre del archivo distinguiendo entre mayúsculas y minúsculas, asegúrese de que el nombre de usuario/grupo que configure coincida exactamente con el nombre del archivo."
-#: ../../configuration/vpn/openconnect.rst:228
+#: ../../configuration/vpn/openconnect.rst:235
msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
msgstr "OpenConnect admite un subconjunto de sus opciones de configuración que se aplicarán por usuario/grupo, para fines de configuración nos referimos a esta funcionalidad como &quot;Configuración basada en identidad&quot;. El siguiente `Manual del servidor OpenConnect <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group> `_ describe el conjunto de opciones de configuración que están permitidas. Esto se puede aprovechar para aplicar diferentes conjuntos de configuraciones a diferentes usuarios o grupos de usuarios."
@@ -9778,27 +9105,34 @@ msgstr "Modos de funcionamiento"
#: ../../configuration/interfaces/virtual-ethernet.rst:55
#: ../../configuration/interfaces/wireless.rst:416
#: ../../configuration/interfaces/wwan.rst:79
-#: ../../configuration/pki/index.rst:252
-#: ../../configuration/protocols/igmp.rst:245
+#: ../../configuration/pki/index.rst:290
+#: ../../configuration/protocols/igmp-proxy.rst:73
#: ../../configuration/protocols/static.rst:183
#: ../../configuration/service/conntrack-sync.rst:103
#: ../../configuration/service/console-server.rst:76
#: ../../configuration/service/dhcp-relay.rst:124
-#: ../../configuration/service/dhcp-relay.rst:199
-#: ../../configuration/service/dns.rst:182
+#: ../../configuration/service/dhcp-relay.rst:201
+#: ../../configuration/service/dns.rst:195
#: ../../configuration/service/lldp.rst:71
+#: ../../configuration/service/mdns.rst:79
#: ../../configuration/service/ssh.rst:145
#: ../../configuration/service/webproxy.rst:330
#: ../../configuration/system/default-route.rst:25
#: ../../configuration/system/flow-accounting.rst:175
#: ../../configuration/vrf/index.rst:111
-#: ../../configuration/vrf/index.rst:321
-#: ../../configuration/vrf/index.rst:501
+#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:503
msgid "Operation"
msgstr "Operación"
-#: ../../configuration/firewall/general.rst:1307
-#: ../../configuration/firewall/general-legacy.rst:778
+#: ../../configuration/firewall/groups.rst:186
+#: ../../configuration/firewall/zone.rst:128
+msgid "Operation-mode"
+msgstr "Operation-mode"
+
+#: ../../configuration/firewall/bridge.rst:284
+#: ../../configuration/firewall/ipv4.rst:954
+#: ../../configuration/firewall/ipv6.rst:962
msgid "Operation-mode Firewall"
msgstr "Cortafuegos en modo operativo"
@@ -9806,8 +9140,8 @@ msgstr "Cortafuegos en modo operativo"
msgid "Operation Commands"
msgstr "Comandos de operación"
-#: ../../configuration/service/dhcp-server.rst:512
-#: ../../configuration/service/dhcp-server.rst:732
+#: ../../configuration/service/dhcp-server.rst:412
+#: ../../configuration/service/dhcp-server.rst:664
#: ../../configuration/system/acceleration.rst:42
msgid "Operation Mode"
msgstr "Modo de operación"
@@ -9825,7 +9159,7 @@ msgstr "Comandos operativos"
#: ../../configuration/protocols/bgp.rst:950
#: ../../configuration/protocols/mpls.rst:218
#: ../../configuration/protocols/ospf.rst:609
-#: ../../configuration/protocols/ospf.rst:1266
+#: ../../configuration/protocols/ospf.rst:1268
#: ../../configuration/protocols/rip.rst:193
msgid "Operational Mode Commands"
msgstr "Comandos de modo operativo"
@@ -9843,11 +9177,11 @@ msgstr "Opción"
msgid "Option 43 for UniFI"
msgstr "Opción 43 para UniFI"
-#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:234
msgid "Option description"
msgstr "Descripción de la opción"
-#: ../../configuration/service/dhcp-server.rst:265
+#: ../../configuration/service/dhcp-server.rst:232
msgid "Option number"
msgstr "Número de opción"
@@ -9886,15 +9220,19 @@ msgstr "Configuraciones opcionales/predeterminadas"
msgid "Optional Configuration"
msgstr "Configuración opcional"
+#: ../../configuration/protocols/pim.rst:123
+msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+
#: ../../configuration/container/index.rst:47
msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
msgstr "Opcionalmente, establezca una dirección IPv4 o IPv6 estática específica para el contenedor. Esta dirección debe estar dentro del prefijo de red nombrado."
#: ../../configuration/interfaces/openvpn.rst:631
#: ../../configuration/service/dhcp-relay.rst:53
-#: ../../configuration/service/dhcp-relay.rst:158
-#: ../../configuration/service/dhcp-server.rst:257
-#: ../../configuration/vpn/sstp.rst:219
+#: ../../configuration/service/dhcp-relay.rst:160
+#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/vpn/sstp.rst:230
msgid "Options"
msgstr "Opciones"
@@ -9918,11 +9256,11 @@ msgstr "O prefijos **binarios**."
msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
msgstr "Genere un LSA AS-Externo (tipo 5) que describa una ruta predeterminada en todas las áreas con capacidad de enrutamiento externo, de la métrica y el tipo de métrica especificados. Si se proporciona la palabra clave :cfgcmd:`always`, siempre se anuncia el valor predeterminado, incluso cuando no hay un valor predeterminado presente en la tabla de enrutamiento. El argumento :cfgcmd:`route-map` especifica anunciar la ruta predeterminada si se cumple el mapa de ruta."
-#: ../../configuration/service/pppoe-server.rst:251
+#: ../../configuration/service/pppoe-server.rst:238
msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
msgstr "Se pueden usar otros atributos, pero deben estar en uno de los diccionarios en */usr/share/accel-ppp/radius*."
-#: ../../configuration/nat/nat44.rst:512
+#: ../../configuration/nat/nat44.rst:532
msgid "Our configuration commands would be:"
msgstr "Nuestros comandos de configuración serían:"
@@ -9962,9 +9300,14 @@ msgstr "Sobre UDP"
msgid "Override static-mapping's name-server with a custom one that will be sent only to this host."
msgstr "Anule el servidor de nombres de static-mapping con uno personalizado que se enviará solo a este host."
-#: ../../configuration/firewall/general.rst:11
-#: ../../configuration/firewall/general-legacy.rst:15
+#: ../../configuration/firewall/bridge.rst:13
+#: ../../configuration/firewall/flowtables.rst:13
+#: ../../configuration/firewall/global-options.rst:11
+#: ../../configuration/firewall/ipv4.rst:11
+#: ../../configuration/firewall/ipv6.rst:11
+#: ../../configuration/firewall/zone.rst:11
#: ../../configuration/nat/nat44.rst:68
+#: ../../configuration/nat/nat64.rst:18
#: ../../configuration/nat/nat66.rst:15
msgid "Overview"
msgstr "Descripción general"
@@ -9973,8 +9316,8 @@ msgstr "Descripción general"
msgid "Overview and basic concepts"
msgstr "Resumen y conceptos básicos"
-#: ../../configuration/firewall/general.rst:1461
-#: ../../configuration/firewall/general-legacy.rst:908
+#: ../../configuration/firewall/groups.rst:190
+#: ../../configuration/firewall/ipv6.rst:1117
msgid "Overview of defined groups. You see the type, the members, and where the group is used."
msgstr "Resumen de grupos definidos. Verá el tipo, los miembros y dónde se usa el grupo."
@@ -9994,14 +9337,22 @@ msgstr "PC2 está en VRF ``azul`` que es el departamento de desarrollo"
msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
msgstr "PC3 y PC4 están conectados a un dispositivo puente en el enrutador ``R1`` que está en VRF ``rojo``. Digamos que este es el departamento de recursos humanos."
-#: ../../configuration/interfaces/vxlan.rst:109
+#: ../../configuration/interfaces/vxlan.rst:130
msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
msgstr "PC4 tiene IP 10.0.0.4/24 y PC5 tiene IP 10.0.0.5/24, por lo que creen que están en el mismo dominio de transmisión."
-#: ../../configuration/interfaces/vxlan.rst:120
+#: ../../configuration/interfaces/vxlan.rst:141
msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
msgstr "PC5 recibe el eco de ping, responde con una respuesta de eco que recibe Leaf3 y esta vez reenvía a la dirección de unidifusión de Leaf2 directamente porque aprendió la ubicación de PC4 arriba. Cuando Leaf2 recibe la respuesta de eco de PC5, ve que proviene de Leaf3 y recuerda que se puede acceder a PC5 a través de Leaf3."
+#: ../../configuration/protocols/pim.rst:31
+msgid "PIM-SM - PIM Sparse Mode"
+msgstr "PIM-SM - PIM Sparse Mode"
+
+#: ../../configuration/protocols/pim6.rst:5
+msgid "PIM6 - Protocol Independent Multicast for IPv6"
+msgstr "PIM6 - Protocol Independent Multicast for IPv6"
+
#: ../../configuration/protocols/igmp.rst:16
msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIM (Protocol Independent Multicast) debe configurarse en cada interfaz de cada enrutador participante. Cada enrutador también debe tener configurada manualmente la ubicación del Punto Rendevouz. Luego, los árboles compartidos unidireccionales enraizados en Rendevouz Point se construirán automáticamente para la distribución de multidifusión."
@@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) debe configurarse en cada interfaz
msgid "PIM and IGMP"
msgstr "PIM e IGMP"
+#: ../../configuration/protocols/pim.rst:7
+msgid "PIM – Protocol Independent Multicast"
+msgstr "PIM – Protocol Independent Multicast"
+
#: ../../configuration/protocols/pim6.rst:9
msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10022,7 +9377,7 @@ msgstr "PKI"
msgid "PPDU"
msgstr "PPDU"
-#: ../../configuration/vpn/sstp.rst:163
+#: ../../configuration/vpn/sstp.rst:174
msgid "PPP Settings"
msgstr "Configuración de APP"
@@ -10054,11 +9409,11 @@ msgstr "Es posible que las redes particularmente grandes deseen ejecutar su prop
msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
msgstr "Ruta `<cost> ` valor para el protocolo de árbol de expansión. Cada interfaz en un puente podría tener una velocidad diferente y este valor se usa para decidir qué enlace usar. Las interfaces más rápidas deberían tener costos más bajos."
-#: ../../configuration/vpn/sstp.rst:155
+#: ../../configuration/vpn/sstp.rst:166
msgid "Path to `<file>` pointing to the certificate authority certificate."
msgstr "Ruta a `<file> ` apuntando al certificado de la autoridad certificadora."
-#: ../../configuration/vpn/sstp.rst:159
+#: ../../configuration/vpn/sstp.rst:170
msgid "Path to `<file>` pointing to the servers certificate (public portion)."
msgstr "Ruta a `<file> ` apuntando al certificado del servidor (parte pública)."
@@ -10102,7 +9457,7 @@ msgstr "Por defecto, VyOSs tiene habilitado un registro de syslog mínimo que se
msgid "Per default every packet is sampled (that is, the sampling rate is 1)."
msgstr "De forma predeterminada, se muestrean todos los paquetes (es decir, la tasa de muestreo es 1)."
-#: ../../configuration/service/pppoe-server.rst:336
+#: ../../configuration/service/pppoe-server.rst:323
msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
msgstr "De manera predeterminada, la sesión de usuario se reemplaza si una segunda solicitud de autenticación tiene éxito. Dichas solicitudes de sesión se pueden denegar o permitir por completo, lo que permitiría múltiples sesiones para un usuario en el último caso. Si se deniega, la segunda sesión se rechaza incluso si la autenticación tiene éxito, el usuario debe finalizar su primera sesión y luego puede volver a autenticarse."
@@ -10127,29 +9482,6 @@ msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` wi
msgstr "Hacer ping (IPv6) al otro host e interceptar el tráfico en ``eth1`` le mostrará que el contenido está encriptado."
#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
msgid "Place interface in given VRF instance."
msgstr "Coloque la interfaz en la instancia VRF dada."
@@ -10157,6 +9489,14 @@ msgstr "Coloque la interfaz en la instancia VRF dada."
msgid "Play an audible beep to the system speaker when system is ready."
msgstr "Reproduzca un pitido audible en el altavoz del sistema cuando el sistema esté listo."
+#: ../../configuration/firewall/index.rst:137
+msgid "Please, refer to appropiate section for more information about firewall configuration:"
+msgstr "Please, refer to appropiate section for more information about firewall configuration:"
+
+#: ../../configuration/firewall/index.rst:138
+msgid "Please, refer to appropriate section for more information about firewall configuration:"
+msgstr "Please, refer to appropriate section for more information about firewall configuration:"
+
#: ../../configuration/service/ipoe-server.rst:23
msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
msgstr "Tenga en cuenta que, debido a un error ascendente, los cambios/confirmaciones de configuración reiniciarán el demonio ppp y restablecerán las sesiones IPoE existentes para que entren en vigencia."
@@ -10173,24 +9513,11 @@ msgstr "Consulte la documentación de :ref:`ipsec` para ver las opciones individ
msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
msgstr "Consulte la documentación de :ref:`tunnel-interface` para conocer las opciones individuales relacionadas con los túneles."
-#: ../../configuration/service/dhcp-server.rst:423
+#: ../../configuration/service/dhcp-server.rst:364
msgid "Please see the :ref:`dhcp-dns-quick-start` configuration."
msgstr "Consulte la configuración de :ref:`dhcp-dns-quick-start`."
#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
msgid "Please take a look at the Contributing Guide for our :ref:`documentation`."
msgstr "Por favor, eche un vistazo a la Guía de contribución para nuestra :ref:`documentación`."
@@ -10230,12 +9557,11 @@ msgstr "Secciones de política"
msgid "Policy for checking targets"
msgstr "Política de verificación de objetivos"
-#: ../../configuration/system/conntrack.rst:152
+#: ../../configuration/system/conntrack.rst:57
msgid "Policy to track previously established connections."
msgstr "Política para rastrear conexiones previamente establecidas."
-#: ../../configuration/firewall/general.rst:257
-#: ../../configuration/firewall/general-legacy.rst:215
+#: ../../configuration/firewall/groups.rst:84
msgid "Port Groups"
msgstr "Grupos de puertos"
@@ -10245,7 +9571,7 @@ msgstr "Grupos de puertos"
msgid "Port Mirror (SPAN)"
msgstr "Espejo de puerto (SPAN)"
-#: ../../configuration/vpn/sstp.rst:231
+#: ../../configuration/vpn/sstp.rst:242
msgid "Port for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Puerto para servidor de extensión de autorización dinámica (DM/CoA)"
@@ -10261,16 +9587,11 @@ msgstr "Número de puerto utilizado por la conexión, por defecto es ``9273``"
msgid "Port number used by connection."
msgstr "Número de puerto utilizado por la conexión."
-#: ../../configuration/service/https.rst:46
+#: ../../configuration/service/https.rst:37
msgid "Port to listen for HTTPS requests; default 443"
msgstr "Puerto para escuchar solicitudes HTTPS; por defecto 443"
#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
msgstr "Las partes de la red que son compatibles con VLAN (es decir, conformes con IEEE 802.1q_) pueden incluir etiquetas VLAN. Cuando un marco ingresa a la parte de la red compatible con VLAN, se agrega una etiqueta para representar la membresía de VLAN. Cada marco debe ser distinguible como si estuviera exactamente dentro de una VLAN. Se supone que una trama en la parte de la red compatible con VLAN que no contiene una etiqueta de VLAN fluye en la VLAN nativa."
@@ -10335,7 +9656,7 @@ msgstr "Preferencia asociada con el enrutador predeterminado"
msgid "Prefix Conversion"
msgstr "Conversión de prefijo"
-#: ../../configuration/service/dhcp-server.rst:634
+#: ../../configuration/service/dhcp-server.rst:564
msgid "Prefix Delegation"
msgstr "Prefijo Delegación"
@@ -10387,11 +9708,11 @@ msgstr "Anteponga la cadena dada de números AS al AS_PATH del NLRI de la ruta B
msgid "Principle of SNMP Communication"
msgstr "Principio de comunicación SNMP"
-#: ../../configuration/vrf/index.rst:530
+#: ../../configuration/vrf/index.rst:532
msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination."
msgstr "Imprima un resumen de las conexiones vecinas para la combinación AFI/SAFI especificada."
-#: ../../configuration/vrf/index.rst:509
+#: ../../configuration/vrf/index.rst:511
msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
msgstr "Imprime rutas IPV4 o IPV6 activas anunciadas a través de VPN SAFI."
@@ -10409,25 +9730,6 @@ msgid "Priority Queue, as other non-shaping policies, is only useful if your out
msgstr "Priority Queue, como otras políticas sin configuración, solo es útil si su interfaz de salida está realmente llena. De lo contrario, VyOS no será el propietario de la cola y Priority Queue no tendrá ningún efecto. Si hay ancho de banda disponible en el enlace físico, puede incrustar Priority Queue en una política de modelado con clase para asegurarse de que sea el propietario de la cola. En ese caso, los paquetes se pueden priorizar en función de DSCP."
#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
msgstr "Arp de proxy de VLAN privada. Básicamente, permita que el proxy arp responda a la misma interfaz (desde la cual se recibió la solicitud/solicitud de ARP)."
@@ -10455,8 +9757,7 @@ msgstr "Los protocolos son: tcp, sctp, dccp, udp, icmp e ipv6-icmp."
msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
msgstr "Proporcione un servidor TFTP que escuche en las direcciones IPv4 e IPv6 ``192.0.2.1`` y ``2001:db8::1`` sirviendo el contenido de ``/config/tftpboot``. La carga a través de TFTP a este servidor está deshabilitada."
-#: ../../configuration/firewall/general.rst:212
-#: ../../configuration/firewall/general-legacy.rst:188
+#: ../../configuration/firewall/groups.rst:39
msgid "Provide a IPv4 or IPv6 address group description"
msgstr "Proporcione una descripción del grupo de direcciones IPv4 o IPv6"
@@ -10464,39 +9765,43 @@ msgstr "Proporcione una descripción del grupo de direcciones IPv4 o IPv6"
msgid "Provide a IPv4 or IPv6 network group description."
msgstr "Proporcione una descripción del grupo de red IPv4 o IPv6."
-#: ../../configuration/firewall/general.rst:515
-#: ../../configuration/firewall/general-legacy.rst:334
+#: ../../configuration/firewall/ipv4.rst:285
+#: ../../configuration/firewall/ipv6.rst:285
#: ../../configuration/policy/route.rst:30
msgid "Provide a description for each rule."
msgstr "Proporcione una descripción para cada regla."
-#: ../../configuration/firewall/general.rst:314
+#: ../../configuration/firewall/flowtables.rst:75
+msgid "Provide a description to the flow table."
+msgstr "Provide a description to the flow table."
+
+#: ../../configuration/firewall/groups.rst:141
msgid "Provide a domain group description."
msgstr "Provide a domain group description."
-#: ../../configuration/firewall/general.rst:297
+#: ../../configuration/firewall/groups.rst:124
msgid "Provide a mac group description."
msgstr "Provide a mac group description."
-#: ../../configuration/firewall/general.rst:279
-#: ../../configuration/firewall/general-legacy.rst:237
+#: ../../configuration/firewall/groups.rst:106
msgid "Provide a port group description."
msgstr "Proporcione una descripción del grupo de puertos."
-#: ../../configuration/firewall/general-legacy.rst:281
#: ../../configuration/policy/route.rst:20
msgid "Provide a rule-set description."
msgstr "Proporcione una descripción del conjunto de reglas."
-#: ../../configuration/firewall/general.rst:503
+#: ../../configuration/firewall/bridge.rst:205
+#: ../../configuration/firewall/ipv4.rst:275
+#: ../../configuration/firewall/ipv6.rst:275
msgid "Provide a rule-set description to a custom firewall chain."
msgstr "Provide a rule-set description to a custom firewall chain."
-#: ../../configuration/firewall/general.rst:236
+#: ../../configuration/firewall/groups.rst:63
msgid "Provide an IPv4 or IPv6 network group description."
msgstr "Provide an IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:254
+#: ../../configuration/firewall/groups.rst:81
msgid "Provide an interface group description"
msgstr "Provide an interface group description"
@@ -10509,7 +9814,6 @@ msgid "Provides a backbone area coherence by virtual link establishment."
msgstr "Proporciona una coherencia de área troncal mediante el establecimiento de un enlace virtual."
#: ../../_include/interface-per-client-thread.txt:4
-#: ../../_include/interface-per-client-thread.txt:4
msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
@@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64"
msgstr "R2 tiene 192.0.2.2/24 y 2001:db8::2/64"
#: ../../configuration/system/login.rst:234
-#: ../../configuration/vpn/sstp.rst:196
+#: ../../configuration/vpn/sstp.rst:207
msgid "RADIUS"
msgstr "Radio"
@@ -10604,7 +9908,7 @@ msgstr "autenticación RADIUS"
msgid "RADIUS bandwidth shaping attribute"
msgstr "Atributo de modelado de ancho de banda RADIUS"
-#: ../../configuration/service/pppoe-server.rst:125
+#: ../../configuration/service/pppoe-server.rst:112
msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
msgstr "RADIUS proporciona las direcciones IP del ejemplo anterior a través de Framed-IP-Address."
@@ -10624,7 +9928,7 @@ msgstr "dirección de origen RADIUS"
msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
msgstr "RFC 3768 define una dirección MAC virtual para cada enrutador virtual VRRP. Esta dirección MAC del enrutador virtual se utilizará como fuente en todos los mensajes VRRP periódicos enviados por el nodo activo. Cuando se establece la opción de compatibilidad con rfc3768, se crea una nueva interfaz VRRP, a la que se asignan automáticamente la dirección MAC y la dirección IP virtual."
-#: ../../configuration/service/dhcp-server.rst:289
+#: ../../configuration/service/dhcp-server.rst:256
msgid "RFC 868 time server IPv4 address"
msgstr "Dirección IPv4 del servidor horario RFC 868"
@@ -10740,11 +10044,11 @@ msgstr "Recomendado para instalaciones más grandes."
msgid "Redirect HTTP to HTTPS"
msgstr "Redirigir HTTP a HTTPS"
-#: ../../configuration/nat/nat44.rst:417
+#: ../../configuration/nat/nat44.rst:431
msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
msgstr "Redirija el tráfico de Microsoft RDP desde la red interna (LAN, privada) a través de :ref:`destination-nat` en la regla 110 al host privado interno 192.0.2.40. También necesitamos una regla 110 :ref:`source-nat` para la ruta inversa del tráfico. Se puede acceder a la red interna 192.0.2.0/24 a través de la interfaz `eth0.10`."
-#: ../../configuration/nat/nat44.rst:413
+#: ../../configuration/nat/nat44.rst:427
msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
msgstr "Redirigir el tráfico RDP de Microsoft desde el mundo exterior (WAN, externo) a través de :ref:`destination-nat` en la regla 100 al host privado interno 192.0.2.40."
@@ -10755,7 +10059,7 @@ msgstr "Redirigir URL a una nueva ubicación"
#: ../../configuration/protocols/babel.rst:154
#: ../../configuration/protocols/bgp.rst:557
#: ../../configuration/protocols/ospf.rst:564
-#: ../../configuration/protocols/ospf.rst:1249
+#: ../../configuration/protocols/ospf.rst:1251
#: ../../configuration/protocols/rip.rst:136
msgid "Redistribution Configuration"
msgstr "Configuración de redistribución"
@@ -10764,7 +10068,7 @@ msgstr "Configuración de redistribución"
msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
msgstr "Redundancia y carga compartida. Hay varios dispositivos NAT66 en el borde de una red IPv6 a otra red IPv6. La ruta a través del dispositivo NAT66 a otra red IPv6 forma una ruta equivalente y el tráfico se puede compartir en carga en estos dispositivos NAT66. En este caso, puede configurar las mismas reglas de traducción de direcciones de origen en estos dispositivos NAT66, de modo que cualquier dispositivo NAT66 pueda manejar el tráfico IPv6 entre diferentes sitios."
-#: ../../configuration/service/dns.rst:265
+#: ../../configuration/service/dns.rst:278
msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
msgstr "Registre el registro DNS ``example.vyos.io`` en el servidor DNS ``ns1.vyos.io``"
@@ -10790,22 +10094,7 @@ msgstr "Expresión regular para comparar con una ruta AS. Por ejemplo, &quot;645
msgid "Regular expression to match against an extended community list, where text could be:"
msgstr "Expresión regular para hacer coincidir con una lista extendida de la comunidad, donde el texto podría ser:"
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
+#: ../../_include/interface-dhcp-options.txt:71
msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
msgstr "Rechazar concesiones de DHCP de una dirección o rango dado. Esto es útil cuando un módem proporciona una IP local cuando se inicia por primera vez."
@@ -10858,7 +10147,7 @@ msgstr "Nombre del depósito ``InfluxDB`` remoto"
msgid "Remote database name."
msgstr "Nombre de la base de datos remota."
-#: ../../configuration/service/dhcp-server.rst:182
+#: ../../configuration/service/dhcp-server.rst:147
msgid "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
msgstr "IP de par remoto `<address> ` del segundo servidor DHCP en este clúster de conmutación por error."
@@ -10883,25 +10172,10 @@ msgid "Replay protection"
msgstr "Protección de reproducción"
#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
msgstr "Solicite solo una dirección temporal y no forme una asociación IA_NA (Asociación de identidad para direcciones no temporales)."
-#: ../../configuration/service/dhcp-relay.rst:175
+#: ../../configuration/service/dhcp-relay.rst:177
msgid "Requests are forwarded through ``eth2`` as the `upstream interface`"
msgstr "Las solicitudes se reenvían a través de ``eth2`` como la `interfaz ascendente`"
@@ -10917,11 +10191,12 @@ msgstr "Requisitos"
msgid "Requirements:"
msgstr "Requisitos:"
-#: ../../configuration/firewall/general.rst:1279
+#: ../../configuration/firewall/ipv4.rst:926
+#: ../../configuration/firewall/ipv6.rst:935
msgid "Requirements to enable synproxy:"
msgstr "Requirements to enable synproxy:"
-#: ../../configuration/protocols/bgp.rst:1063
+#: ../../configuration/protocols/bgp.rst:1064
#: ../../configuration/protocols/mpls.rst:248
msgid "Reset"
msgstr "Reiniciar"
@@ -10930,11 +10205,11 @@ msgstr "Reiniciar"
msgid "Reset OpenVPN"
msgstr "Restablecer OpenVPN"
-#: ../../configuration/system/ipv6.rst:176
+#: ../../configuration/system/ipv6.rst:150
msgid "Reset commands"
msgstr "Restablecer comandos"
-#: ../../configuration/service/dns.rst:186
+#: ../../configuration/service/dns.rst:199
msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
msgstr "Restablece la base de datos de caché de reenvío de DNS local. Puede restablecer la memoria caché para todas las entradas o solo para las entradas de un dominio específico."
@@ -10946,7 +10221,7 @@ msgstr "Reanudar"
msgid "Restart DHCP relay service"
msgstr "Reinicie el servicio de retransmisión DHCP"
-#: ../../configuration/service/dhcp-relay.rst:203
+#: ../../configuration/service/dhcp-relay.rst:205
msgid "Restart DHCPv6 relay agent immediately."
msgstr "Reinicie el agente de retransmisión DHCPv6 inmediatamente."
@@ -10954,11 +10229,15 @@ msgstr "Reinicie el agente de retransmisión DHCPv6 inmediatamente."
msgid "Restart a given container"
msgstr "Reiniciar un contenedor dado"
-#: ../../configuration/service/dhcp-server.rst:528
+#: ../../configuration/service/mdns.rst:83
+msgid "Restart mDNS repeater service."
+msgstr "Restart mDNS repeater service."
+
+#: ../../configuration/service/dhcp-server.rst:428
msgid "Restart the DHCP server"
msgstr "Reinicie el servidor DHCP"
-#: ../../configuration/protocols/igmp.rst:249
+#: ../../configuration/protocols/igmp-proxy.rst:77
msgid "Restart the IGMP proxy process."
msgstr "Reinicie el proceso de proxy IGMP."
@@ -10966,7 +10245,7 @@ msgstr "Reinicie el proceso de proxy IGMP."
msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
msgstr "Reinicie el proceso del demonio SSH, la sesión actual no se ve afectada, solo se reinicia el demonio en segundo plano."
-#: ../../configuration/service/dns.rst:191
+#: ../../configuration/service/dns.rst:204
msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
msgstr "Reinicia el proceso de recurso de DNS. Esto también invalida el caché de reenvío de DNS local."
@@ -11012,7 +10291,7 @@ msgstr "Configuración de agregación de rutas"
msgid "Route Dampening"
msgstr "Amortiguación de ruta"
-#: ../../configuration/protocols/bgp.rst:1188
+#: ../../configuration/protocols/bgp.rst:1189
msgid "Route Filtering"
msgstr "Filtrado de rutas"
@@ -11052,7 +10331,7 @@ msgstr "Política de rutas y rutas6"
msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
msgstr "La amortiguación de ruta que se describe en :rfc:`2439` le permite identificar rutas que fallan y regresan repetidamente. Si la amortiguación de ruta está habilitada, una ruta inestable acumula penalizaciones cada vez que la ruta falla y regresa. Si las penalizaciones acumuladas superan un umbral, la ruta ya no se anuncia. Esta es la supresión de ruta. Las rutas que han sido suprimidas se vuelven a ingresar en la tabla de enrutamiento solo cuando el monto de su penalización cae por debajo de un umbral."
-#: ../../configuration/protocols/bgp.rst:1190
+#: ../../configuration/protocols/bgp.rst:1191
msgid "Route filter can be applied using a route-map:"
msgstr "El filtro de ruta se puede aplicar usando un mapa de ruta:"
@@ -11084,11 +10363,11 @@ msgstr "Vida útil del enrutador"
msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
msgstr "El enrutador recibe solicitudes de clientes DHCP en ``eth1`` y las retransmite al servidor en 10.0.1.4 en ``eth2``."
-#: ../../configuration/vrf/index.rst:423
+#: ../../configuration/vrf/index.rst:425
msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
msgstr "Las rutas exportadas desde un VRF de unidifusión a la VPN RIB deben aumentarse con dos parámetros:"
-#: ../../configuration/protocols/isis.rst:413
+#: ../../configuration/protocols/isis.rst:441
msgid "Routes on Node 2:"
msgstr "Rutas en el Nodo 2:"
@@ -11120,13 +10399,13 @@ msgstr "Enrutamiento"
msgid "Routing tables that will be used in this example are:"
msgstr "Las tablas de enrutamiento que se utilizarán en este ejemplo son:"
-#: ../../configuration/firewall/general-legacy.rst:270
#: ../../configuration/policy/route.rst:10
msgid "Rule-Sets"
msgstr "Conjuntos de reglas"
-#: ../../configuration/firewall/general.rst:1310
-#: ../../configuration/firewall/general-legacy.rst:781
+#: ../../configuration/firewall/bridge.rst:287
+#: ../../configuration/firewall/ipv4.rst:957
+#: ../../configuration/firewall/ipv6.rst:965
msgid "Rule-set overview"
msgstr "Descripción general del conjunto de reglas"
@@ -11138,6 +10417,10 @@ msgstr "La regla 10 hace coincidir las solicitudes con el nombre de dominio ``no
msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
msgstr "La regla 10 hace coincidir las solicitudes con la ruta URL exacta ``/.well-known/xxx`` y redirige a la ubicación ``/certs/``."
+#: ../../configuration/firewall/flowtables.rst:151
+msgid "Rule 110 is hit, so connection is accepted."
+msgstr "Rule 110 is hit, so connection is accepted."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:257
msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
msgstr "La regla 20 coincide con las solicitudes con rutas URL que terminan en ``/mail`` o la ruta exacta ``/email/bar`` redirige a la ubicación ``/postfix/``."
@@ -11146,7 +10429,9 @@ msgstr "La regla 20 coincide con las solicitudes con rutas URL que terminan en `
msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
msgstr "La regla 20 hace coincidir las solicitudes con el nombre de dominio ``node2.example.com`` reenvía al backend ``bk-api-02``"
-#: ../../configuration/firewall/general.rst:519
+#: ../../configuration/firewall/bridge.rst:208
+#: ../../configuration/firewall/ipv4.rst:288
+#: ../../configuration/firewall/ipv6.rst:288
msgid "Rule Status"
msgstr "Rule Status"
@@ -11162,7 +10447,7 @@ msgstr "Las reglas permiten controlar y enrutar el tráfico entrante a un backen
msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
msgstr "Se crearán reglas para :ref:`source-nat` y :ref:`destination-nat`."
-#: ../../configuration/service/dns.rst:378
+#: ../../configuration/service/dns.rst:391
msgid "Running Behind NAT"
msgstr "Correr detrás de NAT"
@@ -11170,6 +10455,10 @@ msgstr "Correr detrás de NAT"
msgid "SNAT"
msgstr "SNAT"
+#: ../../configuration/nat/nat64.rst:26
+msgid "SNAT64"
+msgstr "SNAT64"
+
#: ../../configuration/nat/nat66.rst:23
msgid "SNAT66"
msgstr "SNAT66"
@@ -11219,8 +10508,6 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se
msgstr "SNMPv3 (versión 3 del protocolo SNMP) introdujo una gran cantidad de nuevas funciones relacionadas con la seguridad que faltaban en las versiones anteriores. La seguridad fue una de las mayores debilidades de SNMP hasta la v3. La autenticación en las versiones 1 y 2 de SNMP consiste en nada más que una contraseña (cadena comunitaria) enviada en texto claro entre un administrador y un agente. Cada mensaje SNMPv3 contiene parámetros de seguridad que se codifican como una cadena de octetos. El significado de estos parámetros de seguridad depende del modelo de seguridad que se utilice."
#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
msgstr "La duplicación del puerto SPAN puede copiar el tráfico entrante/saliente de la interfaz a la interfaz especificada; normalmente la interfaz se puede conectar a algún equipo especial, como un sistema de control de comportamiento, un sistema de detección de intrusiones y un recolector de tráfico, y puede copiar todo el tráfico relacionado desde este puerto. El beneficio de duplicar el tráfico es que la aplicación está aislada del tráfico de origen y, por lo tanto, el procesamiento de la aplicación no afecta el tráfico ni el rendimiento del sistema."
@@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames"
msgstr "SSID que se utilizará en tramas de administración IEEE 802.11"
#: ../../configuration/vpn/openconnect.rst:24
-#: ../../configuration/vpn/sstp.rst:151
+#: ../../configuration/vpn/sstp.rst:162
msgid "SSL Certificates"
msgstr "Certificados SSL"
@@ -11306,7 +10593,7 @@ msgstr "SaltStack_ es un software de código abierto basado en Python para la au
msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
msgstr "Igual que la lista de exportación, pero se aplica a las rutas anunciadas en el área especificada como LSA de resumen de tipo 3. Este comando solo tiene sentido en ABR."
-#: ../../configuration/interfaces/vxlan.rst:153
+#: ../../configuration/interfaces/vxlan.rst:174
msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below."
msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below."
@@ -11326,11 +10613,11 @@ msgstr "Ejecución de guiones"
msgid "Scripting"
msgstr "secuencias de comandos"
-#: ../../configuration/nat/nat44.rst:652
+#: ../../configuration/nat/nat44.rst:676
msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
-#: ../../configuration/vpn/sstp.rst:235
+#: ../../configuration/vpn/sstp.rst:246
msgid "Secret for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Secreto para el servidor de extensión de autorización dinámica (DM/CoA)"
@@ -11343,6 +10630,10 @@ msgstr "Seguridad"
msgid "Security/authentication messages"
msgstr "Mensajes de seguridad/autenticación"
+#: ../../configuration/protocols/pim.rst:109
+msgid "See :rfc:`7761#section-4.1` for details."
+msgstr "See :rfc:`7761#section-4.1` for details."
+
#: ../../configuration/system/ip.rst:52
msgid "See below the different parameters available for the IPv4 **show** command:"
msgstr "Vea a continuación los diferentes parámetros disponibles para el comando IPv4 **show**:"
@@ -11371,11 +10662,15 @@ msgstr "El enrutamiento de segmento (SR) es utilizado por los protocolos IGP par
msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
msgstr "El enrutamiento de segmentos define una arquitectura de red de plano de control y se puede aplicar a un plano de datos basado en MPLS existente. En las redes MPLS, los segmentos se codifican como etiquetas MPLS y se imponen en el enrutador de entrada. Las etiquetas MPLS se intercambian y completan mediante IGP como IS-IS. Enrutamiento de segmento según RFC8667 para plano de datos MPLS. Es compatible con IPv4, IPv6 y ECMP y se probó con enrutadores Cisco y Juniper. Sin embargo, esta implementación aún es EXPERIMENTAL para FRR."
+#: ../../configuration/service/https.rst:50
+msgid "Select TLS version used."
+msgstr "Select TLS version used."
+
#: ../../configuration/interfaces/macsec.rst:34
msgid "Select cipher suite used for cryptographic operations. This setting is mandatory."
msgstr "Seleccione el conjunto de cifrado utilizado para operaciones criptográficas. Esta configuración es obligatoria."
-#: ../../configuration/vrf/index.rst:466
+#: ../../configuration/vrf/index.rst:468
msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
@@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the
msgstr "Las interfaces seriales pueden ser cualquier interfaz que esté directamente conectada a la CPU o al conjunto de chips (principalmente conocida como interfaz ttyS en Linux) o cualquier otro convertidor USB a serial (chips basados en Prolific PL2303 o FTDI FT232/FT4232)."
#: ../../configuration/interfaces/openvpn.rst:325
-#: ../../configuration/vpn/sstp.rst:199
+#: ../../configuration/vpn/sstp.rst:210
msgid "Server"
msgstr "Servidor"
@@ -11432,7 +10727,7 @@ msgstr "Lado del servidor"
msgid "Server configuration"
msgstr "Configuración del servidor"
-#: ../../configuration/service/https.rst:50
+#: ../../configuration/service/https.rst:41
msgid "Server names for virtual hosts it can be exact, wildcard or regex."
msgstr "Los nombres de servidor para hosts virtuales pueden ser exactos, comodines o expresiones regulares."
@@ -11457,19 +10752,19 @@ msgstr "Configure la lista de la comunidad BGP para que coincida exactamente."
msgid "Set BGP local preference attribute."
msgstr "Establezca el atributo de preferencia local de BGP."
-#: ../../configuration/policy/route-map.rst:334
+#: ../../configuration/policy/route-map.rst:336
msgid "Set BGP origin code."
msgstr "Establezca el código de origen BGP."
-#: ../../configuration/policy/route-map.rst:339
+#: ../../configuration/policy/route-map.rst:341
msgid "Set BGP originator ID attribute."
msgstr "Establezca el atributo de ID del originador de BGP."
-#: ../../configuration/policy/route-map.rst:357
+#: ../../configuration/policy/route-map.rst:359
msgid "Set BGP weight attribute"
msgstr "Establecer atributo de peso BGP"
-#: ../../configuration/nat/nat44.rst:176
+#: ../../configuration/nat/nat44.rst:188
msgid "Set DNAT rule 20 to only NAT UDP packets"
msgstr "Establezca la regla 20 de DNAT en solo paquetes NAT UDP"
@@ -11481,19 +10776,19 @@ msgstr "Establezca los criterios de coincidencia de entrada de IPSec, donde:"
msgid "Set IP fragment match, where:"
msgstr "Establecer coincidencia de fragmentos de IP, donde:"
-#: ../../configuration/policy/route-map.rst:329
+#: ../../configuration/policy/route-map.rst:331
msgid "Set OSPF external metric-type."
msgstr "Establezca el tipo de métrica externa de OSPF."
-#: ../../configuration/nat/nat44.rst:175
+#: ../../configuration/nat/nat44.rst:187
msgid "Set SNAT rule 20 to only NAT TCP and UDP packets"
msgstr "Establezca la regla 20 de SNAT en solo paquetes NAT TCP y UDP"
-#: ../../configuration/nat/nat44.rst:189
+#: ../../configuration/nat/nat44.rst:201
msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
msgstr "Establezca la regla SNAT 20 para que solo lleguen paquetes NAT de la red 192.0.2.0/24"
-#: ../../configuration/nat/nat44.rst:191
+#: ../../configuration/nat/nat44.rst:203
msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
msgstr "Establezca la regla SNAT 30 para que solo lleguen paquetes NAT de la red 203.0.113.0/24 con un puerto de origen de 80 y 443"
@@ -11501,11 +10796,12 @@ msgstr "Establezca la regla SNAT 30 para que solo lleguen paquetes NAT de la red
msgid "Set SSL certeficate <name> for service <name>"
msgstr "Establecer certificado SSL<name> para servicio<name>"
-#: ../../configuration/firewall/general.rst:1271
+#: ../../configuration/firewall/ipv4.rst:918
+#: ../../configuration/firewall/ipv6.rst:927
msgid "Set TCP-MSS (maximum segment size) for the connection"
msgstr "Set TCP-MSS (maximum segment size) for the connection"
-#: ../../configuration/service/dns.rst:267
+#: ../../configuration/service/dns.rst:280
msgid "Set TTL to 300 seconds"
msgstr "Establecer TTL a 300 segundos"
@@ -11517,51 +10813,31 @@ msgstr "Establecer interfaz de túnel virtual"
msgid "Set a container description"
msgstr "Establecer una descripción de contenedor"
-#: ../../configuration/system/conntrack.rst:114
+#: ../../configuration/system/conntrack.rst:113
+msgid "Set a destination and/or source address. Accepted input for ipv4:"
+msgstr "Set a destination and/or source address. Accepted input for ipv4:"
+
+#: ../../configuration/system/conntrack.rst:142
msgid "Set a destination and/or source port. Accepted input:"
msgstr "Establezca un destino y/o un puerto de origen. Entrada aceptada:"
#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
msgstr "Establezca un alias descriptivo y legible por humanos para esta conexión. El alias se utiliza, por ejemplo, con el comando :opcmd:`show interfaces` o herramientas de supervisión basadas en SNMP."
-#: ../../configuration/system/login.rst:385
+#: ../../configuration/system/login.rst:387
msgid "Set a limit on the maximum number of concurrent logged-in users on the system."
msgstr "Establezca un límite en el número máximo de usuarios conectados simultáneamente en el sistema."
-#: ../../configuration/firewall/zone.rst:79
+#: ../../configuration/firewall/zone.rst:98
msgid "Set a meaningful description."
msgstr "Establezca una descripción significativa."
-#: ../../configuration/service/https.rst:18
+#: ../../configuration/service/https.rst:63
msgid "Set a named api key. Every key has the same, full permissions on the system."
msgstr "Establezca una clave API con nombre. Cada clave tiene los mismos permisos completos en el sistema."
-#: ../../configuration/system/conntrack.rst:92
+#: ../../configuration/system/conntrack.rst:106
msgid "Set a rule description."
msgstr "Establezca una descripción de la regla."
@@ -11693,7 +10969,7 @@ msgstr "Establecer si el patrón de la antena no cambia durante la vigencia de u
msgid "Set inbound interface to match."
msgstr "Configure la interfaz de entrada para que coincida."
-#: ../../configuration/firewall/zone.rst:65
+#: ../../configuration/firewall/zone.rst:84
msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
msgstr "Establecer interfaces a una zona. Una zona puede tener varias interfaces. Pero una interfaz solo puede ser miembro de una zona."
@@ -11737,7 +11013,7 @@ msgstr "Establecer máximo `<size> ` de paquetes DHCP, incluida la información
msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
msgstr "Establezca la tasa de coincidencia promedio máxima. Formato de la tasa: entero/unidad_de_tiempo, donde la unidad_de_tiempo puede ser cualquier segundo, minuto, hora o día. Por ejemplo, 1/segundo implica que la regla debe coincidir con un promedio de una vez por segundo."
-#: ../../configuration/service/dhcp-relay.rst:162
+#: ../../configuration/service/dhcp-relay.rst:164
msgid "Set maximum hop count before packets are discarded, default: 10"
msgstr "Establezca el número máximo de saltos antes de que se descarten los paquetes, predeterminado: 10"
@@ -11779,7 +11055,7 @@ msgstr "Establecer modificaciones de paquetes: punto de código de servicios dif
msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
msgstr "Establezca parámetros para hacer coincidir las fuentes vistas recientemente. Esta coincidencia podría usarse viendo el conteo (la dirección de origen se vio más de &lt;1-255&gt; veces) y/o el tiempo (la dirección de origen se vio en los últimos &lt;0-4294967295&gt; segundos)."
-#: ../../configuration/policy/route-map.rst:348
+#: ../../configuration/policy/route-map.rst:350
msgid "Set prefixes to table."
msgstr "Establecer prefijos en la tabla."
@@ -11820,7 +11096,7 @@ msgstr "Establezca alguna métrica para las rutas aprendidas de un vecino en par
msgid "Set source-address to your local IP (LAN)."
msgstr "Establezca la dirección de origen en su IP local (LAN)."
-#: ../../configuration/policy/route-map.rst:344
+#: ../../configuration/policy/route-map.rst:346
msgid "Set source IP/IPv6 address for route."
msgstr "Configure la dirección IP/IPv6 de origen para la ruta."
@@ -11829,7 +11105,7 @@ msgstr "Configure la dirección IP/IPv6 de origen para la ruta."
msgid "Set source address or prefix to match."
msgstr "Establezca la dirección de origen o el prefijo para que coincida."
-#: ../../configuration/policy/route-map.rst:352
+#: ../../configuration/policy/route-map.rst:354
msgid "Set tag value for routing protocol."
msgstr "Establezca el valor de la etiqueta para el protocolo de enrutamiento."
@@ -11850,8 +11126,7 @@ msgstr "Establezca la dirección IP de la interfaz local que se utilizará para
msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Establezca la dirección IP del par remoto. Puede especificarse como una dirección IPv4 o una dirección IPv6."
-#: ../../configuration/firewall/general.rst:162
-#: ../../configuration/firewall/general-legacy.rst:112
+#: ../../configuration/firewall/global-options.rst:99
msgid "Set the IPv4 source validation mode. The following system parameter will be altered:"
msgstr "Configure el modo de validación de origen de IPv4. Se modificará el siguiente parámetro del sistema:"
@@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2."
msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
msgstr "Establezca la profundidad de pila máxima admitida por el enrutador. El valor depende del plano de datos MPLS."
+#: ../../configuration/protocols/pim.rst:153
+msgid "Set the PIM hello and hold interval for a interface."
+msgstr "Set the PIM hello and hold interval for a interface."
+
#: ../../configuration/protocols/segment-routing.rst:56
#: ../../configuration/protocols/segment-routing.rst:134
msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535."
@@ -11896,6 +11175,10 @@ msgstr "Establezca el bloque local de enrutamiento de segmentos, es decir, el ra
msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
msgstr "Establezca el bloque local de enrutamiento de segmento, es decir, el rango de etiqueta bajo utilizado por MPLS para almacenar la etiqueta en la FIB de MPLS para el SID de prefijo. Tenga en cuenta que el tamaño del bloque no puede exceder 65535.Bloque local de enrutamiento de segmento, el comando negativo siempre desarma ambos."
+#: ../../configuration/protocols/pim.rst:147
+msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+
#: ../../configuration/interfaces/pppoe.rst:148
msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
@@ -11920,22 +11203,7 @@ msgstr "Establezca la versión de VRRP predeterminada que se utilizará. El valo
msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
+#: ../../_include/interface-dhcp-options.txt:60
msgid "Set the distance for the default gateway sent by the DHCP server."
msgstr "Configure la distancia para la puerta de enlace predeterminada enviada por el servidor DHCP."
@@ -11951,15 +11219,15 @@ msgstr "Establezca la distancia para la puerta de enlace predeterminada enviada
msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
msgstr "Establezca el tipo de encapsulación del túnel. Los valores válidos para la encapsulación son: udp, ip."
-#: ../../configuration/firewall/general-legacy.rst:136
+#: ../../configuration/firewall/global-options.rst:127
msgid "Set the global setting for an established connection."
msgstr "Establezca la configuración global para una conexión establecida."
-#: ../../configuration/firewall/general-legacy.rst:142
+#: ../../configuration/firewall/global-options.rst:137
msgid "Set the global setting for invalid packets."
msgstr "Establezca la configuración global para paquetes no válidos."
-#: ../../configuration/firewall/general-legacy.rst:148
+#: ../../configuration/firewall/global-options.rst:147
msgid "Set the global setting for related connections."
msgstr "Establezca la configuración global para las conexiones relacionadas."
@@ -11975,7 +11243,7 @@ msgstr "Establecer el salto máximo `<count> ` antes de que se descarten los paq
msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
msgstr "Establezca la longitud máxima de relleno A-MPDU pre-EOF que la estación puede recibir"
-#: ../../configuration/system/conntrack.rst:147
+#: ../../configuration/system/conntrack.rst:52
msgid "Set the maximum number of TCP half-open connections."
msgstr "Establezca el número máximo de conexiones TCP semiabiertas."
@@ -11995,7 +11263,7 @@ msgstr "Establezca el indicador de ID de VLAN nativa de la interfaz. Cuando un p
msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value"
msgstr "Establece el siguiente salto como sin cambios. Pase por el mapa de ruta sin cambiar su valor"
-#: ../../configuration/system/conntrack.rst:157
+#: ../../configuration/system/conntrack.rst:62
msgid "Set the number of TCP maximum retransmit attempts."
msgstr "Establezca el número máximo de intentos de retransmisión de TCP."
@@ -12027,6 +11295,10 @@ msgstr "Establezca el id. de sesión del par, que es un valor entero de 32 bits
msgid "Set the restart behavior of the container."
msgstr "Establezca el comportamiento de reinicio del contenedor."
+#: ../../configuration/policy/route-map.rst:323
+msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+
#: ../../configuration/policy/route.rst:269
msgid "Set the routing table to forward packet with."
msgstr "Configure la tabla de enrutamiento para reenviar paquetes."
@@ -12043,11 +11315,11 @@ msgstr "Establece el tamaño de la tabla hash. La tabla hash de seguimiento de c
msgid "Set the source IP of forwarded packets, otherwise original senders address is used."
msgstr "Configure la IP de origen de los paquetes reenviados; de lo contrario, se utilizará la dirección del remitente original."
-#: ../../configuration/system/conntrack.rst:83
+#: ../../configuration/system/conntrack.rst:97
msgid "Set the timeout in secounds for a protocol or state."
msgstr "Configure el tiempo de espera en segundos para un protocolo o estado."
-#: ../../configuration/system/conntrack.rst:141
+#: ../../configuration/system/conntrack.rst:175
msgid "Set the timeout in secounds for a protocol or state in a custom rule."
msgstr "Establezca el tiempo de espera en segundos para un protocolo o estado en una regla personalizada."
@@ -12056,7 +11328,8 @@ msgstr "Establezca el tiempo de espera en segundos para un protocolo o estado en
msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
msgstr "Establezca la identificación del túnel, que es un valor entero de 32 bits. Identifica de forma exclusiva el túnel en el que se creará la sesión."
-#: ../../configuration/firewall/general.rst:1275
+#: ../../configuration/firewall/ipv4.rst:922
+#: ../../configuration/firewall/ipv6.rst:931
msgid "Set the window scale factor for TCP window scaling"
msgstr "Set the window scale factor for TCP window scaling"
@@ -12068,7 +11341,7 @@ msgstr "Establecer ventana de códigos válidos concurrentemente."
msgid "Sets the image name in the hub registry"
msgstr "Establece el nombre de la imagen en el registro del concentrador"
-#: ../../configuration/interfaces/vxlan.rst:299
+#: ../../configuration/interfaces/vxlan.rst:320
msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
msgstr "Establece la interfaz para escuchar paquetes de multidifusión. Podría ser un loopback, aún no probado."
@@ -12076,7 +11349,7 @@ msgstr "Establece la interfaz para escuchar paquetes de multidifusión. Podría
msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
msgstr "Establece el puerto de escucha para una dirección de escucha. Esto anula el puerto predeterminado de 3128 en la dirección de escucha específica."
-#: ../../configuration/interfaces/vxlan.rst:306
+#: ../../configuration/interfaces/vxlan.rst:327
msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
msgstr "Establece la identificación única para esta interfaz vxlan. No estoy seguro de cómo se correlaciona con la dirección de multidifusión."
@@ -12084,7 +11357,7 @@ msgstr "Establece la identificación única para esta interfaz vxlan. No estoy s
msgid "Setting VRRP group priority"
msgstr "Configuración de la prioridad del grupo VRRP"
-#: ../../configuration/service/dhcp-server.rst:264
+#: ../../configuration/service/dhcp-server.rst:231
msgid "Setting name"
msgstr "Nombre del ajuste"
@@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:"
msgid "Setting up tunnel:"
msgstr "Setting up tunnel:"
-#: ../../configuration/service/dhcp-server.rst:432
+#: ../../configuration/service/dhcp-server.rst:373
msgid "Setup DHCP failover for network 192.0.2.0/24"
msgstr "Configurar la conmutación por error de DHCP para la red 192.0.2.0/24"
@@ -12132,7 +11405,7 @@ msgstr "Configure el `<timeout> ` en segundos al consultar el servidor RADIUS."
msgid "Setup the `<timeout>` in seconds when querying the TACACS server."
msgstr "Configure el `<timeout> ` en segundos al consultar el servidor TACACS."
-#: ../../configuration/service/dns.rst:314
+#: ../../configuration/service/dns.rst:327
msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
@@ -12172,7 +11445,7 @@ msgstr "Capacidades GI cortas para 20 y 40 MHz"
msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
msgstr "Se puede permitir que las ráfagas cortas excedan el límite. En la creación, el tráfico de Rate-Control se almacena con tokens que corresponden a la cantidad de tráfico que se puede explotar de una sola vez. Los tokens llegan a un ritmo constante, hasta que el balde está lleno."
-#: ../../configuration/vrf/index.rst:486
+#: ../../configuration/vrf/index.rst:488
msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
msgstr "Sintaxis de acceso directo para especificar la fuga automática de vrf VRFNAME al VRF actual utilizando la VPN RIB como intermediario. El RD y el RT se derivan automáticamente y no deben especificarse explícitamente para los VRF de origen o de destino."
@@ -12181,16 +11454,17 @@ msgstr "Sintaxis de acceso directo para especificar la fuga automática de vrf V
msgid "Show"
msgstr "Espectáculo"
-#: ../../configuration/service/dhcp-server.rst:516
+#: ../../configuration/service/dhcp-server.rst:416
msgid "Show DHCP server daemon log file"
msgstr "Mostrar el archivo de registro del demonio del servidor DHCP"
-#: ../../configuration/service/dhcp-server.rst:736
+#: ../../configuration/service/dhcp-server.rst:668
msgid "Show DHCPv6 server daemon log file"
msgstr "Mostrar el archivo de registro del demonio del servidor DHCPv6"
-#: ../../configuration/firewall/general.rst:1482
-#: ../../configuration/firewall/general-legacy.rst:965
+#: ../../configuration/firewall/bridge.rst:306
+#: ../../configuration/firewall/ipv4.rst:1115
+#: ../../configuration/firewall/ipv6.rst:1138
msgid "Show Firewall log"
msgstr "Mostrar registro de cortafuegos"
@@ -12198,6 +11472,22 @@ msgstr "Mostrar registro de cortafuegos"
msgid "Show LLDP neighbors connected via interface `<interface>`."
msgstr "Mostrar vecinos LLDP conectados a través de la interfaz `<interface> `."
+#: ../../configuration/service/ssh.rst:232
+msgid "Show SSH dynamic-protection log."
+msgstr "Show SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:224
+msgid "Show SSH server log."
+msgstr "Show SSH server log."
+
+#: ../../configuration/service/ssh.rst:248
+msgid "Show SSH server public key fingerprints, including a visual ASCII art representation."
+msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation."
+
+#: ../../configuration/service/ssh.rst:244
+msgid "Show SSH server public key fingerprints."
+msgstr "Show SSH server public key fingerprints."
+
#: ../../configuration/loadbalancing/wan.rst:271
msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
msgstr "Muestre la información del balanceador de carga de WAN, incluidos los tipos de prueba y los objetivos. Un carácter al comienzo de cada línea representa el estado de la prueba"
@@ -12242,15 +11532,15 @@ msgstr "Muestra la intensidad de la señal del módulo WWAN."
msgid "Show a list available container networks"
msgstr "Mostrar una lista de redes de contenedores disponibles"
-#: ../../configuration/pki/index.rst:259
+#: ../../configuration/pki/index.rst:297
msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
msgstr "Muestra una lista de los certificados :abbr:`CA (Autoridad de certificación)` instalados."
-#: ../../configuration/pki/index.rst:294
+#: ../../configuration/pki/index.rst:332
msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
msgstr "Muestra una lista de las :abbr:`CRL (Lista de revocación de certificados)` instaladas."
-#: ../../configuration/pki/index.rst:277
+#: ../../configuration/pki/index.rst:315
msgid "Show a list of installed certificates"
msgstr "Mostrar una lista de certificados instalados"
@@ -12356,44 +11646,52 @@ msgstr "Mostrar información sobre el servicio Wireguard. También muestra el ú
msgid "Show information about physical `<interface>`"
msgstr "Mostrar información sobre el ` físico<interface> `"
+#: ../../configuration/service/ssh.rst:240
+msgid "Show list of IPs currently blocked by SSH dynamic-protection."
+msgstr "Show list of IPs currently blocked by SSH dynamic-protection."
+
+#: ../../configuration/service/mdns.rst:87
+msgid "Show logs for mDNS repeater service."
+msgstr "Show logs for mDNS repeater service."
+
#: ../../configuration/container/index.rst:159
msgid "Show logs from a given container"
msgstr "Mostrar registros de un contenedor dado"
-#: ../../configuration/service/dhcp-server.rst:520
+#: ../../configuration/service/dhcp-server.rst:420
msgid "Show logs from all DHCP client processes."
msgstr "Muestra los registros de todos los procesos del cliente DHCP."
-#: ../../configuration/service/dhcp-server.rst:740
+#: ../../configuration/service/dhcp-server.rst:672
msgid "Show logs from all DHCPv6 client processes."
msgstr "Muestra registros de todos los procesos de cliente DHCPv6."
-#: ../../configuration/service/dhcp-server.rst:524
+#: ../../configuration/service/dhcp-server.rst:424
msgid "Show logs from specific `interface` DHCP client process."
msgstr "Muestra los registros del proceso de cliente DHCP de `interfaz` específico."
-#: ../../configuration/service/dhcp-server.rst:744
+#: ../../configuration/service/dhcp-server.rst:676
msgid "Show logs from specific `interface` DHCPv6 client process."
msgstr "Muestra los registros del proceso de cliente DHCPv6 de `interfaz` específico."
-#: ../../configuration/pki/index.rst:273
+#: ../../configuration/pki/index.rst:311
msgid "Show only information for specified Certificate Authority."
msgstr "Mostrar solo información para la autoridad de certificación especificada."
-#: ../../configuration/pki/index.rst:290
+#: ../../configuration/pki/index.rst:328
msgid "Show only information for specified certificate."
msgstr "Mostrar solo información para el certificado especificado."
-#: ../../configuration/service/dhcp-server.rst:562
-#: ../../configuration/service/dhcp-server.rst:767
+#: ../../configuration/service/dhcp-server.rst:478
+#: ../../configuration/service/dhcp-server.rst:699
msgid "Show only leases in the specified pool."
msgstr "Mostrar solo arrendamientos en el grupo especificado."
-#: ../../configuration/service/dhcp-server.rst:776
+#: ../../configuration/service/dhcp-server.rst:708
msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
msgstr "Mostrar solo arrendamientos con el estado especificado. Estados posibles: abandonado, activo, todo, copia de seguridad, caducado, libre, liberado, restablecer (predeterminado = activo)"
-#: ../../configuration/service/dhcp-server.rst:571
+#: ../../configuration/service/dhcp-server.rst:496
msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
msgstr "Mostrar solo arrendamientos con el estado especificado. Estados posibles: todo, activo, libre, caducado, liberado, abandonado, restablecer, copia de seguridad (predeterminado = activo)"
@@ -12405,19 +11703,23 @@ msgstr "Muestra la entrada de la tabla de enrutamiento para la ruta predetermina
msgid "Show specific MACsec interface information"
msgstr "Mostrar información específica de la interfaz MACsec"
-#: ../../configuration/vpn/site2site_ipsec.rst:217
+#: ../../configuration/vpn/site2site_ipsec.rst:221
msgid "Show status of new setup:"
msgstr "Mostrar el estado de la nueva configuración:"
-#: ../../configuration/service/dhcp-server.rst:547
+#: ../../configuration/service/dhcp-server.rst:447
msgid "Show statuses of all active leases:"
msgstr "Mostrar estados de todas las concesiones activas:"
-#: ../../configuration/service/dhcp-server.rst:532
+#: ../../configuration/service/dhcp-server.rst:465
+msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+
+#: ../../configuration/service/dhcp-server.rst:432
msgid "Show the DHCP server statistics:"
msgstr "Mostrar las estadísticas del servidor DHCP:"
-#: ../../configuration/service/dhcp-server.rst:543
+#: ../../configuration/service/dhcp-server.rst:443
msgid "Show the DHCP server statistics for the specified pool."
msgstr "Muestra las estadísticas del servidor DHCP para el grupo especificado."
@@ -12437,11 +11739,22 @@ msgstr "Muestra la lista de todos los contenedores activos."
msgid "Show the local container images."
msgstr "Muestra las imágenes del contenedor local."
-#: ../../configuration/firewall/general.rst:1486
#: ../../configuration/firewall/general-legacy.rst:969
msgid "Show the logs of a specific Rule-Set."
msgstr "Muestra los registros de un conjunto de reglas específico."
+#: ../../configuration/firewall/bridge.rst:316
+msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv4.rst:1125
+msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv6.rst:1148
+msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
#: ../../configuration/protocols/failover.rst:75
#: ../../configuration/protocols/failover.rst:101
msgid "Show the route"
@@ -12455,7 +11768,7 @@ msgstr "Mostrar información del transceptor de los módulos de complemento, por
msgid "Showing BFD monitored static routes"
msgstr "Mostrando rutas estáticas monitoreadas por BFD"
-#: ../../configuration/service/dhcp-server.rst:752
+#: ../../configuration/service/dhcp-server.rst:684
msgid "Shows status of all assigned leases:"
msgstr "Muestra el estado de todos los arrendamientos asignados:"
@@ -12483,7 +11796,7 @@ msgstr "Tarjeta miniPCIe (LTE) Sierra Wireless AirPrime MC7455"
msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
msgstr "Sierra Wireless AirPrime MC7710 tarjeta miniPCIe (LTE)"
-#: ../../configuration/vpn/site2site_ipsec.rst:418
+#: ../../configuration/vpn/site2site_ipsec.rst:427
msgid "Similar combinations are applicable for the dead-peer-detection."
msgstr "Se aplican combinaciones similares para la detección de pares muertos."
@@ -12519,7 +11832,11 @@ msgstr "Dado que el servidor RADIUS sería un único punto de falla, se pueden c
msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
msgstr "Dado que el protocolo mDNS envía los registros AA en el propio paquete, el repetidor no necesita falsificar la dirección de origen. En cambio, la dirección de origen es la de la interfaz que repite el paquete."
-#: ../../configuration/interfaces/vxlan.rst:136
+#: ../../configuration/service/mdns.rst:14
+msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+
+#: ../../configuration/interfaces/vxlan.rst:157
msgid "Single VXLAN device (SVD)"
msgstr "Single VXLAN device (SVD)"
@@ -12540,6 +11857,10 @@ msgstr "El modo sitio a sitio es compatible con x.509 pero no lo requiere y tamb
msgid "Site to Site VPN"
msgstr "VPN de sitio a sitio"
+#: ../../configuration/pki/index.rst:275
+msgid "Size of the RSA key."
+msgstr "Size of the RSA key."
+
#: ../../configuration/interfaces/bonding.rst:47
msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
msgstr "La selección de esclavos para el tráfico saliente se realiza de acuerdo con la política hash de transmisión, que se puede cambiar de la política XOR simple predeterminada a través de la opción :cfgcmd:`hash-policy`, documentada a continuación."
@@ -12548,27 +11869,15 @@ msgstr "La selección de esclavos para el tráfico saliente se realiza de acuerd
msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
msgstr "Entonces, en nuestra política de firewall, queremos permitir el tráfico que ingresa en la interfaz externa, con destino al puerto TCP 80 y la dirección IP de 192.168.0.100."
+#: ../../configuration/nat/nat44.rst:579
+msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+
#: ../../configuration/service/snmp.rst:245
msgid "SolarWinds"
msgstr "Vientos solares"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
msgstr "Algunos ISP por defecto solo delegan un prefijo /64. Para solicitar un tamaño de prefijo específico, use esta opción para solicitar una delegación más grande para este pd `<id> `. Este valor está en el rango de 32 a 64, por lo que puede solicitar hasta un prefijo /32 (si su ISP lo permite) hasta una delegación /64."
@@ -12580,15 +11889,18 @@ msgstr "Algunos entornos de TI requieren el uso de un proxy para conectarse a In
msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
msgstr "Algunos servidores RADIUS_ utilizan una lista de control de acceso que permite o deniega consultas, asegúrese de agregar su enrutador VyOS a la lista de clientes permitidos."
-#: ../../configuration/nat/nat44.rst:626
+#: ../../configuration/nat/nat44.rst:650
msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
msgstr "Algunos proveedores de servicios de aplicaciones (ASP) operan una puerta de enlace VPN para proporcionar acceso a sus recursos internos y requieren que una organización de conexión traduzca todo el tráfico a la red del proveedor de servicios a una dirección de origen proporcionada por el ASP."
-#: ../../configuration/firewall/general.rst:86
#: ../../configuration/firewall/general-legacy.rst:38
msgid "Some firewall settings are global and have an affect on the whole system."
msgstr "Algunas configuraciones de firewall son globales y tienen un efecto en todo el sistema."
+#: ../../configuration/firewall/global-options.rst:13
+msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+
#: ../../configuration/trafficpolicy/index.rst:327
msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
msgstr "Algunas políticas ya incluyen otras políticas integradas en su interior. Ese es el caso de Shaper_: cada una de sus clases usa fair-queue a menos que lo cambies."
@@ -12621,15 +11933,15 @@ msgstr "Algunos usuarios tienden a conectar sus dispositivos móviles mediante W
msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
msgstr "A veces, las líneas de opción en la configuración de OpenVPN generada requieren comillas. Esto se hace a través de un truco en nuestro generador de configuración. Puede pasar comillas usando la instrucción ``&quot;``."
-#: ../../configuration/service/dhcp-server.rst:771
+#: ../../configuration/service/dhcp-server.rst:703
msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
msgstr "Ordene la salida por la clave especificada. Claves posibles: expira, iaid_duid, ip, last_comm, pool, restante, estado, tipo (predeterminado = ip)"
-#: ../../configuration/service/dhcp-server.rst:566
+#: ../../configuration/service/dhcp-server.rst:491
msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
msgstr "Ordene la salida por la clave especificada. Claves posibles: ip, dirección_de_hardware, estado, inicio, fin, restante, grupo, nombre de host (predeterminado = ip)"
-#: ../../configuration/nat/nat44.rst:226
+#: ../../configuration/nat/nat44.rst:238
msgid "Source Address"
msgstr "Dirección de la fuente"
@@ -12637,7 +11949,7 @@ msgstr "Dirección de la fuente"
msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
msgstr "Dirección IP de origen utilizada para la capa subyacente de VXLAN. Esto es obligatorio cuando se usa VXLAN a través de L2VPN/EVPN."
-#: ../../configuration/vpn/sstp.rst:257
+#: ../../configuration/vpn/sstp.rst:268
msgid "Source IPv4 address used in all RADIUS server queires."
msgstr "Dirección IPv4 de origen utilizada en todas las consultas del servidor RADIUS."
@@ -12662,6 +11974,10 @@ msgid "Source protocol to match."
msgstr "Protocolo de origen para que coincida."
#: ../../configuration/vpn/ipsec.rst:225
+msgid "Source tunnel from dummy interface"
+msgstr "Source tunnel from dummy interface"
+
+#: ../../configuration/vpn/ipsec.rst:225
msgid "Source tunnel from loopbacks"
msgstr "Túnel de origen desde loopbacks"
@@ -12685,15 +12001,15 @@ msgstr "Configuración de ahorro de energía de multiplexación espacial (SMPS)"
msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
msgstr "Especificar nhs hace que todos los paquetes de multidifusión se repitan en cada próximo salto configurado estáticamente."
-#: ../../configuration/vpn/sstp.rst:227
+#: ../../configuration/vpn/sstp.rst:238
msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Especifica la dirección IP para el servidor de extensión de autorización dinámica (DM/CoA)"
-#: ../../configuration/vpn/sstp.rst:183
+#: ../../configuration/vpn/sstp.rst:194
msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
msgstr "Especifica la preferencia de negociación :abbr:`MPPE (Microsoft Point-to-Point Encryption)`."
-#: ../../configuration/vrf/index.rst:475
+#: ../../configuration/vrf/index.rst:477
msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
msgstr "Especifica un mapa de ruta opcional que se aplicará a las rutas importadas o exportadas entre el VRF de unidifusión actual y la VPN."
@@ -12705,6 +12021,10 @@ msgstr "Especifica una red ascendente `<interface> ` del que responde `<server>
msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
msgstr "Especifica durante cuánto tiempo squid asume que un par de nombre de usuario:contraseña validado externamente es válido; en otras palabras, con qué frecuencia se llama al programa auxiliar para ese usuario. Configure este valor bajo para forzar la revalidación con contraseñas de corta duración."
+#: ../../configuration/interfaces/vxlan.rst:89
+msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+
#: ../../configuration/interfaces/bonding.rst:40
msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
msgstr "Especifica una de las políticas de vinculación. El valor predeterminado es 802.3ad. Los valores posibles son:"
@@ -12737,7 +12057,7 @@ msgstr "Especifica los algoritmos :abbr:`MAC (Código de autenticación de mensa
msgid "Specifies the base DN under which the users are located."
msgstr "Especifica el DN base bajo el cual se ubican los usuarios."
-#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:239
msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
msgstr "Especifica la máscara de subred de los clientes según RFC 950. Si no se establece, se utiliza la declaración de subred."
@@ -12774,31 +12094,35 @@ msgstr "Especifica el puerto `<port> ` en el que escuchará el puerto SSTP (pred
msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
msgstr "Especifica el ámbito de protección (también conocido como nombre de dominio) que se debe informar al cliente para el esquema de autenticación. Por lo general, es parte del texto que el usuario verá cuando se le solicite su nombre de usuario y contraseña."
-#: ../../configuration/vrf/index.rst:450
+#: ../../configuration/vrf/index.rst:452
msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
msgstr "Especifica la lista de destino de ruta que se adjuntará a una ruta (exportación) o la lista de destino de ruta para comparar (importar) al exportar/importar entre el VRF de unidifusión actual y VPN. RTLIST es una lista separada por espacios de ruta- objetivos, que son valores de comunidad extendida de BGP, tal como se describe en Atributo de comunidades extendidas."
-#: ../../configuration/vrf/index.rst:443
+#: ../../configuration/vrf/index.rst:445
msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
msgstr "Especifica el distintivo de ruta que se agregará a una ruta exportada desde el VRF de unidifusión actual a VPN."
-#: ../../configuration/vpn/sstp.rst:270
+#: ../../configuration/vpn/sstp.rst:281
msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
msgstr "Especifica el diccionario del proveedor, el diccionario debe estar en /usr/share/accel-ppp/radius."
-#: ../../configuration/vpn/sstp.rst:177
+#: ../../configuration/vpn/sstp.rst:188
msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
msgstr "Especifica el tiempo de espera en segundos para esperar cualquier actividad del compañero. Si se especifica esta opción, se activa la función de eco lcp adaptativo y no se utiliza &quot;lcp-echo-failure&quot;."
-#: ../../configuration/interfaces/vxlan.rst:72
+#: ../../configuration/interfaces/vxlan.rst:77
msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
msgstr "Especifica si se debe utilizar un plano de control externo (por ejemplo, BGP L2VPN/EVPN) o el FDB interno."
+#: ../../configuration/interfaces/vxlan.rst:94
+msgid "Specifies whether the VXLAN device is capable of vni filtering."
+msgstr "Specifies whether the VXLAN device is capable of vni filtering."
+
#: ../../configuration/protocols/ospf.rst:268
msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
msgstr "Especifica si este enrutador de borde NSSA traducirá incondicionalmente LSA de tipo 7 a LSA de tipo 5. Cuando el rol es Siempre, los LSA de tipo 7 se traducen a LSA de tipo 5 independientemente del estado del traductor de otros enrutadores de borde NSSA. Cuando el rol es Candidato, este enrutador participa en la elección del traductor para determinar si realizará las tareas de traducción. Cuando el rol es Nunca, este enrutador nunca traducirá LSA de tipo 7 a LSA de tipo 5."
-#: ../../configuration/vpn/sstp.rst:261
+#: ../../configuration/vpn/sstp.rst:272
msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
msgstr "Especifica qué atributo del servidor RADIUS contiene la información de límite de velocidad. El atributo predeterminado es `Filter-Id`."
@@ -12806,23 +12130,27 @@ msgstr "Especifica qué atributo del servidor RADIUS contiene la información de
msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
msgstr "Especifique la dirección de escucha IPv4/IPv6 del servidor SSH. Se pueden definir varias direcciones."
-#: ../../configuration/firewall/general.rst:663
-#: ../../configuration/firewall/general-legacy.rst:455
+#: ../../configuration/firewall/ipv4.rst:401
+#: ../../configuration/firewall/ipv6.rst:408
msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
msgstr "Especifique un nombre de dominio completo como comparador de origen/destino. Asegúrese de que el enrutador pueda resolver dicha consulta DNS."
-#: ../../configuration/service/dhcp-server.rst:620
+#: ../../configuration/service/dhcp-server.rst:550
msgid "Specify a NIS+ server address for DHCPv6 clients."
msgstr "Especifique una dirección de servidor NIS+ para clientes DHCPv6."
-#: ../../configuration/service/dhcp-server.rst:615
+#: ../../configuration/service/dhcp-server.rst:545
msgid "Specify a NIS server address for DHCPv6 clients."
msgstr "Especifique una dirección de servidor NIS para clientes DHCPv6."
-#: ../../configuration/service/dhcp-server.rst:625
+#: ../../configuration/service/dhcp-server.rst:555
msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
msgstr "Especifique un servidor :abbr:`SIP (protocolo de inicio de sesión)` por dirección IPv6 de nombre de dominio completo para todos los clientes DHCPv6."
+#: ../../configuration/protocols/pim.rst:129
+msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+
#: ../../configuration/system/task-scheduler.rst:33
msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed."
msgstr "Especificar absoluto `<path> ` al script que se ejecutará cuando `<task> ` se ejecuta."
@@ -12870,42 +12198,10 @@ msgid "Specify the LDAP server to connect to."
msgstr "Especifique el servidor LDAP al que conectarse."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
msgstr "Especifique el valor del identificador del agregador de nivel de sitio (SLA) en la interfaz. El ID debe ser un número decimal mayor que 0 que se ajuste a la longitud de los ID de SLA (consulte a continuación)."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
msgstr "Especifique la dirección de la interfaz utilizada localmente en la interfaz a la que se ha delegado el prefijo. El ID debe ser un entero decimal."
@@ -12929,7 +12225,7 @@ msgstr "Especificar los sistemas `<timezone> ` como la Región/Ubicación que me
msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
msgstr "Especifique el intervalo de tiempo cuando `<task> ` debe ejecutarse. El intervalo se especifica como número con uno de los siguientes sufijos:"
-#: ../../configuration/service/dns.rst:256
+#: ../../configuration/service/dns.rst:269
msgid "Specify timeout / update interval to check if IP address changed."
msgstr "Specify timeout / update interval to check if IP address changed."
@@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed."
msgid "Specify timeout interval for keepalive message in seconds."
msgstr "Especifique el intervalo de tiempo de espera para el mensaje de actividad en segundos."
-#: ../../configuration/interfaces/vxlan.rst:170
+#: ../../configuration/interfaces/vxlan.rst:191
msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
msgstr "Spine1 es un enrutador Cisco IOS que ejecuta la versión 15.4, Leaf2 y Leaf3 son cada uno un enrutador VyOS que ejecuta 1.2."
@@ -12953,7 +12249,11 @@ msgstr "Habló"
msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
msgstr "Squid_ es un proxy web HTTP de almacenamiento en caché y reenvío. Tiene una amplia variedad de usos, incluida la aceleración de un servidor web al almacenar en caché solicitudes repetidas, almacenar en caché web, DNS y otras búsquedas de redes informáticas para un grupo de personas que comparten recursos de red y ayudar a la seguridad al filtrar el tráfico. Aunque se usa principalmente para HTTP y FTP, Squid incluye soporte limitado para varios otros protocolos, incluidos Internet Gopher, SSL, [6] TLS y HTTPS. Squid no es compatible con el protocolo SOCKS."
-#: ../../configuration/nat/nat44.rst:791
+#: ../../configuration/service/https.rst:56
+msgid "Start Webserver in given VRF."
+msgstr "Start Webserver in given VRF."
+
+#: ../../configuration/nat/nat44.rst:813
msgid "Start by checking for IPSec SAs (Security Associations) with:"
msgstr "Comience por buscar IPSec SA (asociaciones de seguridad) con:"
@@ -12961,6 +12261,10 @@ msgstr "Comience por buscar IPSec SA (asociaciones de seguridad) con:"
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
+#: ../../configuration/firewall/zone.rst:13
+msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+
#: ../../configuration/firewall/index.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
@@ -12981,7 +12285,7 @@ msgstr "A partir de VyOS 1.2, se proporciona una funcionalidad de repetidor :abb
msgid "Static"
msgstr "Estático"
-#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/service/dhcp-server.rst:189
msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
msgstr "Dirección IP DHCP estática asignada al host identificado por `<description> `. La dirección IP debe estar dentro de `<subnet> ` que está definido pero puede estar fuera del rango dinámico creado con :cfgcmd:`set service dhcp-server shared-network-name<name> subred<subnet> rango<n> `. Si no se especifica una dirección IP, se utiliza una IP del grupo dinámico."
@@ -13009,13 +12313,13 @@ msgstr "El enrutamiento estático u otros protocolos de enrutamiento dinámico s
msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
-#: ../../configuration/service/dhcp-server.rst:209
-#: ../../configuration/service/dhcp-server.rst:689
+#: ../../configuration/service/dhcp-server.rst:174
+#: ../../configuration/service/dhcp-server.rst:621
msgid "Static mappings"
msgstr "Mapeos estáticos"
-#: ../../configuration/service/dhcp-server.rst:557
-#: ../../configuration/service/dhcp-server.rst:762
+#: ../../configuration/service/dhcp-server.rst:460
+#: ../../configuration/service/dhcp-server.rst:694
msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
msgstr "Las asignaciones estáticas no se muestran. Para mostrar todos los estados, utilice ``show dhcp server leases state all``."
@@ -13059,6 +12363,10 @@ msgstr "Módulos compatibles"
msgid "Supported channel width set."
msgstr "Conjunto de ancho de canal compatible."
+#: ../../configuration/system/frr.rst:30
+msgid "Supported daemons:"
+msgstr "Supported daemons:"
+
#: ../../configuration/service/router-advert.rst:11
msgid "Supported interface types:"
msgstr "Tipos de interfaz compatibles:"
@@ -13096,15 +12404,18 @@ msgstr "Synamic instruye a reenviar a todos los compañeros con los que tenemos
msgid "Sync groups"
msgstr "Sincronizar grupos"
-#: ../../configuration/firewall/general.rst:1264
+#: ../../configuration/firewall/ipv4.rst:911
+#: ../../configuration/firewall/ipv6.rst:920
msgid "Synproxy"
msgstr "Synproxy"
-#: ../../configuration/firewall/general.rst:1265
+#: ../../configuration/firewall/ipv4.rst:912
+#: ../../configuration/firewall/ipv6.rst:921
msgid "Synproxy connections"
msgstr "Synproxy connections"
-#: ../../configuration/firewall/general.rst:1282
+#: ../../configuration/firewall/ipv4.rst:929
+#: ../../configuration/firewall/ipv6.rst:938
msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
@@ -13177,7 +12488,7 @@ msgstr "El sistema no se puede usar: una condición de pánico"
msgid "TACACS+"
msgstr "TACACS+"
-#: ../../configuration/system/login.rst:416
+#: ../../configuration/system/login.rst:418
msgid "TACACS Example"
msgstr "Ejemplo de TACACS"
@@ -13226,6 +12537,14 @@ msgstr "Complemento de salida de Telegraf prometheus-client_"
msgid "Telegraf output plugin splunk_. HTTP Event Collector."
msgstr "Complemento de salida de Telegraf splunk_. Recopilador de eventos HTTP."
+#: ../../configuration/protocols/pim.rst:157
+msgid "Tell PIM that we would not like to use this interface to process bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process bootstrap messages."
+
+#: ../../configuration/protocols/pim.rst:162
+msgid "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+
#: ../../configuration/service/router-advert.rst:1
msgid "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
msgstr "Indicar a los hosts que utilicen el protocolo administrado (con estado) (es decir, DHCP) para la configuración automática de otra información (sin dirección)"
@@ -13234,7 +12553,7 @@ msgstr "Indicar a los hosts que utilicen el protocolo administrado (con estado)
msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
msgstr "Indicar a los hosts que utilicen el protocolo con estado administrado (es decir, DHCP) para la configuración automática"
-#: ../../configuration/vpn/sstp.rst:216
+#: ../../configuration/vpn/sstp.rst:227
msgid "Temporary disable this RADIUS server."
msgstr "Deshabilite temporalmente este servidor RADIUS."
@@ -13266,15 +12585,19 @@ msgstr "Pruebe la desconexión dada la interfaz orientada a la conexión. `<inte
msgid "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
msgstr "Pruebe la desconexión dada la interfaz orientada a la conexión. `<interface> ` puede ser ``sstpc0`` como ejemplo."
-#: ../../configuration/vpn/sstp.rst:293
+#: ../../configuration/nat/nat64.rst:70
+msgid "Test from the IPv6 only client:"
+msgstr "Test from the IPv6 only client:"
+
+#: ../../configuration/vpn/sstp.rst:305
msgid "Testing SSTP"
msgstr "Prueba de SSTP"
-#: ../../configuration/nat/nat44.rst:786
+#: ../../configuration/nat/nat44.rst:808
msgid "Testing and Validation"
msgstr "Pruebas y Validación"
-#: ../../configuration/interfaces/vxlan.rst:125
+#: ../../configuration/interfaces/vxlan.rst:146
msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
msgstr "Gracias a este descubrimiento, cualquier tráfico posterior entre PC4 y PC5 no utilizará la dirección de multidifusión entre las hojas, ya que ambas saben detrás de qué hoja están conectadas las PC. Esto ahorra tráfico, ya que se envían menos paquetes de multidifusión y se reduce la carga en la red, lo que mejora la escalabilidad cuando se agregan más hojas."
@@ -13282,7 +12605,7 @@ msgstr "Gracias a este descubrimiento, cualquier tráfico posterior entre PC4 y
msgid "That is how it is possible to do the so-called \"ingress shaping\"."
msgstr "Así es como es posible hacer el llamado &quot;formado de entrada&quot;."
-#: ../../configuration/nat/nat44.rst:806
+#: ../../configuration/nat/nat44.rst:828
msgid "That looks good - we defined 2 tunnels and they're both up and running."
msgstr "Eso se ve bien: definimos 2 túneles y ambos están en funcionamiento."
@@ -13290,7 +12613,7 @@ msgstr "Eso se ve bien: definimos 2 túneles y ambos están en funcionamiento."
msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
msgstr "El monitor ARP funciona comprobando periódicamente los dispositivos esclavos para determinar si han enviado o recibido tráfico recientemente (los criterios precisos dependen del modo de vinculación y el estado del esclavo). El tráfico regular se genera a través de sondas ARP emitidas para las direcciones especificadas por la opción :cfgcmd:`arp-monitor target`."
-#: ../../configuration/nat/nat44.rst:724
+#: ../../configuration/nat/nat44.rst:746
msgid "The ASP has documented their IPSec requirements:"
msgstr "El ASP ha documentado sus requisitos de IPSec:"
@@ -13307,21 +12630,6 @@ msgid "The CLNS address consists of the following parts:"
msgstr "La dirección CLNS consta de las siguientes partes:"
#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
msgstr "El identificador único de DHCP (DUID) lo utiliza un cliente para obtener una dirección IP de un servidor DHCPv6. Tiene un campo tipo DUID de 2 bytes y un campo identificador de longitud variable hasta 128 bytes. Su longitud real depende de su tipo. El servidor compara el DUID con su base de datos y entrega los datos de configuración (dirección, tiempos de arrendamiento, servidores DNS, etc.) al cliente."
@@ -13341,7 +12649,7 @@ msgstr "La política FQ-CoDel distribuye el tráfico en 1024 colas FIFO e intent
msgid "The HTTP service listen on TCP port 80."
msgstr "El servicio HTTP escucha en el puerto TCP 80."
-#: ../../configuration/nat/nat44.rst:505
+#: ../../configuration/nat/nat44.rst:525
msgid "The IP address of the internal system we wish to forward traffic to."
msgstr "La dirección IP del sistema interno al que deseamos reenviar el tráfico."
@@ -13365,7 +12673,7 @@ msgstr "El recursor PowerDNS tiene 5 niveles diferentes de procesamiento DNSSEC,
msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
msgstr "Priority Queue es una política de programación con clases. No retrasa los paquetes (Priority Queue no es una política de modelado), simplemente saca los paquetes de la cola según su prioridad."
-#: ../../configuration/vpn/openconnect.rst:287
+#: ../../configuration/vpn/openconnect.rst:294
msgid "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
msgstr "La función de contabilidad RADIUS debe usarse con el modo de autenticación RADIUS de OpenConnect. No se puede utilizar con autenticación local. Debe configurar el modo de autenticación de OpenConnect en &quot;radius&quot;."
@@ -13393,18 +12701,22 @@ msgstr "La especificación VXLAN fue creada originalmente por VMware, Arista Net
msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
msgstr "El reenviador DNS de VyOS no requiere un servidor DNS ascendente. Puede servir como un servidor DNS recursivo completo, pero también puede reenviar consultas a servidores DNS ascendentes configurables. Al no configurar ningún servidor DNS ascendente, también evita que el proveedor de su servidor DNS ascendente lo rastree."
-#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:173
msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
msgstr "El reenviador de DNS de VyOS solo aceptará solicitudes de búsqueda de las subredes LAN: 192.168.1.0/24 y 2001:db8::/64"
-#: ../../configuration/service/dns.rst:158
+#: ../../configuration/service/dns.rst:171
msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
msgstr "El reenviador de DNS de VyOS solo escuchará solicitudes en las direcciones de interfaz eth1 (LAN): 192.168.1.254 para IPv4 y 2001:db8::ffff para IPv6"
-#: ../../configuration/service/dns.rst:162
+#: ../../configuration/service/dns.rst:175
msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
msgstr "El reenviador de DNS de VyOS pasará búsquedas inversas para las zonas 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa al servidor ascendente."
+#: ../../configuration/pki/index.rst:254
+msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+
#: ../../configuration/container/index.rst:7
msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
msgstr "La implementación del contenedor VyOS se basa en `Podman<https://podman.io/> ` como un motor contenedor sin demonios."
@@ -13466,14 +12778,19 @@ msgstr "La ``dirección de origen`` debe configurarse en una de las interfaces d
msgid "The `show bridge` operational command can be used to display configured bridges:"
msgstr "El comando operativo `show bridge` se puede utilizar para mostrar los puentes configurados:"
-#: ../../configuration/vpn/openconnect.rst:246
+#: ../../configuration/vpn/openconnect.rst:253
msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
msgstr "El directorio anterior y la configuración predeterminada deben ser un directorio secundario de /config/auth, ya que los archivos fuera de este directorio no se conservan después de una actualización de imagen."
-#: ../../configuration/firewall/general.rst:332
+#: ../../configuration/firewall/ipv4.rst:86
+#: ../../configuration/firewall/ipv6.rst:86
msgid "The action can be :"
msgstr "The action can be :"
+#: ../../configuration/pki/index.rst:271
+msgid "The address the server listens to during http-01 challenge"
+msgstr "The address the server listens to during http-01 challenge"
+
#: ../../configuration/protocols/bgp.rst:775
msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
msgstr "La ventaja de esto es que la selección de ruta (en este punto) será más determinista. La desventaja es que algunos o incluso un enrutador de ID más bajo pueden atraer todo el tráfico a rutas iguales debido a esta verificación. Puede aumentar la posibilidad de oscilación MED o IGP, a menos que se hayan tomado otras medidas para evitarlas. El comportamiento exacto será sensible al iBGP y la topología de reflexión."
@@ -13483,25 +12800,6 @@ msgid "The allocated address block is 100.64.0.0/10."
msgstr "El bloque de direcciones asignado es 100.64.0.0/10."
#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
msgid "The amount of Duplicate Address Detection probes to send."
msgstr "The amount of Duplicate Address Detection probes to send."
@@ -13525,7 +12823,7 @@ msgstr "La interfaz de vinculación proporciona un método para agregar múltipl
msgid "The case of ingress shaping"
msgstr "El caso de la conformación de ingreso"
-#: ../../configuration/service/pppoe-server.rst:398
+#: ../../configuration/service/pppoe-server.rst:385
msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
msgstr "El cliente, una vez autenticado con éxito, recibirá una dirección IPv4 y una dirección IPv6 /64 para terminar el extremo pppoe en el lado del cliente y una subred /56 para uso interno del cliente."
@@ -13541,7 +12839,7 @@ msgstr "El comando :opcmd:`show interfaces wireguard wg01 public-key` mostrará
msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
msgstr "El comando también genera una configuración recortada que se puede copiar/pegar en la CLI de VyOS si es necesario. El `` suministrado<name> `` en la CLI se convertirá en el nombre del par en el fragmento."
-#: ../../configuration/service/pppoe-server.rst:244
+#: ../../configuration/service/pppoe-server.rst:231
msgid "The command below enables it, assuming the RADIUS connection has been setup and is working."
msgstr "El siguiente comando lo habilita, suponiendo que la conexión RADIUS se haya configurado y esté funcionando."
@@ -13557,9 +12855,9 @@ msgstr "El comando pon TESTUNNEL establece el túnel PPTP al sistema remoto."
msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
msgstr "Las computadoras en una red interna pueden usar cualquiera de las direcciones reservadas por la :abbr:`IANA (Autoridad de Números Asignados en Internet)` para direccionamiento privado (ver :rfc:`1918`). Estas direcciones IP reservadas no están en uso en Internet, por lo que una máquina externa no las enrutará directamente. Las siguientes direcciones están reservadas para uso privado:"
-#: ../../configuration/service/dhcp-server.rst:244
-#: ../../configuration/service/dhcp-server.rst:670
-#: ../../configuration/service/dhcp-server.rst:712
+#: ../../configuration/service/dhcp-server.rst:210
+#: ../../configuration/service/dhcp-server.rst:601
+#: ../../configuration/service/dhcp-server.rst:644
msgid "The configuration will look as follows:"
msgstr "La configuración se verá de la siguiente manera:"
@@ -13579,7 +12877,7 @@ msgstr "La tabla de expectativas de seguimiento de conexiones contiene una entra
msgid "The connection tracking table contains one entry for each connection being tracked by the system."
msgstr "La tabla de seguimiento de conexiones contiene una entrada para cada conexión que rastrea el sistema."
-#: ../../configuration/service/pppoe-server.rst:238
+#: ../../configuration/service/pppoe-server.rst:225
msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
msgstr "El atributo actual &#39;Filter-Id&#39; se usa de forma predeterminada y se puede configurar dentro de RADIUS:"
@@ -13607,30 +12905,18 @@ msgstr "El nombre de host predeterminado utilizado es `vyos`."
msgid "The default is 1492."
msgstr "The default is 1492."
-#: ../../configuration/service/dhcp-server.rst:596
+#: ../../configuration/service/dhcp-server.rst:526
msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
msgstr "El tiempo de concesión predeterminado para las concesiones de DHCPv6 es de 24 horas. Esto se puede cambiar proporcionando un ``tiempo predeterminado``, ``tiempo máximo`` y ``tiempo mínimo``. Todos los valores deben proporcionarse en segundos."
-#: ../../configuration/interfaces/vxlan.rst:336
+#: ../../configuration/interfaces/vxlan.rst:357
msgid "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
msgstr "El puerto predeterminado udp se establece en 8472. Se puede cambiar con ``set interface vxlan<vxlanN> puerto<port> ``"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
+#: ../../configuration/protocols/pim.rst:52
+msgid "The default time is 60 seconds."
+msgstr "The default time is 60 seconds."
+
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
msgid "The default value corresponds to 64."
msgstr "El valor por defecto corresponde a 64."
@@ -13643,7 +12929,15 @@ msgstr "El valor predeterminado es 0. Esto hará que se afirme el operador (para
msgid "The default value is 300 seconds."
msgstr "El valor predeterminado es 300 segundos."
-#: ../../configuration/service/dhcp-server.rst:113
+#: ../../configuration/protocols/pim.rst:214
+msgid "The default value is 3."
+msgstr "The default value is 3."
+
+#: ../../configuration/protocols/pim.rst:68
+msgid "The default value is 3 packets."
+msgstr "The default value is 3 packets."
+
+#: ../../configuration/service/dhcp-server.rst:99
msgid "The default value is 86400 seconds which corresponds to one day."
msgstr "El valor predeterminado es 86400 segundos que corresponde a un día."
@@ -13655,25 +12949,29 @@ msgstr "El valor predeterminado es lento."
msgid "The default values for the minimum-threshold depend on IP precedence:"
msgstr "Los valores predeterminados para el umbral mínimo dependen de la precedencia de IP:"
-#: ../../configuration/interfaces/vxlan.rst:313
+#: ../../configuration/interfaces/vxlan.rst:334
msgid "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
msgstr "El puerto de destino utilizado para crear una interfaz VXLAN en Linux tiene por defecto su valor anterior al estándar de 8472 para preservar la compatibilidad con versiones anteriores. Una directiva de configuración para admitir un puerto de destino especificado por el usuario para anular ese comportamiento está disponible mediante el comando anterior."
-#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/interfaces/vxlan.rst:98
+msgid "The device can only receive packets with VNIs configured in the VNI filtering table."
+msgstr "The device can only receive packets with VNIs configured in the VNI filtering table."
+
+#: ../../configuration/service/dhcp-server.rst:165
msgid "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
msgstr "El diálogo entre los socios de conmutación por error no está encriptado ni autenticado. Dado que la mayoría de los servidores DHCP existen dentro de la Intranet segura de una organización, esto sería una sobrecarga innecesaria. Sin embargo, si tiene pares de conmutación por error DHCP cuyas comunicaciones atraviesan redes inseguras, le recomendamos que considere el uso de túneles VPN entre ellos para garantizar que la asociación de conmutación por error sea inmune a la interrupción (accidental o de otro tipo) a través de terceros."
-#: ../../configuration/service/dhcp-server.rst:36
-#: ../../configuration/service/dhcp-server.rst:138
+#: ../../configuration/service/dhcp-server.rst:31
+#: ../../configuration/service/dhcp-server.rst:124
msgid "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
msgstr "El parámetro de nombre de dominio debe ser el nombre de dominio que se agregará al nombre de host del cliente para formar un nombre de dominio completo (FQDN) (Opción 015 de DHCP)."
-#: ../../configuration/service/dhcp-server.rst:45
-#: ../../configuration/service/dhcp-server.rst:145
+#: ../../configuration/service/dhcp-server.rst:40
+#: ../../configuration/service/dhcp-server.rst:131
msgid "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
msgstr "El parámetro de nombre de dominio debe ser el nombre de dominio utilizado al completar la solicitud de DNS donde no se pasa FQDN completo. Esta opción se puede dar varias veces si necesita varios dominios de búsqueda (Opción 119 de DHCP)."
-#: ../../configuration/nat/nat44.rst:694
+#: ../../configuration/nat/nat44.rst:718
msgid "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
msgstr "La interfaz ficticia nos permite tener un equivalente de la interfaz Cisco IOS Loopback: una interfaz interna del enrutador que podemos usar para las direcciones IP que el enrutador debe conocer, pero que en realidad no están asignadas a una red real."
@@ -13689,11 +12987,11 @@ msgstr "El proxy Squid incorporado puede usar LDAP para autenticar a los usuario
msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
msgstr "El ejemplo anterior usa 192.0.2.2 como dirección IP externa. Un LAC normalmente requiere una contraseña de autenticación, que se establece en la configuración de ejemplo en ``lns shared-secret &#39;secret&#39;``. Esta configuración requiere que se deshabilite el Protocolo de control de compresión (CCP), el comando ``set vpn l2tp remote-access ccp-disable`` lo logra."
-#: ../../configuration/service/pppoe-server.rst:382
+#: ../../configuration/service/pppoe-server.rst:369
msgid "The example below covers a dual-stack configuration via pppoe-server."
msgstr "El siguiente ejemplo cubre una configuración de doble pila a través del servidor pppoe."
-#: ../../configuration/service/pppoe-server.rst:361
+#: ../../configuration/service/pppoe-server.rst:348
msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
msgstr "El siguiente ejemplo usa ACN como nombre de concentrador de acceso, asigna una dirección del grupo 10.1.1.100-111, termina en el extremo local 10.1.1.1 y atiende solicitudes solo en eth1."
@@ -13705,7 +13003,7 @@ msgstr "La configuración de ejemplo a continuación asignará una IP al cliente
msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
msgstr "El ejemplo crea una estación inalámbrica (comúnmente conocida como cliente Wi-Fi) que accede a la red a través del WAP definido en el ejemplo anterior. Se utiliza el dispositivo físico predeterminado (``phy0``)."
-#: ../../configuration/nat/nat44.rst:319
+#: ../../configuration/nat/nat44.rst:331
msgid "The external IP address to translate to"
msgstr "La dirección IP externa a traducir"
@@ -13730,23 +13028,18 @@ msgid "The first and arguably cleaner option is to make your IPsec policy match
msgstr "La primera y posiblemente más limpia opción es hacer que su política IPsec coincida con los paquetes GRE entre las direcciones externas de sus enrutadores. Esta es la mejor opción si ambos enrutadores tienen direcciones externas estáticas."
#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
msgid "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
msgstr "El primer mecanismo de control de flujo, el marco de pausa, fue definido por el estándar IEEE 802.3x."
+#: ../../configuration/protocols/pim.rst:93
+msgid "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+msgstr "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+
#: ../../configuration/vpn/dmvpn.rst:63
msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
msgstr "La primera solicitud de registro se envía a la dirección de transmisión del protocolo y la dirección del protocolo real del servidor se detecta dinámicamente a partir de la primera respuesta de registro."
-#: ../../configuration/vpn/sstp.rst:299
+#: ../../configuration/vpn/sstp.rst:311
msgid "The following PPP configuration tests MSCHAP-v2:"
msgstr "La siguiente configuración de PPP prueba MSCHAP-v2:"
@@ -13810,6 +13103,10 @@ msgstr "La siguiente topología de ejemplo se creó utilizando EVE-NG."
msgid "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
msgstr "El siguiente ejemplo mostrará cómo se puede usar VyOS para redirigir el tráfico web a un proxy transparente externo:"
+#: ../../configuration/nat/nat64.rst:40
+msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+
#: ../../configuration/interfaces/wwan.rst:309
msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
msgstr "Los siguientes módulos de hardware se han probado con éxito en una placa :ref:`pc-engines-apu4`:"
@@ -13839,7 +13136,7 @@ msgid "The forwarding delay time is the time spent in each of the listening and
msgstr "El tiempo de retardo de reenvío es el tiempo que se pasa en cada uno de los estados de escucha y aprendizaje antes de ingresar al estado de Reenvío. Este retraso es para que cuando un nuevo puente llegue a una red ocupada, observe algo de tráfico antes de participar."
#: ../../configuration/service/dhcp-relay.rst:98
-#: ../../configuration/service/dhcp-relay.rst:184
+#: ../../configuration/service/dhcp-relay.rst:186
msgid "The generated configuration will look like:"
msgstr "La configuración generada se verá así:"
@@ -13871,7 +13168,7 @@ msgstr "El nombre de host puede tener hasta 63 caracteres. Un nombre de host deb
msgid "The hostname or IP address of the master"
msgstr "El nombre de host o la dirección IP del maestro"
-#: ../../configuration/service/dhcp-server.rst:700
+#: ../../configuration/service/dhcp-server.rst:632
msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
msgstr "El identificador es el DUID del dispositivo: lista hexadecimal separada por dos puntos (como se usa en la opción dhcpv6.client-id de isc-dhcp). Si el dispositivo ya tiene una concesión dinámica del servidor DHCPv6, su DUID se puede encontrar con ``show service dhcpv6 server leases``. El DUID comienza en el 5.° octeto (después de los 4.° dos puntos) de IAID_DUID."
@@ -13880,12 +13177,10 @@ msgid "The individual spoke configurations only differ in the local IP address o
msgstr "Las configuraciones de radios individuales solo difieren en la dirección IP local en la interfaz ``tun10``. Consulte el diagrama anterior para ver las direcciones IP individuales."
#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
msgstr "La etiqueta interna es la etiqueta que está más cerca de la porción de carga útil del marco. Se llama oficialmente C-TAG (etiqueta de cliente, con ethertype 0x8100). La etiqueta exterior es la más cercana/cercana al encabezado de Ethernet, su nombre es S-TAG (etiqueta de servicio con tipo de Ethernet = 0x88a8)."
-#: ../../configuration/nat/nat44.rst:503
+#: ../../configuration/nat/nat44.rst:523
msgid "The interface traffic will be coming in on;"
msgstr "El tráfico de la interfaz estará entrando;"
@@ -13893,7 +13188,7 @@ msgstr "El tráfico de la interfaz estará entrando;"
msgid "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
msgstr "La interfaz utilizada para recibir y retransmitir paquetes de difusión individuales. Si desea recibir/retransmitir paquetes tanto en `eth1` como en `eth2`, es necesario agregar ambas interfaces."
-#: ../../configuration/nat/nat44.rst:317
+#: ../../configuration/nat/nat44.rst:329
msgid "The internal IP addresses we want to translate"
msgstr "Las direcciones IP internas que queremos traducir"
@@ -13937,6 +13232,14 @@ msgstr "El sitio local tendrá una subred de 10.0.0.0/16."
msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
msgstr "La interfaz de red loopback es un dispositivo de red virtual implementado completamente en software. Todo el tráfico que se le envía &quot;retrocede&quot; y solo se dirige a los servicios en su máquina local."
+#: ../../configuration/firewall/index.rst:20
+msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+
+#: ../../configuration/firewall/index.rst:92
+msgid "The main structure VyOS firewall cli is shown next:"
+msgstr "The main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/interfaces/bonding.rst:271
msgid "The maximum number of targets that can be specified is 16. The default value is no IP address."
msgstr "El número máximo de destinos que se pueden especificar es 16. El valor predeterminado es ninguna dirección IP."
@@ -13961,7 +13264,7 @@ msgstr "El intervalo mínimo de transmisión de recepción de eco que este siste
msgid "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
msgstr "La aplicación más visible del protocolo es para el acceso a cuentas shell en sistemas operativos similares a Unix, pero también tiene un uso limitado en Windows. En 2015, Microsoft anunció que incluiría soporte nativo para SSH en una versión futura."
-#: ../../configuration/interfaces/vxlan.rst:292
+#: ../../configuration/interfaces/vxlan.rst:313
msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
msgstr "El grupo de multidifusión utilizado por todas las hojas para esta extensión de vlan. Tiene que ser igual en todas las hojas que tenga esta interfaz."
@@ -14010,12 +13313,10 @@ msgid "The optional parameter register specifies that Registration Request shoul
msgstr "El registro de parámetros opcional especifica que la solicitud de registro debe enviarse a este par en el inicio."
#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
msgid "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
msgstr "La especificación 802.1q_ original permite insertar un solo encabezado de red de área local virtual (VLAN) en una trama Ethernet. QinQ permite insertar múltiples etiquetas VLAN en un solo marco, una capacidad esencial para implementar topologías de red Metro Ethernet. Así como QinQ amplía 802.1Q, QinQ se amplía con otros protocolos Metro Ethernet."
-#: ../../configuration/nat/nat44.rst:318
+#: ../../configuration/nat/nat44.rst:330
msgid "The outgoing interface to perform the translation on"
msgstr "La interfaz saliente para realizar la traducción en"
@@ -14051,11 +13352,11 @@ msgstr "El prefijo y el ASN que lo originaron coinciden con un ROA firmado. Esto
msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
msgstr "El prefijo o la longitud del prefijo y el ASN que lo originó no coincide con ningún ROA existente. Esto podría ser el resultado de un secuestro de prefijo, o simplemente una configuración incorrecta, pero probablemente debería tratarse como anuncios de ruta no confiables."
-#: ../../configuration/service/dhcp-server.rst:434
+#: ../../configuration/service/dhcp-server.rst:375
msgid "The primary DHCP server uses address `192.168.189.252`"
msgstr "El servidor DHCP primario usa la dirección `192.168.189.252`"
-#: ../../configuration/service/dhcp-server.rst:193
+#: ../../configuration/service/dhcp-server.rst:158
msgid "The primary and secondary statements determines whether the server is primary or secondary."
msgstr "Las sentencias principal y secundaria determinan si el servidor es principal o secundario."
@@ -14067,7 +13368,7 @@ msgstr "La opción principal solo es válida para el modo de copia de seguridad
msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
msgstr "La prioridad debe ser un número entero de 1 a 255. Un valor de prioridad más alto aumenta la precedencia del enrutador en las elecciones de maestro."
-#: ../../configuration/service/dhcp-server.rst:609
+#: ../../configuration/service/dhcp-server.rst:539
msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
msgstr "El procedimiento para especificar un dominio :abbr:`NIS+ (Network Information Service Plus)` es similar al del dominio NIS:"
@@ -14075,7 +13376,7 @@ msgstr "El procedimiento para especificar un dominio :abbr:`NIS+ (Network Inform
msgid "The prompt is adjusted to reflect this change in both config and op-mode."
msgstr "El indicador se ajusta para reflejar este cambio tanto en la configuración como en el modo operativo."
-#: ../../configuration/nat/nat44.rst:504
+#: ../../configuration/nat/nat44.rst:524
msgid "The protocol and port we wish to forward;"
msgstr "El protocolo y puerto que deseamos reenviar;"
@@ -14124,7 +13425,7 @@ msgstr "El usuario remoto usará el cliente openconnect para conectarse al enrut
msgid "The required config file may look like this:"
msgstr "El archivo de configuración requerido puede verse así:"
-#: ../../configuration/nat/nat44.rst:683
+#: ../../configuration/nat/nat44.rst:707
msgid "The required configuration can be broken down into 4 major pieces:"
msgstr "La configuración requerida se puede dividir en 4 partes principales:"
@@ -14160,7 +13461,7 @@ msgstr "El enrutador debe descartar los paquetes DHCP que ya contienen informaci
msgid "The sFlow accounting based on hsflowd https://sflow.net/"
msgstr "La contabilidad de sFlow basada en hsflowd https://sflow.net/"
-#: ../../configuration/vpn/openconnect.rst:263
+#: ../../configuration/vpn/openconnect.rst:270
msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
msgstr "Las mismas opciones de configuración se aplican cuando la configuración basada en identidad está configurada en modo de grupo, excepto que el modo de grupo solo se puede usar con la autenticación RADIUS."
@@ -14172,7 +13473,7 @@ msgstr "Sin embargo, el esquema anterior no funciona cuando uno de los enrutador
msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
msgstr "El filtro de búsqueda puede contener hasta 15 ocurrencias de %s que serán reemplazadas por el nombre de usuario, como en &quot;uid=%s&quot; para los directorios :rfc:`2037`. Para obtener una descripción detallada de la sintaxis del filtro de búsqueda LDAP, consulte :rfc:`2254`."
-#: ../../configuration/service/dhcp-server.rst:435
+#: ../../configuration/service/dhcp-server.rst:376
msgid "The secondary DHCP server uses address `192.168.189.253`"
msgstr "El servidor DHCP secundario usa la dirección `192.168.189.253`"
@@ -14184,7 +13485,7 @@ msgstr "El enfoque de seguridad en los objetivos SNMPv3:"
msgid "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
msgstr "La secuencia ``^Ec?`` se traduce como: ``Ctrl+E c ?``. Para salir de la sesión use: ``Ctrl+E c .``"
-#: ../../configuration/interfaces/vxlan.rst:168
+#: ../../configuration/interfaces/vxlan.rst:189
msgid "The setup is this: Leaf2 - Spine1 - Leaf3"
msgstr "La configuración es esta: Leaf2 - Spine1 - Leaf3"
@@ -14197,11 +13498,6 @@ msgid "The speed (baudrate) of the console device. Supported values are:"
msgstr "La velocidad (velocidad en baudios) del dispositivo de la consola. Los valores admitidos son:"
#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
msgstr "El estándar fue desarrollado por IEEE 802.1, un grupo de trabajo del comité de estándares IEEE 802, y continúa siendo revisado activamente. Una de las revisiones notables es 802.1Q-2014, que incorporó IEEE 802.1aq (Shortest Path Bridging) y gran parte del estándar IEEE 802.1d."
@@ -14221,7 +13517,7 @@ msgstr "La tabla consta de los siguientes datos:"
msgid "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
msgstr "El programador de tareas le permite ejecutar tareas en un horario determinado. Hace uso de UNIX cron_."
-#: ../../configuration/nat/nat44.rst:233
+#: ../../configuration/nat/nat44.rst:245
msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
msgstr "La dirección de traducción debe establecerse en una de las direcciones disponibles en la &quot;interfaz de salida&quot; configurada o debe establecerse en &quot;mascarada&quot;, que utilizará la dirección IP principal de la &quot;interfaz de salida&quot; como su dirección de traducción."
@@ -14245,22 +13541,7 @@ msgstr "El uso de IPoE soluciona la desventaja de que PPP no es adecuado para la
msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
msgstr "El valor del atributo ``NAS-Port-Id`` debe tener menos de 16 caracteres; de lo contrario, no se cambiará el nombre de la interfaz."
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
+#: ../../_include/interface-dhcp-options.txt:36
msgid "The vendor-class-id option can be used to request a specific class of vendor options from the server."
msgstr "La opción ID de clase de proveedor se puede utilizar para solicitar una clase específica de opciones de proveedor del servidor."
@@ -14276,7 +13557,7 @@ msgstr "El tamaño de la ventana debe estar entre 1 y 21."
msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
msgstr "El cliente inalámbrico (solicitante) se autentica contra el servidor RADIUS (servidor de autenticación) utilizando un método :abbr:`EAP (Protocolo de autenticación extensible)` configurado en el servidor RADIUS. La función WAP (también conocida como autenticador) es enviar todos los mensajes de autenticación entre el solicitante y el servidor de autenticación configurado, por lo que el servidor RADIUS es responsable de autenticar a los usuarios."
-#: ../../configuration/nat/nat44.rst:597
+#: ../../configuration/nat/nat44.rst:621
msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
msgstr "Luego, se crea una regla SNAT correspondiente al tráfico saliente NAT para la IP interna a una IP externa reservada. Esto dedica una dirección IP externa a una dirección IP interna y es útil para protocolos que no tienen la noción de puertos, como GRE."
@@ -14300,16 +13581,22 @@ msgstr "Hay una variedad de interfaces GUI de cliente para cualquier plataforma"
msgid "There are 3 default NTP server set. You are able to change them."
msgstr "Hay 3 servidores NTP predeterminados establecidos. Usted es capaz de cambiarlos."
-#: ../../configuration/firewall/general.rst:536
-#: ../../configuration/firewall/general-legacy.rst:380
+#: ../../configuration/firewall/ipv4.rst:269
+#: ../../configuration/firewall/ipv6.rst:269
msgid "There are a lot of matching criteria against which the package can be tested."
msgstr "Hay muchos criterios coincidentes con los que se puede probar el paquete."
+#: ../../configuration/firewall/bridge.rst:221
+#: ../../configuration/firewall/ipv4.rst:303
+#: ../../configuration/firewall/ipv6.rst:303
+msgid "There are a lot of matching criteria against which the packet can be tested."
+msgstr "There are a lot of matching criteria against which the packet can be tested."
+
#: ../../configuration/policy/route.rst:40
msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
msgstr "Hay muchas opciones de criterios coincidentes disponibles, tanto para ``policy route`` como para ``policy route6``. Estas opciones se enumeran en esta sección."
-#: ../../configuration/system/ipv6.rst:91
+#: ../../configuration/system/ipv6.rst:92
msgid "There are different parameters for getting prefix-list information:"
msgstr "Hay diferentes parámetros para obtener información de la lista de prefijos:"
@@ -14362,33 +13649,9 @@ msgid "There is also a GRE over IPv6 encapsulation available, it is called: ``ip
msgstr "También hay disponible una encapsulación GRE sobre IPv6, se llama: ``ip6gre``."
#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
msgid "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
msgstr "Hay un capítulo completo sobre cómo configurar un :ref:`vrf`, consulte esto para obtener información adicional."
-#: ../../configuration/protocols/igmp.rst:93
#: ../../configuration/protocols/pim6.rst:27
msgid "These are the commands for a basic setup."
msgstr "Estos son los comandos para una configuración básica."
@@ -14413,6 +13676,10 @@ msgstr "Estos parámetros deben formar parte de las opciones globales de DHCP. S
msgid "They can be **decimal** prefixes."
msgstr "Pueden ser prefijos **decimales**."
+#: ../../configuration/firewall/flowtables.rst:102
+msgid "Things to be considred in this setup:"
+msgstr "Things to be considred in this setup:"
+
#: ../../configuration/interfaces/l2tpv3.rst:54
msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Esta dirección debe ser la dirección de una interfaz local. Puede especificarse como una dirección IPv4 o una dirección IPv6."
@@ -14438,6 +13705,10 @@ msgstr "Este algoritmo colocará todo el tráfico a un par de red en particular
msgid "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
msgstr "Esto permite evitar que caduquen los temporizadores definidos en el protocolo BGP y OSPF."
+#: ../../configuration/system/frr.rst:17
+msgid "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+msgstr "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+
#: ../../configuration/service/dns.rst:41
msgid "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
msgstr "Esto también funciona para las zonas de búsqueda inversa (``18.172.in-addr.arpa``)."
@@ -14503,7 +13774,7 @@ msgstr "Este comando permite especificar el tipo de distribución para la red co
msgid "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
msgstr "Este comando permite utilizar el mapa de rutas para filtrar las rutas redistribuidas. Hay seis modos disponibles para el origen de la ruta: conectado, kernel, ospf, rip, static, table."
-#: ../../configuration/protocols/ospf.rst:1259
+#: ../../configuration/protocols/ospf.rst:1261
msgid "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "Este comando permite usar el mapa de ruta para filtrar las rutas redistribuidas desde una fuente de ruta dada. Hay cinco modos disponibles para el origen de la ruta: bgp, conectado, kernel, ripng, estático."
@@ -14734,23 +14005,27 @@ msgstr "Este comando deshabilita la reflexión de ruta entre clientes de reflect
msgid "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
msgstr "Este comando deshabilita el horizonte dividido en la interfaz. De forma predeterminada, VyOS no anuncia rutas RIP fuera de la interfaz en la que se aprendieron (horizonte dividido).3"
-#: ../../configuration/protocols/bgp.rst:1008
+#: ../../configuration/protocols/isis.rst:318
+msgid "This command disables the load sharing across multiple LFA backups."
+msgstr "This command disables the load sharing across multiple LFA backups."
+
+#: ../../configuration/protocols/bgp.rst:1009
msgid "This command displays BGP dampened routes."
msgstr "Este comando muestra las rutas amortiguadas de BGP."
-#: ../../configuration/protocols/bgp.rst:1031
+#: ../../configuration/protocols/bgp.rst:1032
msgid "This command displays BGP received-routes that are accepted after filtering."
msgstr "Este comando muestra las rutas recibidas de BGP que se aceptan después del filtrado."
-#: ../../configuration/protocols/bgp.rst:1021
+#: ../../configuration/protocols/bgp.rst:1022
msgid "This command displays BGP routes advertised to a neighbor."
msgstr "Este comando muestra las rutas BGP anunciadas a un vecino."
-#: ../../configuration/protocols/bgp.rst:1016
+#: ../../configuration/protocols/bgp.rst:1017
msgid "This command displays BGP routes allowed by the specified AS Path access list."
msgstr "Este comando muestra las rutas BGP permitidas por la lista de acceso de AS Path especificada."
-#: ../../configuration/protocols/bgp.rst:1025
+#: ../../configuration/protocols/bgp.rst:1026
msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
msgstr "Este comando muestra las rutas BGP que se originan en el vecino BGP especificado antes de que se aplique la política de entrada. Para usar este comando, la reconfiguración suave entrante debe estar habilitada."
@@ -14763,17 +14038,17 @@ msgid "This command displays RIP routes."
msgstr "Este comando muestra las rutas RIP."
#: ../../configuration/protocols/ospf.rst:785
-#: ../../configuration/protocols/ospf.rst:1304
+#: ../../configuration/protocols/ospf.rst:1306
msgid "This command displays a database contents for a specific link advertisement type."
msgstr "Este comando muestra el contenido de una base de datos para un tipo de anuncio de enlace específico."
#: ../../configuration/protocols/ospf.rst:752
-#: ../../configuration/protocols/ospf.rst:1299
+#: ../../configuration/protocols/ospf.rst:1301
msgid "This command displays a summary table with a database contents (LSA)."
msgstr "Este comando muestra una tabla de resumen con el contenido de una base de datos (LSA)."
#: ../../configuration/protocols/ospf.rst:747
-#: ../../configuration/protocols/ospf.rst:1294
+#: ../../configuration/protocols/ospf.rst:1296
msgid "This command displays a table of paths to area boundary and autonomous system boundary routers."
msgstr "Este comando muestra una tabla de rutas a los enrutadores de límite de área y de sistema autónomo."
@@ -14781,35 +14056,35 @@ msgstr "Este comando muestra una tabla de rutas a los enrutadores de límite de
msgid "This command displays all entries in BGP routing table."
msgstr "Este comando muestra todas las entradas en la tabla de enrutamiento BGP."
-#: ../../configuration/protocols/bgp.rst:1035
+#: ../../configuration/protocols/bgp.rst:1036
msgid "This command displays dampened routes received from BGP neighbor."
msgstr "Este comando muestra las rutas amortiguadas recibidas del vecino BGP."
-#: ../../configuration/protocols/ospf.rst:1309
+#: ../../configuration/protocols/ospf.rst:1311
msgid "This command displays external information redistributed into OSPFv3"
msgstr "Este comando muestra información externa redistribuida en OSPFv3"
-#: ../../configuration/protocols/bgp.rst:1039
+#: ../../configuration/protocols/bgp.rst:1040
msgid "This command displays information about BGP routes whose AS path matches the specified regular expression."
msgstr "Este comando muestra información sobre rutas BGP cuya ruta AS coincide con la expresión regular especificada."
-#: ../../configuration/protocols/bgp.rst:1012
+#: ../../configuration/protocols/bgp.rst:1013
msgid "This command displays information about flapping BGP routes."
msgstr "Este comando muestra información sobre las rutas BGP fluctuantes."
-#: ../../configuration/protocols/bgp.rst:976
+#: ../../configuration/protocols/bgp.rst:977
msgid "This command displays information about the particular entry in the BGP routing table."
msgstr "Este comando muestra información sobre la entrada particular en la tabla de enrutamiento BGP."
-#: ../../configuration/protocols/bgp.rst:1003
+#: ../../configuration/protocols/bgp.rst:1004
msgid "This command displays routes that are permitted by the BGP community list."
msgstr "Este comando muestra las rutas permitidas por la lista de la comunidad BGP."
-#: ../../configuration/protocols/bgp.rst:996
+#: ../../configuration/protocols/bgp.rst:997
msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
msgstr "Este comando muestra rutas que pertenecen a comunidades BGP específicas. El valor válido es un número de comunidad en el rango de 1 a 4294967200, o AA:NN (sistema autónomo-número de comunidad/número de 2 bytes), sin exportación, como local o sin publicidad."
-#: ../../configuration/protocols/bgp.rst:992
+#: ../../configuration/protocols/bgp.rst:993
msgid "This command displays routes with classless interdomain routing (CIDR)."
msgstr "Este comando muestra rutas con enrutamiento entre dominios sin clases (CIDR)."
@@ -14817,11 +14092,11 @@ msgstr "Este comando muestra rutas con enrutamiento entre dominios sin clases (C
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
msgstr "Este comando muestra el estado y la configuración de OSPF en la interfaz especificada o en todas las interfaces si no se proporciona ninguna interfaz."
-#: ../../configuration/protocols/ospf.rst:1283
+#: ../../configuration/protocols/ospf.rst:1285
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
msgstr "Este comando muestra el estado y la configuración de OSPF en la interfaz especificada o en todas las interfaces si no se proporciona ninguna interfaz. Con el argumento :cfgcmd:`prefix` este comando muestra prefijos conectados para anunciar."
-#: ../../configuration/protocols/ospf.rst:1289
+#: ../../configuration/protocols/ospf.rst:1291
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
msgstr "Este comando muestra la tabla de enrutamiento OSPF, según lo determinado por el cálculo SPF más reciente."
@@ -14829,12 +14104,12 @@ msgstr "Este comando muestra la tabla de enrutamiento OSPF, según lo determinad
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
msgstr "Este comando muestra la tabla de enrutamiento OSPF, según lo determinado por el cálculo SPF más reciente. Con el argumento opcional :cfgcmd:`detail`, se mostrarán el enrutador del anunciante y el atributo de red de cada elemento de ruta."
-#: ../../configuration/protocols/ospf.rst:1279
+#: ../../configuration/protocols/ospf.rst:1281
msgid "This command displays the neighbor DR choice information."
msgstr "Este comando muestra la información de elección de DR vecino."
#: ../../configuration/protocols/ospf.rst:623
-#: ../../configuration/protocols/ospf.rst:1274
+#: ../../configuration/protocols/ospf.rst:1276
msgid "This command displays the neighbors information in a detailed form, not just a summary table."
msgstr "Este comando muestra la información de los vecinos de forma detallada, no solo una tabla de resumen."
@@ -14843,7 +14118,7 @@ msgid "This command displays the neighbors information in a detailed form for a
msgstr "Este comando muestra la información de los vecinos en forma detallada para un vecino cuya dirección IP está especificada."
#: ../../configuration/protocols/ospf.rst:613
-#: ../../configuration/protocols/ospf.rst:1270
+#: ../../configuration/protocols/ospf.rst:1272
msgid "This command displays the neighbors status."
msgstr "Este comando muestra el estado de los vecinos."
@@ -14851,7 +14126,7 @@ msgstr "Este comando muestra el estado de los vecinos."
msgid "This command displays the neighbors status for a neighbor on the specified interface."
msgstr "Este comando muestra el estado de los vecinos de un vecino en la interfaz especificada."
-#: ../../configuration/protocols/bgp.rst:1044
+#: ../../configuration/protocols/bgp.rst:1045
msgid "This command displays the status of all BGP connections."
msgstr "Este comando muestra el estado de todas las conexiones BGP."
@@ -14863,6 +14138,10 @@ msgstr "Este comando habilita/deshabilita el resumen para el rango de direccione
msgid "This command enable logging neighbor up/down changes and reset reason."
msgstr "Este comando permite registrar los cambios de vecinos arriba/abajo y restablecer el motivo."
+#: ../../configuration/protocols/isis.rst:311
+msgid "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+
#: ../../configuration/protocols/isis.rst:70
msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
msgstr "Este comando habilita IS-IS en esta interfaz y permite que ocurra la adyacencia. Tenga en cuenta que el nombre de la instancia IS-IS debe ser el mismo que se usó para configurar el proceso IS-IS."
@@ -14946,6 +14225,10 @@ msgstr "Este comando solo está permitido para pares eBGP."
msgid "This command is only allowed for eBGP peers. It is not applicable for peer groups."
msgstr "Este comando solo está permitido para pares eBGP. No aplica para grupos de pares."
+#: ../../configuration/protocols/pim.rst:70
+msgid "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+msgstr "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+
#: ../../configuration/protocols/rip.rst:106
msgid "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
msgstr "Este comando es específico para FRR y VyOS. El comando de ruta hace una ruta estática solo dentro de RIP. Este comando solo debe ser utilizado por usuarios avanzados que tengan conocimientos específicos sobre el protocolo RIP. En la mayoría de los casos, recomendamos crear una ruta estática en VyOS y redistribuirla en RIP usando :cfgcmd:`redistribute static`."
@@ -15006,7 +14289,7 @@ msgstr "Este comando redistribuye la información de enrutamiento desde el orige
msgid "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
msgstr "Este comando redistribuye la información de enrutamiento desde el origen de la ruta dada al proceso OSPF. Hay cinco modos disponibles para el origen de la ruta: bgp, conectado, kernel, rip, estático."
-#: ../../configuration/protocols/ospf.rst:1253
+#: ../../configuration/protocols/ospf.rst:1255
msgid "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "Este comando redistribuye la información de enrutamiento desde el origen de la ruta dada al proceso OSPFv3. Hay cinco modos disponibles para el origen de la ruta: bgp, conectado, kernel, ripng, estático."
@@ -15014,19 +14297,19 @@ msgstr "Este comando redistribuye la información de enrutamiento desde el orige
msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
msgstr "Este comando elimina el ASN privado de las rutas que se anuncian al par configurado. Elimina solo los ASN privados en las rutas anunciadas a los pares EBGP."
-#: ../../configuration/protocols/bgp.rst:1067
+#: ../../configuration/protocols/bgp.rst:1068
msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "Este comando restablece las conexiones BGP a la dirección IP vecina especificada. Con el argumento :cfgcmd:`soft`, este comando inicia un restablecimiento parcial. Si no especifica las opciones :cfgcmd:`in` o :cfgcmd:`out`, se activan la reconfiguración suave tanto de entrada como de salida."
-#: ../../configuration/protocols/bgp.rst:1087
+#: ../../configuration/protocols/bgp.rst:1088
msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "Este comando restablece las conexiones BGP al grupo de pares especificado. Con el argumento :cfgcmd:`soft`, este comando inicia un restablecimiento parcial. Si no especifica las opciones :cfgcmd:`in` o :cfgcmd:`out`, se activan la reconfiguración suave tanto de entrada como de salida."
-#: ../../configuration/protocols/bgp.rst:1074
+#: ../../configuration/protocols/bgp.rst:1075
msgid "This command resets all BGP connections of given router."
msgstr "Este comando restablece todas las conexiones BGP del enrutador dado."
-#: ../../configuration/protocols/bgp.rst:1083
+#: ../../configuration/protocols/bgp.rst:1084
msgid "This command resets all external BGP peers of given router."
msgstr "Este comando restablece todos los pares BGP externos del enrutador dado."
@@ -15431,56 +14714,18 @@ msgstr "Este comando resume las rutas dentro del área desde el área especifica
msgid "This command to ensure not advertise the summary lsa for the matched external LSAs."
msgstr "Este comando garantiza que no se anuncie el lsa resumido para los LSA externos coincidentes."
-#: ../../configuration/protocols/bgp.rst:1078
+#: ../../configuration/protocols/bgp.rst:1079
msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
msgstr "Este comando se usa para borrar la información de atenuación de la ruta BGP y para desactivar las rutas suprimidas."
#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
msgstr "Este comando se introdujo en VyOS 1.4; anteriormente se llamaba: ``establecer interfaz de opciones de firewall<name> ajustar-mss6<value> ``"
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/pppoe.rst:212
#: ../../configuration/interfaces/pppoe.rst:258
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/sstp-client.rst:84
#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
msgstr "Este comando se introdujo en VyOS 1.4; anteriormente se llamaba: ``establecer interfaz de opciones de firewall<name> ajustar-mss<value> ``"
@@ -15494,6 +14739,10 @@ msgstr "Este comando cambiará el valor de retención para la sincronización de
msgid "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
msgstr "Este comando cambiará el valor de retención globalmente para la sincronización de IGP-LDP durante los eventos de solapa de convergencia/interfaz."
+#: ../../configuration/protocols/isis.rst:324
+msgid "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+msgstr "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+
#: ../../configuration/protocols/isis.rst:134
msgid "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
msgstr "Este comando habilitará la sincronización IGP-LDP globalmente para ISIS. Esto requiere que LDP sea funcional. Esto se describe en :rfc:`5443`. De forma predeterminada, todas las interfaces operativas en IS-IS están habilitadas para la sincronización. Los loopbacks están exentos."
@@ -15510,25 +14759,32 @@ msgstr "Este comando generará una ruta predeterminada en la base de datos L1."
msgid "This command will generate a default-route in L2 database."
msgstr "Este comando generará una ruta predeterminada en la base de datos L2."
-#: ../../configuration/firewall/general.rst:1457
-#: ../../configuration/firewall/general-legacy.rst:904
+#: ../../configuration/firewall/ipv6.rst:1113
msgid "This command will give an overview of a rule in a single rule-set"
msgstr "Este comando brindará una descripción general de una regla en un solo conjunto de reglas"
+#: ../../configuration/firewall/ipv4.rst:1091
+msgid "This command will give an overview of a rule in a single rule-set, plus information for default action."
+msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action."
+
#: ../../configuration/firewall/general-legacy.rst:940
msgid "This command will give an overview of a rule in a single rule-set."
msgstr "Este comando le dará una descripción general de una regla en un solo conjunto de reglas."
-#: ../../configuration/firewall/general.rst:1435
-#: ../../configuration/firewall/general-legacy.rst:932
+#: ../../configuration/firewall/ipv4.rst:1072
+#: ../../configuration/firewall/ipv6.rst:1088
msgid "This command will give an overview of a single rule-set."
msgstr "Este comando le dará una visión general de un solo conjunto de reglas."
+#: ../../configuration/protocols/isis.rst:330
+msgid "This command will limit LFA backup computation up to the specified prefix priority."
+msgstr "This command will limit LFA backup computation up to the specified prefix priority."
+
#: ../../configuration/protocols/bgp.rst:268
msgid "This command would allow the dynamic update of capabilities over an established BGP session."
msgstr "Este comando permitiría la actualización dinámica de capacidades sobre una sesión BGP establecida."
-#: ../../configuration/interfaces/vxlan.rst:272
+#: ../../configuration/interfaces/vxlan.rst:293
msgid "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
msgstr "Este comando crea un puente que se usa para vincular el tráfico en eth1 vlan 241 con la interfaz vxlan241. La dirección IP no es necesaria. Sin embargo, puede usarse como una puerta de enlace predeterminada para cada Leaf, lo que permite que los dispositivos en la vlan lleguen a otras subredes. Esto requiere que OSPF redistribuya las subredes para que Spine aprenda cómo llegar a ellas. Para hacer esto, debe cambiar la red OSPF de &#39;10.0.0.0/8&#39; a &#39;0.0.0.0/0&#39; para permitir que se anuncien las redes 172.16/12."
@@ -15548,7 +14804,12 @@ msgstr "Esta configuración escucha en el puerto 80 y redirige las solicitudes e
msgid "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
msgstr "Esta configuración modifica el comportamiento de la sentencia de red. Si tiene esto configurado, la red subyacente debe existir en la tabla de enrutamiento."
-#: ../../configuration/service/dhcp-server.rst:78
+#: ../../configuration/service/dhcp-server.rst:76
+#: ../../configuration/service/dhcp-server.rst:520
+msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+
+#: ../../configuration/service/dhcp-server.rst:58
msgid "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
msgstr "Este parámetro de configuración permite que el servidor DHCP escuche las solicitudes DHCP enviadas a la dirección especificada. Solo es útil de manera realista para un servidor cuyos únicos clientes se alcanzan a través de unidifusión, como a través de agentes de retransmisión DHCP."
@@ -15572,30 +14833,11 @@ msgstr "Esto por defecto es 1812."
msgid "This defaults to 2007."
msgstr "Esto por defecto es 2007."
-#: ../../configuration/service/dns.rst:258
+#: ../../configuration/service/dns.rst:271
msgid "This defaults to 300 seconds."
msgstr "This defaults to 300 seconds."
#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
msgid "This defaults to 30 seconds."
msgstr "Esto por defecto es de 30 segundos."
@@ -15611,6 +14853,14 @@ msgstr "Esto por defecto es 5."
msgid "This defaults to UDP"
msgstr "Esto por defecto es UDP"
+#: ../../configuration/service/https.rst:52
+msgid "This defaults to both 1.2 and 1.3."
+msgstr "This defaults to both 1.2 and 1.3."
+
+#: ../../configuration/pki/index.rst:283
+msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/interfaces/wireless.rst:101
msgid "This defaults to phy0."
msgstr "Esto por defecto es phy0."
@@ -15635,7 +14885,7 @@ msgstr "Esto habilita la compatibilidad con :rfc:`3137`, donde el proceso OSPF d
msgid "This enables the greenfield option which sets the ``[GF]`` option"
msgstr "Esto habilita la opción greenfield que establece la opción ``[GF]``"
-#: ../../configuration/nat/nat44.rst:546
+#: ../../configuration/nat/nat44.rst:568
msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
msgstr "Esto establece nuestra regla Port Forward, pero si creamos una política de firewall, es probable que bloquee el tráfico."
@@ -15647,28 +14897,28 @@ msgstr "Este ejemplo muestra cómo apuntar una abrazadera MSS (en nuestro ejempl
msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
msgstr "Esta característica resume los LSA externos originados (Tipo 5 y Tipo 7). La ruta resumida se originará en nombre de todos los LSA externos coincidentes."
-#: ../../configuration/service/dns.rst:391
+#: ../../configuration/service/dns.rst:404
msgid "This functionality is controlled by adding the following configuration:"
msgstr "This functionality is controlled by adding the following configuration:"
-#: ../../configuration/firewall/general.rst:626
-#: ../../configuration/firewall/general-legacy.rst:431
+#: ../../configuration/firewall/ipv4.rst:376
+#: ../../configuration/firewall/ipv6.rst:378
msgid "This functions for both individual addresses and address groups."
msgstr "Esto funciona tanto para direcciones individuales como para grupos de direcciones."
-#: ../../configuration/protocols/isis.rst:449
+#: ../../configuration/protocols/isis.rst:477
#: ../../configuration/protocols/ospf.rst:968
msgid "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
msgstr "Esto nos brinda sincronización IGP-LDP para todas las interfaces sin loopback con un temporizador de espera de cero segundos:"
-#: ../../configuration/protocols/isis.rst:501
+#: ../../configuration/protocols/isis.rst:529
#: ../../configuration/protocols/ospf.rst:1018
#: ../../configuration/protocols/segment-routing.rst:229
#: ../../configuration/protocols/segment-routing.rst:312
msgid "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
msgstr "Esto nos da el enrutamiento de segmento MPLS habilitado y etiquetas para loopbacks lejanos:"
-#: ../../configuration/protocols/isis.rst:339
+#: ../../configuration/protocols/isis.rst:367
msgid "This gives us the following neighborships, Level 1 and Level 2:"
msgstr "Esto nos da los siguientes barrios, Nivel 1 y Nivel 2:"
@@ -15680,11 +14930,11 @@ msgstr "Esto le indica a opennhrp que responda con respuestas autorizadas en las
msgid "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
msgstr "Este es un escenario común en el que tanto :ref:`source-nat` como :ref:`destination-nat` se configuran al mismo tiempo. Se usa comúnmente cuando los hosts internos (privados) necesitan establecer una conexión con recursos externos y los sistemas externos necesitan acceder a recursos internos (privados)."
-#: ../../configuration/service/dhcp-server.rst:96
+#: ../../configuration/service/dhcp-server.rst:82
msgid "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
msgstr "Este es un parámetro de configuración para `<subnet> `, diciendo que como parte de la respuesta, dígale al cliente que se puede acceder a la puerta de enlace predeterminada en `<address> `."
-#: ../../configuration/service/dhcp-server.rst:103
+#: ../../configuration/service/dhcp-server.rst:89
msgid "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
msgstr "Este es un parámetro de configuración para la subred, que dice que, como parte de la respuesta, dígale al cliente que el servidor DNS se puede encontrar en `<address> `."
@@ -15696,6 +14946,11 @@ msgstr "Este es un comando obligatorio. Establece la expresión regular para que
msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable."
msgstr "Este es un comando obligatorio. Establece la ruta completa al script. El archivo de script debe ser ejecutable."
+#: ../../configuration/pki/index.rst:261
+#: ../../configuration/pki/index.rst:267
+msgid "This is a mandatory option"
+msgstr "This is a mandatory option"
+
#: ../../configuration/protocols/rpki.rst:117
#: ../../configuration/protocols/rpki.rst:124
msgid "This is a mandatory setting."
@@ -15726,29 +14981,10 @@ msgid "This is an optional command because the event handler will be automatical
msgstr "Este es un comando opcional porque el controlador de eventos se creará automáticamente después de cualquiera de los siguientes comandos."
#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
msgid "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
msgstr "Esto se hace para admitir las características del conmutador (Ethernet), como :rfc:`3069`, donde los puertos individuales NO pueden comunicarse entre sí, pero pueden comunicarse con el enrutador ascendente. Como se describe en :rfc:`3069`, es posible permitir que estos hosts se comuniquen a través del enrutador ascendente mediante proxy_arp&#39;ing."
-#: ../../configuration/protocols/igmp.rst:208
+#: ../../configuration/protocols/igmp-proxy.rst:36
msgid "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
msgstr "Esto es especialmente útil para la interfaz ascendente, ya que el origen del tráfico de multidifusión suele ser una ubicación remota."
@@ -15777,13 +15013,13 @@ msgstr "Este es el caso de uso de la extensión LAN. El puerto eth0 de los pares
msgid "This is the LCD model used in your system."
msgstr "Este es el modelo de LCD utilizado en su sistema."
-#: ../../configuration/service/dhcp-server.rst:40
-#: ../../configuration/service/dhcp-server.rst:49
-#: ../../configuration/service/dhcp-server.rst:56
+#: ../../configuration/service/dhcp-server.rst:35
+#: ../../configuration/service/dhcp-server.rst:44
+#: ../../configuration/service/dhcp-server.rst:51
msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
msgstr "Este es el parámetro de configuración para toda la definición de red compartida. Todas las subredes heredarán este elemento de configuración si no se especifica localmente."
-#: ../../configuration/service/dhcp-server.rst:232
+#: ../../configuration/service/dhcp-server.rst:197
msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
msgstr "Este es el equivalente del bloque host en dhcpd.conf de isc-dhcpd."
@@ -15795,7 +15031,7 @@ msgstr "Este es el nombre de la interfaz física utilizada para conectarse a su
msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
msgstr "Esta es la política que requiere los menores recursos para la misma cantidad de tráfico. Pero ** muy probablemente no lo necesite ya que no puede obtener mucho de él. A veces se usa solo para habilitar el registro.**"
-#: ../../configuration/service/dhcp-server.rst:230
+#: ../../configuration/service/dhcp-server.rst:195
msgid "This is useful, for example, in combination with hostfile update."
msgstr "Esto es útil, por ejemplo, en combinación con la actualización del archivo de host."
@@ -15808,25 +15044,6 @@ msgid "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.
msgstr "Esto hace que el servidor autoritariamente desconozca: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, lo que permite que los servidores DNS ascendentes se utilicen para búsquedas inversas de estas zonas."
#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
msgid "This method automatically disables IPv6 traffic forwarding on the interface in question."
msgstr "Este método deshabilita automáticamente el reenvío de tráfico IPv6 en la interfaz en cuestión."
@@ -15847,11 +15064,11 @@ msgstr "Este modo proporciona balanceo de carga y tolerancia a fallas."
msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
msgstr "Esta opción agrega el elemento Restricción de energía cuando corresponde y se agrega el elemento País. El control de potencia de transmisión requiere el elemento de restricción de potencia."
-#: ../../configuration/service/dhcp-server.rst:133
+#: ../../configuration/service/dhcp-server.rst:119
msgid "This option can be specified multiple times."
msgstr "Esta opción se puede especificar varias veces."
-#: ../../configuration/protocols/igmp.rst:211
+#: ../../configuration/protocols/igmp-proxy.rst:39
msgid "This option can be supplied multiple times."
msgstr "Esta opción se puede proporcionar varias veces."
@@ -15863,7 +15080,15 @@ msgstr "Esta opción es obligatoria en el modo Punto de Acceso."
msgid "This option is required when running a DMVPN spoke."
msgstr "Esta opción es necesaria cuando se ejecuta un radio DMVPN."
-#: ../../configuration/system/login.rst:388
+#: ../../_include/interface-dhcp-options.txt:86
+msgid "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+msgstr "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+
+#: ../../_include/interface-dhcp-options.txt:31
+msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+
+#: ../../configuration/system/login.rst:390
msgid "This option must be used with ``timeout`` option."
msgstr "Esta opción debe usarse con la opción ``timeout``."
@@ -15876,6 +15101,10 @@ msgstr "Esta opción solo afecta al modo 802.3ad."
msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
msgstr "Esta opción especifica un retraso en segundos antes de que se inicien las instancias de vrrp después de que se inicia keepalived."
+#: ../../configuration/pki/index.rst:277
+msgid "This options defaults to 2048"
+msgstr "This options defaults to 2048"
+
#: ../../configuration/protocols/ospf.rst:326
msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
msgstr "Este parámetro permite &quot;atajos&quot; de rutas (no troncales) para rutas entre áreas. Hay tres modos disponibles para atajos de rutas:"
@@ -15892,7 +15121,9 @@ msgstr "Esto llevó a algunos ISP a desarrollar una política dentro del :abbr:`
msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
msgstr "Esta configuración obligatoria define la acción de la regla actual. Si la acción se establece en ``jump``, entonces también se necesita ``jump-target``."
-#: ../../configuration/firewall/general.rst:360
+#: ../../configuration/firewall/bridge.rst:90
+#: ../../configuration/firewall/ipv4.rst:114
+#: ../../configuration/firewall/ipv6.rst:114
msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
@@ -15905,7 +15136,7 @@ msgstr "Esto requiere dos archivos, uno para crear el dispositivo (XXX.netdev) y
msgid "This results in the active configuration:"
msgstr "Esto da como resultado la configuración activa:"
-#: ../../configuration/service/dhcp-server.rst:88
+#: ../../configuration/service/dhcp-server.rst:68
msgid "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
msgstr "Esto dice que este dispositivo es el único servidor DHCP para esta red. Si otros dispositivos intentan ofrecer arrendamientos de DHCP, esta máquina enviará &#39;DHCPNAK&#39; a cualquier dispositivo que intente solicitar una dirección IP que no sea válida para esta red."
@@ -15918,19 +15149,6 @@ msgid "This section describes the system's host information and how to configure
msgstr "Esta sección describe la información del host del sistema y cómo configurarlos, cubre los siguientes temas:"
#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
msgid "This section needs improvements, examples and explanations."
msgstr "Esta sección necesita mejoras, ejemplos y explicaciones."
@@ -15938,10 +15156,17 @@ msgstr "Esta sección necesita mejoras, ejemplos y explicaciones."
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
msgstr "Esto establece la acción predeterminada del conjunto de reglas si ninguna regla coincide con un criterio de paquete. Si la acción predeterminada se establece en ``jump``, entonces también se necesita ``default-jump-target``."
-#: ../../configuration/firewall/general.rst:392
+#: ../../configuration/firewall/ipv4.rst:142
+#: ../../configuration/firewall/ipv6.rst:142
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+#: ../../configuration/firewall/bridge.rst:132
+#: ../../configuration/firewall/ipv4.rst:179
+#: ../../configuration/firewall/ipv6.rst:179
+msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+
#: ../../configuration/interfaces/openvpn.rst:278
msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
msgstr "Esto establece los cifrados aceptados para usar cuando la versión =&gt; 2.4.0 y NCP están habilitados (que es el valor predeterminado). El cifrado NCP predeterminado para versiones &gt;= 2.4.0 es aes256gcm. El primer cifrado de esta lista es lo que el servidor envía a los clientes."
@@ -15958,13 +15183,11 @@ msgstr "Esta configuración, que por defecto es de 3600 segundos, pone un máxim
msgid "This setting defaults to 1500 and is valid between 10 and 60000."
msgstr "Esta configuración predeterminada es 1500 y es válida entre 10 y 60000."
-#: ../../configuration/firewall/general.rst:121
-#: ../../configuration/firewall/general-legacy.rst:73
+#: ../../configuration/firewall/global-options.rst:58
msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
msgstr "Esta configuración activa o desactiva la respuesta de los mensajes de difusión icmp. Se modificará el siguiente parámetro del sistema:"
-#: ../../configuration/firewall/general.rst:129
-#: ../../configuration/firewall/general-legacy.rst:81
+#: ../../configuration/firewall/global-options.rst:66
msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
msgstr "Esta configuración maneja si VyOS acepta paquetes con una opción de ruta de origen. Se modificará el siguiente parámetro del sistema:"
@@ -15973,21 +15196,6 @@ msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-
msgstr "Esta configuración hará que el proceso VRRP ejecute el script ``/config/scripts/vrrp-check.sh`` cada 60 segundos, y la transición del grupo al estado de falla si falla (es decir, sale con un estado distinto de cero) tres veces :"
#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
msgstr "Esta declaración especifica que dhcp6c solo intercambie parámetros de configuración informativos con los servidores. Una lista de direcciones de servidores DNS es un ejemplo de dichos parámetros. Esta declaración es útil cuando el cliente no necesita parámetros de configuración con estado, como direcciones IPv6 o prefijos."
@@ -15995,30 +15203,11 @@ msgstr "Esta declaración especifica que dhcp6c solo intercambie parámetros de
msgid "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
msgstr "Este soporte se puede habilitar administrativamente (e indefinidamente) con el comando :cfgcmd:`administrativo`. También se puede habilitar condicionalmente. La habilitación condicional de max-metric router-lsas puede ser por un período de segundos después del inicio con :cfgcmd:`on-startup<seconds> ` y/o durante un período de segundos antes del apagado con :cfgcmd:`on-shutdown<seconds> `comando. El intervalo de tiempo es de 5 a 86400."
-#: ../../configuration/nat/nat44.rst:409
+#: ../../configuration/nat/nat44.rst:423
msgid "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
msgstr "Esta técnica se conoce comúnmente como NAT Reflection o Hairpin NAT."
#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
msgid "This technology is known by different names:"
msgstr "Esta tecnología se conoce con diferentes nombres:"
@@ -16026,7 +15215,7 @@ msgstr "Esta tecnología se conoce con diferentes nombres:"
msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
msgstr "Esta es la cola más simple posible que puede aplicar a su tráfico. El tráfico debe pasar por una cola finita antes de que realmente se envíe. Debe definir cuántos paquetes puede contener esa cola."
-#: ../../configuration/interfaces/vxlan.rst:173
+#: ../../configuration/interfaces/vxlan.rst:194
msgid "This topology was built using GNS3."
msgstr "Esta topología se construyó utilizando GNS3."
@@ -16042,26 +15231,37 @@ msgstr "Esto configurará una entrada ARP estática siempre resolviendo `<addres
msgid "This will match TCP traffic with source port 80."
msgstr "Esto hará coincidir el tráfico TCP con el puerto de origen 80."
-#: ../../configuration/service/dns.rst:282
+#: ../../configuration/service/dns.rst:295
msgid "This will render the following ddclient_ configuration entry:"
msgstr "Esto generará la siguiente entrada de configuración ddclient_:"
-#: ../../configuration/firewall/general.rst:1314
-#: ../../configuration/firewall/general-legacy.rst:785
+#: ../../configuration/firewall/ipv6.rst:969
msgid "This will show you a basic firewall overview"
msgstr "Esto le mostrará una descripción general básica del firewall"
+#: ../../configuration/firewall/ipv4.rst:961
+msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+
+#: ../../configuration/firewall/zone.rst:149
+msgid "This will show you a basic summary of a particular zone."
+msgstr "This will show you a basic summary of a particular zone."
+
+#: ../../configuration/firewall/zone.rst:132
+msgid "This will show you a basic summary of zones configuration."
+msgstr "This will show you a basic summary of zones configuration."
+
#: ../../configuration/firewall/general-legacy.rst:936
msgid "This will show you a rule-set statistic since the last boot."
msgstr "Esto le mostrará una estadística de conjunto de reglas desde el último arranque."
-#: ../../configuration/firewall/general.rst:1479
-#: ../../configuration/firewall/general-legacy.rst:900
+#: ../../configuration/firewall/ipv4.rst:1112
+#: ../../configuration/firewall/ipv6.rst:1135
msgid "This will show you a statistic of all rule-sets since the last boot."
msgstr "Esto le mostrará una estadística de todos los conjuntos de reglas desde el último arranque."
-#: ../../configuration/firewall/general.rst:1377
-#: ../../configuration/firewall/general-legacy.rst:851
+#: ../../configuration/firewall/ipv4.rst:1016
+#: ../../configuration/firewall/ipv6.rst:1032
msgid "This will show you a summary of rule-sets and groups"
msgstr "Esto le mostrará un resumen de conjuntos de reglas y grupos."
@@ -16069,7 +15269,7 @@ msgstr "Esto le mostrará un resumen de conjuntos de reglas y grupos."
msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
msgstr "Esta solución le permite aplicar una política de modelado al tráfico de entrada al redirigirlo primero a una interfaz virtual intermedia (&quot;Bloque funcional intermedio&quot;_). Allí, en esa interfaz virtual, podrá aplicar cualquiera de las políticas que funcionan para el tráfico saliente, por ejemplo, una de configuración."
-#: ../../configuration/nat/nat44.rst:566
+#: ../../configuration/nat/nat44.rst:590
msgid "This would generate the following configuration:"
msgstr "Esto generaría la siguiente configuración:"
@@ -16105,8 +15305,8 @@ msgstr "Tiempo en segundos que el prefijo seguirá siendo válido (predeterminad
msgid "Time is in minutes and defaults to 60."
msgstr "El tiempo es en minutos y el valor predeterminado es 60."
-#: ../../configuration/firewall/general.rst:1211
-#: ../../configuration/firewall/general-legacy.rst:722
+#: ../../configuration/firewall/ipv4.rst:874
+#: ../../configuration/firewall/ipv6.rst:883
#: ../../configuration/policy/route.rst:225
msgid "Time to match the defined rule."
msgstr "Tiempo para hacer coincidir la regla definida."
@@ -16115,11 +15315,11 @@ msgstr "Tiempo para hacer coincidir la regla definida."
msgid "Timeout in seconds between health target checks."
msgstr "Tiempo de espera en segundos entre comprobaciones de objetivos de estado."
-#: ../../configuration/vpn/sstp.rst:223
+#: ../../configuration/vpn/sstp.rst:234
msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
msgstr "Tiempo de espera para esperar la respuesta de los paquetes de actualización provisional. (predeterminado 3 segundos)"
-#: ../../configuration/vpn/sstp.rst:243
+#: ../../configuration/vpn/sstp.rst:254
msgid "Timeout to wait response from server (seconds)"
msgstr "Tiempo de espera para esperar la respuesta del servidor (segundos)"
@@ -16136,7 +15336,15 @@ msgstr "Para activar el puente compatible con VLAN, debe activar esta configurac
msgid "To allow VPN-clients access via your external address, a NAT rule is required:"
msgstr "Para permitir el acceso de clientes VPN a través de su dirección externa, se requiere una regla NAT:"
-#: ../../configuration/vpn/site2site_ipsec.rst:253
+#: ../../configuration/service/mdns.rst:68
+msgid "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+msgstr "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+
+#: ../../configuration/service/mdns.rst:60
+msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+
+#: ../../configuration/vpn/site2site_ipsec.rst:257
msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
msgstr "Para permitir que el tráfico pase a los clientes, debe agregar las siguientes reglas. (si usó la configuración predeterminada en la parte superior de esta página)"
@@ -16152,16 +15360,45 @@ msgstr "Para actualizar automáticamente los archivos de la lista negra"
msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
msgstr "Para asignar automáticamente al cliente una dirección IP como extremo del túnel, se necesita un grupo de IP de cliente. El origen puede ser RADIUS, una subred local o una definición de rango de IP."
+#: ../../configuration/service/pppoe-server.rst:59
+msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+
#: ../../configuration/firewall/general-legacy.rst:314
msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
msgstr "Para ser usado solo cuando ``action`` se establece en ``jump``. Utilice este comando para especificar el objetivo de salto."
-#: ../../configuration/firewall/general.rst:401
-#: ../../configuration/firewall/general-legacy.rst:295
+#: ../../configuration/firewall/bridge.rst:140
+#: ../../configuration/firewall/ipv4.rst:187
+#: ../../configuration/firewall/ipv6.rst:187
msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
msgstr "Para usarse solo cuando ``defult-action`` está configurado en ``jump``. Utilice este comando para especificar el destino de salto para la regla predeterminada."
-#: ../../configuration/firewall/general.rst:374
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
+msgid "To be used only when action is set to ``jump``. Use this command to specify jump target."
+msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target."
+
+#: ../../configuration/firewall/bridge.rst:120
+#: ../../configuration/firewall/ipv4.rst:163
+#: ../../configuration/firewall/ipv6.rst:163
+msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+
+#: ../../configuration/firewall/bridge.rst:111
+#: ../../configuration/firewall/ipv4.rst:150
+#: ../../configuration/firewall/ipv6.rst:150
+msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+
+#: ../../configuration/firewall/bridge.rst:103
+#: ../../configuration/firewall/ipv4.rst:138
+#: ../../configuration/firewall/ipv6.rst:138
+msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
msgid "To be used only when action is set to jump. Use this command to specify jump target."
msgstr "To be used only when action is set to jump. Use this command to specify jump target."
@@ -16177,11 +15414,11 @@ msgstr "Para omitir el proxy para cada solicitud que se dirige a un destino espe
msgid "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
msgstr "Para configurar asignaciones de IPv6 para clientes, se deben configurar dos opciones. Un prefijo global que termina en el cpe del cliente y un prefijo delegado que el cliente puede usar para los dispositivos enrutados a través del cpe del cliente."
-#: ../../configuration/firewall/index.rst:58
+#: ../../configuration/firewall/index.rst:179
msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
-#: ../../configuration/firewall/index.rst:79
+#: ../../configuration/firewall/index.rst:173
msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
@@ -16209,7 +15446,7 @@ msgstr "Para configurar su pantalla LCD, primero debe identificar el hardware ut
msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
msgstr "Para crear VLAN por usuario durante el tiempo de ejecución, se requieren las siguientes configuraciones por interfaz. El ID de VLAN y el rango de VLAN pueden estar presentes en la configuración al mismo tiempo."
-#: ../../configuration/system/login.rst:375
+#: ../../configuration/system/login.rst:377
msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
msgstr "Para crear una nueva línea en su mensaje de inicio de sesión, debe escapar del carácter de nueva línea usando ``\\\\n``."
@@ -16221,7 +15458,7 @@ msgstr "Para crear más de un túnel, utilice distintos puertos UDP."
msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
msgstr "Para crear la tabla de enrutamiento 100 y agregar una nueva puerta de enlace predeterminada para que la use el tráfico que coincida con nuestra política de ruta:"
-#: ../../configuration/firewall/zone.rst:61
+#: ../../configuration/firewall/zone.rst:80
msgid "To define a zone setup either one with interfaces or a local zone."
msgstr "Para definir una configuración de zona, ya sea una con interfaces o una zona local."
@@ -16233,7 +15470,7 @@ msgstr "Para deshabilitar los anuncios sin borrar la configuración:"
msgid "To display the configured OTP user key, use the command:"
msgstr "Para mostrar la clave de usuario OTP configurada, use el comando:"
-#: ../../configuration/vpn/openconnect.rst:219
+#: ../../configuration/vpn/openconnect.rst:226
msgid "To display the configured OTP user settings, use the command:"
msgstr "Para mostrar los ajustes de usuario de OTP configurados, use el comando:"
@@ -16254,7 +15491,7 @@ msgstr "Para habilitar la autenticación basada en RADIUS, el modo de autenticac
msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
msgstr "Para habilitar la configuración del ancho de banda a través de RADIUS, la opción de límite de velocidad debe estar habilitada."
-#: ../../configuration/service/https.rst:23
+#: ../../configuration/service/https.rst:68
msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
msgstr "Para habilitar los mensajes de depuración. Disponible a través de :opcmd:`show log` o :opcmd:`monitor log`"
@@ -16262,6 +15499,14 @@ msgstr "Para habilitar los mensajes de depuración. Disponible a través de :opc
msgid "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
msgstr "Para habilitar el repetidor mDNS, debe configurar al menos dos interfaces. Para retransmitir todos los paquetes mDNS entrantes desde cualquier interfaz configurada aquí a cualquier otra interfaz configurada en esta sección."
+#: ../../configuration/service/mdns.rst:23
+msgid "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+msgstr "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+
+#: ../../configuration/vpn/openconnect.rst:168
+msgid "To enable the HTTP security headers in the configuration file, use the command:"
+msgstr "To enable the HTTP security headers in the configuration file, use the command:"
+
#: ../../configuration/loadbalancing/wan.rst:115
msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
msgstr "Para excluir el tráfico del equilibrio de carga, el tráfico que coincida con una regla de exclusión no se equilibra, sino que se enruta a través de la tabla de enrutamiento del sistema:"
@@ -16282,7 +15527,7 @@ msgstr "Para generar la CA, la clave privada del servidor y los certificados, se
msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
msgstr "Para que funcione como un punto de acceso con esta configuración, deberá configurar un servidor DHCP para que funcione con esa red. Por supuesto, también puede unir la interfaz inalámbrica con cualquier puente configurado (:ref:`bridge-interface`) en el sistema."
-#: ../../configuration/service/dhcp-server.rst:636
+#: ../../configuration/service/dhcp-server.rst:566
msgid "To hand out individual prefixes to your clients the following configuration is used:"
msgstr "Para repartir prefijos individuales a sus clientes se utiliza la siguiente configuración:"
@@ -16290,7 +15535,7 @@ msgstr "Para repartir prefijos individuales a sus clientes se utiliza la siguien
msgid "To know more about scripting, check the :ref:`command-scripting` section."
msgstr "Para saber más acerca de las secuencias de comandos, consulte la sección :ref:`command-scripting`."
-#: ../../configuration/service/mdns.rst:36
+#: ../../configuration/service/mdns.rst:52
msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
msgstr "Para escuchar los paquetes mDNS `eth0` y `eth1` y también repetir los paquetes recibidos en `eth0` a `eth1` (y viceversa), utilice los siguientes comandos:"
@@ -16304,34 +15549,18 @@ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip osp
msgstr "Para realizar un apagado ordenado, se debe emitir el comando de nivel EXEC FRR ``graceful-restart prepare ip ospf`` antes de reiniciar el demonio ospfd."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
msgid "To request a /56 prefix from your ISP use:"
msgstr "Para solicitar un prefijo /56 de su ISP, use:"
-#: ../../configuration/service/dhcp-server.rst:748
+#: ../../configuration/service/dhcp-server.rst:680
msgid "To restart the DHCPv6 server"
msgstr "Para reiniciar el servidor DHCPv6"
-#: ../../configuration/nat/nat44.rst:315
+#: ../../configuration/nat/nat44.rst:327
msgid "To setup SNAT, we need to know:"
msgstr "Para configurar SNAT, necesitamos saber:"
-#: ../../configuration/nat/nat44.rst:501
+#: ../../configuration/nat/nat44.rst:521
msgid "To setup a destination NAT rule we need to gather:"
msgstr "Para configurar una regla NAT de destino, debemos recopilar:"
@@ -16343,11 +15572,11 @@ msgstr "Para actualizar el firmware, VyOS también envía el binario `qmi-firmwa
msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
msgstr "Para usar un servidor RADIUS para la autenticación y la configuración del ancho de banda, se puede usar la siguiente configuración de ejemplo."
-#: ../../configuration/service/pppoe-server.rst:106
+#: ../../configuration/service/pppoe-server.rst:93
msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
msgstr "Para usar un servidor Radius, debe cambiar al modo de autenticación RADIUS y luego configurarlo."
-#: ../../configuration/service/dns.rst:308
+#: ../../configuration/service/dns.rst:321
msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
msgstr "Para utilizar dicho servicio, se debe definir un nombre de usuario, contraseña, uno o varios nombres de host, protocolo y servidor."
@@ -16355,15 +15584,15 @@ msgstr "Para utilizar dicho servicio, se debe definir un nombre de usuario, cont
msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
msgstr "Para usar Salt-Minion, se requiere un Salt-Master en ejecución. Puede encontrar más en la Documentación de `Salt Project<https://docs.saltproject.io/en/latest/contents.html> `_"
-#: ../../configuration/service/https.rst:86
+#: ../../configuration/service/https.rst:77
msgid "To use this full configuration we asume a public accessible hostname."
msgstr "Para usar esta configuración completa asumimos un nombre de host de acceso público."
-#: ../../configuration/interfaces/vxlan.rst:175
+#: ../../configuration/interfaces/vxlan.rst:196
msgid "Topology:"
msgstr "Topología:"
-#: ../../configuration/interfaces/vxlan.rst:107
+#: ../../configuration/interfaces/vxlan.rst:128
msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
msgstr "Topología: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
@@ -16379,7 +15608,7 @@ msgstr "Opción de seguimiento para rastrear estados de interfaz no VRRP. VRRP c
msgid "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
msgstr "El BGP tradicional no tenía la función para detectar las capacidades de un par remoto, por ejemplo, si puede manejar tipos de prefijos distintos de las rutas de unidifusión IPv4. Este fue un gran problema al usar Multiprotocol Extension para BGP en una red operativa. :rfc:`2842` adoptó una característica llamada negociación de capacidad. *bgpd* utiliza esta negociación de capacidad para detectar las capacidades del par remoto. Si un par solo está configurado como un vecino de unidifusión IPv4, *bgpd* no envía estos paquetes de negociación de capacidad (al menos no a menos que otras características BGP opcionales requieran negociación de capacidad)."
-#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:175
msgid "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
msgstr "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
@@ -16399,7 +15628,7 @@ msgstr "Los filtros de tráfico se utilizan para controlar qué paquetes tendrá
msgid "Traffic Policy"
msgstr "Política de tráfico"
-#: ../../configuration/firewall/zone.rst:37
+#: ../../configuration/firewall/zone.rst:56
msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member."
msgstr "El tráfico no puede fluir entre la interfaz de miembro de zona y cualquier interfaz que no sea miembro de zona."
@@ -16411,10 +15640,19 @@ msgstr "El tráfico de las fuentes de multidifusión irá al punto de encuentro
msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
-#: ../../configuration/firewall/general.rst:1281
+#: ../../configuration/protocols/pim.rst:18
+msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+
+#: ../../configuration/firewall/ipv4.rst:928
+#: ../../configuration/firewall/ipv6.rst:937
msgid "Traffic must be symmetric"
msgstr "Traffic must be symmetric"
+#: ../../configuration/firewall/bridge.rst:34
+msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+
#: ../../configuration/highavailability/index.rst:322
msgid "Transition scripts"
msgstr "Guiones de transición"
@@ -16427,11 +15665,11 @@ msgstr "Los scripts de transición pueden ayudarlo a implementar varias correcci
msgid "Transparent Proxy"
msgstr "Proxy transparente"
+#: ../../configuration/interfaces/openvpn.rst:701
#: ../../configuration/interfaces/tunnel.rst:227
msgid "Troubleshooting"
msgstr "Solución de problemas"
-#: ../../configuration/protocols/igmp.rst:119
#: ../../configuration/protocols/pim6.rst:41
msgid "Tuning commands"
msgstr "Comandos de afinación"
@@ -16448,6 +15686,10 @@ msgstr "llaves de tunel"
msgid "Two environment variables are available:"
msgstr "Hay dos variables de entorno disponibles:"
+#: ../../configuration/firewall/flowtables.rst:104
+msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+
#: ../../configuration/service/ssh.rst:188
msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
msgstr "Se crearán dos nuevos archivos ``/config/auth/id_rsa_rpki`` y ``/config/auth/id_rsa_rpki.pub``."
@@ -16460,7 +15702,7 @@ msgstr "Dos enrutadores conectados a través de eth1 a través de un conmutador
msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
msgstr "Tipo de agrupación de métricas cuando se inserta en Azure Data Explorer. El valor predeterminado es ``tabla por métrica``."
-#: ../../configuration/nat/nat44.rst:594
+#: ../../configuration/nat/nat44.rst:618
msgid "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
msgstr "Por lo general, una regla NAT 1 a 1 omite el puerto de destino (todos los puertos) y reemplaza el protocolo con **todos** o **ip**."
@@ -16504,7 +15746,7 @@ msgstr "Los convertidores de USB a serie manejarán la mayor parte de su trabajo
msgid "UUCP subsystem"
msgstr "subsistema UUCP"
-#: ../../configuration/interfaces/vxlan.rst:81
+#: ../../configuration/interfaces/vxlan.rst:102
msgid "Unicast"
msgstr "unidifusión"
@@ -16512,7 +15754,7 @@ msgstr "unidifusión"
msgid "Unicast VRRP"
msgstr "VRRP de unidifusión"
-#: ../../configuration/interfaces/vxlan.rst:319
+#: ../../configuration/interfaces/vxlan.rst:340
msgid "Unicast VXLAN"
msgstr "Unidifusión VXLAN"
@@ -16540,11 +15782,15 @@ msgstr "Actualizar"
msgid "Update container image"
msgstr "Actualizar la imagen del contenedor"
-#: ../../configuration/firewall/general.rst:1540
-#: ../../configuration/firewall/general-legacy.rst:1050
+#: ../../configuration/firewall/ipv4.rst:1175
+#: ../../configuration/firewall/ipv6.rst:1191
msgid "Update geoip database"
msgstr "Actualizar base de datos geoip"
+#: ../../configuration/system/updates.rst:3
+msgid "Updates"
+msgstr "Updates"
+
#: ../../configuration/protocols/rpki.rst:99
msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
msgstr "Las actualizaciones de los servidores de caché RPKI se aplican directamente y la selección de ruta se actualiza en consecuencia. (La reconfiguración suave debe estar habilitada para que esto funcione)."
@@ -16566,7 +15812,11 @@ msgstr "Al apagar, esta opción dejará de usar el prefijo anunciándolo en el R
msgid "Use 802.11n protocol"
msgstr "Usar el protocolo 802.11n"
-#: ../../configuration/service/dns.rst:352
+#: ../../configuration/service/https.rst:23
+msgid "Use CA certificate from PKI subsystem"
+msgstr "Use CA certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:365
msgid "Use DynDNS as your preferred provider:"
msgstr "Utilice DynDNS como su proveedor preferido:"
@@ -16578,6 +15828,10 @@ msgstr "Use TLS pero omita la validación del host"
msgid "Use TLS encryption."
msgstr "Utilice el cifrado TLS."
+#: ../../configuration/service/https.rst:31
+msgid "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+
#: ../../configuration/vpn/sstp.rst:121
msgid "Use `<subnet>` as the IP pool for all connecting clients."
msgstr "Usa `<subnet> ` como el conjunto de direcciones IP para todos los clientes que se conectan."
@@ -16594,67 +15848,52 @@ msgstr "Use `eliminar módulos de seguimiento del sistema` para desactivar todos
msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
msgstr "Utilice una conexión LDAP persistente. Normalmente, la conexión LDAP solo se abre mientras se valida un nombre de usuario para preservar los recursos en el servidor LDAP. Esta opción hace que la conexión LDAP se mantenga abierta, lo que permite reutilizarla para posteriores validaciones de usuarios."
-#: ../../configuration/firewall/general.rst:799
-#: ../../configuration/firewall/general-legacy.rst:531
+#: ../../configuration/firewall/ipv4.rst:515
+#: ../../configuration/firewall/ipv6.rst:525
msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Utilice un grupo de direcciones específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos."
-#: ../../configuration/firewall/general.rst:874
-#: ../../configuration/firewall/general-legacy.rst:567
+#: ../../configuration/firewall/ipv4.rst:578
+#: ../../configuration/firewall/ipv6.rst:588
msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Utilice un grupo de dominio específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos."
-#: ../../configuration/firewall/general.rst:899
-#: ../../configuration/firewall/general-legacy.rst:579
+#: ../../configuration/firewall/ipv4.rst:599
+#: ../../configuration/firewall/ipv6.rst:609
msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Utilice un grupo Mac específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos."
-#: ../../configuration/firewall/general.rst:824
-#: ../../configuration/firewall/general-legacy.rst:543
+#: ../../configuration/firewall/ipv4.rst:536
+#: ../../configuration/firewall/ipv6.rst:546
msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Utilice un grupo de red específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos."
-#: ../../configuration/firewall/general.rst:849
-#: ../../configuration/firewall/general-legacy.rst:555
+#: ../../configuration/firewall/ipv4.rst:557
+#: ../../configuration/firewall/ipv6.rst:567
msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Utilice un grupo de puertos específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos."
-#: ../../configuration/nat/nat44.rst:247
+#: ../../configuration/nat/nat44.rst:259
msgid "Use address `masquerade` (the interfaces primary address) on rule 30"
msgstr "Use la dirección `masquerade` (la dirección principal de la interfaz) en la regla 30"
-#: ../../configuration/service/https.rst:67
+#: ../../configuration/service/https.rst:58
msgid "Use an automatically generated self-signed certificate"
msgstr "Utilice un certificado autofirmado generado automáticamente"
#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
msgid "Use any local address, configured on any interface if this is not set."
msgstr "Use cualquier dirección local, configurada en cualquier interfaz si no está configurada."
-#: ../../configuration/service/dns.rst:266
+#: ../../configuration/service/dns.rst:279
msgid "Use auth key file at ``/config/auth/my.key``"
msgstr "Use el archivo de clave de autenticación en ``/config/auth/my.key``"
-#: ../../configuration/service/dns.rst:395
+#: ../../configuration/service/https.rst:27
+msgid "Use certificate from PKI subsystem"
+msgstr "Use certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:408
msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
msgstr "Usar configurado `<url> ` para determinar su dirección IP. ddclient_ cargará `<url> ` e intenta extraer su dirección IP de la respuesta."
@@ -16666,7 +15905,7 @@ msgstr "Use la coincidencia inversa para hacer coincidir cualquier cosa excepto
msgid "Use local socket for API"
msgstr "Usar socket local para API"
-#: ../../configuration/vpn/sstp.rst:277
+#: ../../configuration/vpn/sstp.rst:288
msgid "Use local user `foo` with password `bar`"
msgstr "Use el usuario local `foo` con la contraseña `bar`"
@@ -16682,6 +15921,10 @@ msgstr "Utilice la dirección de la interfaz especificada en la máquina local c
msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
msgstr "Utilice la siguiente topología para crear una red aislada basada en nat66 entre redes internas y externas (no se admite el prefijo dinámico):"
+#: ../../configuration/nat/nat66.rst:142
+msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+
#: ../../configuration/system/option.rst:48
msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
msgstr "Utilice la dirección especificada en la máquina local como la dirección de origen de la conexión. Solo es útil en sistemas con más de una dirección."
@@ -16710,11 +15953,11 @@ msgstr "Utilice este comando PIM en la interfaz seleccionada para establecer la
msgid "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
msgstr "Use este comando PIM para modificar el valor de tiempo de espera (31-60000 segundos) para un `(S,G)<https://tools.ietf.org/html/rfc7761#section-4.1> `_ flujo. Se elige 31 segundos para un límite inferior, ya que algunas plataformas de hardware no pueden ver el flujo de datos en fragmentos de más de 30 segundos."
-#: ../../configuration/service/pppoe-server.rst:288
+#: ../../configuration/service/pppoe-server.rst:275
msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Utilice este comando para configurar el grupo de direcciones IPv6 desde el cual un cliente PPPoE obtendrá un prefijo IPv6 de su longitud definida (máscara) para terminar el extremo PPPoE a su lado. La longitud de la máscara se puede configurar de 48 a 128 bits, el valor predeterminado es 64."
-#: ../../configuration/vpn/sstp.rst:126
+#: ../../configuration/vpn/sstp.rst:137
msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Utilice este comando para configurar el grupo de direcciones IPv6 desde el cual un cliente SSTP obtendrá un prefijo IPv6 de su longitud definida (máscara) para terminar el punto final SSTP en su lado. La longitud de la máscara se puede configurar de 48 a 128 bits, el valor predeterminado es 64."
@@ -16742,7 +15985,7 @@ msgstr "Utilice este comando si desea establecer los intervalos de tiempo de esp
msgid "Use this command to allow the selected interface to join a multicast group."
msgstr "Use this command to allow the selected interface to join a multicast group."
-#: ../../configuration/protocols/igmp.rst:149
+#: ../../configuration/protocols/pim.rst:191
msgid "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
msgstr "Utilice este comando para permitir que la interfaz seleccionada se una a un grupo de multidifusión definiendo la dirección de multidifusión a la que desea unirse y también la dirección IP de origen."
@@ -16762,19 +16005,19 @@ msgstr "Utilice este comando para verificar el estado del túnel para las interf
msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
msgstr "Utilice este comando para verificar el estado del túnel para las interfaces de sitio a sitio de OpenVPN."
-#: ../../configuration/system/ipv6.rst:180
+#: ../../configuration/system/ipv6.rst:154
msgid "Use this command to clear Border Gateway Protocol statistics or status."
msgstr "Utilice este comando para borrar las estadísticas o el estado del protocolo de puerta de enlace fronteriza."
-#: ../../configuration/service/pppoe-server.rst:300
+#: ../../configuration/service/pppoe-server.rst:287
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Utilice este comando para configurar la delegación de prefijos de DHCPv6 (RFC3633). Tendrá que configurar su grupo de IPv6 y la longitud del prefijo de delegación. Desde el conjunto de IPv6 definido, distribuirá redes de la longitud definida (prefijo de delegación). La longitud del prefijo de delegación se puede establecer entre 32 y 64 bits."
-#: ../../configuration/vpn/sstp.rst:135
+#: ../../configuration/vpn/sstp.rst:146
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Utilice este comando para configurar la delegación de prefijos de DHCPv6 (RFC3633) en SSTP. Tendrá que configurar su grupo de IPv6 y la longitud del prefijo de delegación. Desde el conjunto de IPv6 definido, distribuirá redes de la longitud definida (prefijo de delegación). La longitud del prefijo de delegación se puede establecer entre 32 y 64 bits."
-#: ../../configuration/service/pppoe-server.rst:133
+#: ../../configuration/service/pppoe-server.rst:120
msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
msgstr "Utilice este comando para configurar Extensiones de autorización dinámicas para RADIUS para que pueda desconectar sesiones de forma remota y cambiar algunos parámetros de autenticación."
@@ -16855,7 +16098,7 @@ msgstr "Use este comando para configurar una política de Shaper, establezca su
msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
msgstr "Utilice este comando para configurar una política de Shaper, establezca su nombre y el ancho de banda máximo para todo el tráfico combinado."
-#: ../../configuration/service/pppoe-server.rst:206
+#: ../../configuration/service/pppoe-server.rst:193
msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
msgstr "Utilice este comando para configurar un límite de velocidad de datos para clientes PPPOoE para descargar o cargar tráfico. El límite de velocidad se establece en kbit/seg."
@@ -16919,10 +16162,18 @@ msgstr "Utilice este comando para configurar una interfaz con IGMP para que PIM
msgid "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
msgstr "Utilice este comando para configurar la autenticación para pares LDP. Establezca la dirección IP del par LDP y una contraseña que debe compartirse para convertirse en vecinos."
-#: ../../configuration/protocols/igmp.rst:156
+#: ../../configuration/protocols/pim.rst:198
msgid "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
msgstr "Utilice este comando para configurar en la interfaz seleccionada el intervalo de consulta del host IGMP (1-1800) en segundos que utilizará PIM."
+#: ../../configuration/protocols/pim.rst:202
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+
+#: ../../configuration/protocols/pim.rst:204
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+
#: ../../configuration/protocols/igmp.rst:163
msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
msgstr "Use este comando para configurar en la interfaz seleccionada el valor de tiempo de espera de respuesta de consulta IGMP (10-250) en decisegundos. Si no se devuelve un informe en el tiempo especificado, se asumirá el estado `(S,G) o (*,G)<https://tools.ietf.org/html/rfc7761#section-4.1> `_ ha expirado."
@@ -16931,7 +16182,7 @@ msgstr "Use este comando para configurar en la interfaz seleccionada el valor de
msgid "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
msgstr "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
-#: ../../configuration/service/pppoe-server.rst:112
+#: ../../configuration/service/pppoe-server.rst:99
msgid "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
msgstr "Utilice este comando para configurar la dirección IP y la clave secreta compartida de su servidor RADIUS. Puede tener varios servidores RADIUS configurados si desea lograr la redundancia."
@@ -16983,18 +16234,35 @@ msgstr "Utilice este comando para definir una política de Fair-Queue, basada en
msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
msgstr "Utilice este comando para definir una política de Fair-Queue, basada en Stochastic Fairness Queueing, y establezca la cantidad de segundos en los que ocurrirá una nueva perturbación del algoritmo de cola (máximo 4294967295)."
+#: ../../configuration/service/pppoe-server.rst:81
+#: ../../configuration/vpn/sstp.rst:132
+msgid "Use this command to define default address pool name."
+msgstr "Use this command to define default address pool name."
+
#: ../../configuration/system/name-server.rst:53
msgid "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
msgstr "Use este comando para definir dominios, uno a la vez, para que el sistema los use para completar nombres de host no calificados. Máximo: 6 entradas."
+#: ../../configuration/protocols/pim.rst:211
+msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+
#: ../../configuration/protocols/igmp.rst:172
msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
msgstr "Utilice este comando para definir en la interfaz seleccionada si elige la versión 2 o 3 de IGMP. El valor predeterminado es 3."
+#: ../../configuration/service/pppoe-server.rst:70
+msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:73
msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
msgstr "Utilice este comando para definir la primera dirección IP de un conjunto de direcciones que se proporcionarán a los clientes PPPoE. Debe estar dentro de una subred /24."
+#: ../../configuration/vpn/sstp.rst:121
+msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:42
msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
msgstr "Utilice este comando para definir la interfaz que utilizará el servidor PPPoE para escuchar a los clientes PPPoE."
@@ -17015,30 +16283,16 @@ msgstr "Utilice este comando para definir el número máximo de entradas que se
msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
msgstr "Utilice este comando para definir el número máximo de entradas que se mantendrán en la caché de vecinos (1024, 2048, 4096, 8192, 16384, 32768)."
+#: ../../configuration/service/pppoe-server.rst:77
+#: ../../configuration/vpn/sstp.rst:128
+msgid "Use this command to define the next address pool name."
+msgstr "Use this command to define the next address pool name."
+
#: ../../configuration/service/pppoe-server.rst:31
msgid "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
msgstr "Utilice este comando para definir si sus clientes PPPoE se autenticarán localmente en su sistema VyOS o en el servidor RADIUS."
#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
msgid "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
msgstr "Utilice este comando para indicar a una interfaz que no detecte ningún cambio de estado físico en un enlace, por ejemplo, cuando se desconecta el cable."
@@ -17059,15 +16313,6 @@ msgid "Use this command to disable IPv6 operation on interface when Duplicate Ad
msgstr "Utilice este comando para deshabilitar la operación de IPv6 en la interfaz cuando falla la detección de direcciones duplicadas en la dirección de enlace local."
#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
msgid "Use this command to disable the generation of Ethernet flow control (pause frames)."
msgstr "Use este comando para deshabilitar la generación de control de flujo de Ethernet (tramas de pausa)."
@@ -17107,30 +16352,11 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca
msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
msgstr "Utilice este comando para habilitar la adquisición de direcciones IPv6 mediante la configuración automática sin estado (SLAAC)."
-#: ../../configuration/service/pppoe-server.rst:249
+#: ../../configuration/service/pppoe-server.rst:236
msgid "Use this command to enable bandwidth shaping via RADIUS."
msgstr "Utilice este comando para habilitar la configuración del ancho de banda a través de RADIUS."
#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
msgid "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
msgstr "Utilice este comando para habilitar el Protocolo de resolución de direcciones (ARP) de proxy en esta interfaz. Proxy ARP permite que una interfaz Ethernet responda con su propia dirección :abbr:`MAC (Control de acceso a medios)` a solicitudes ARP de direcciones IP de destino en subredes conectadas a otras interfaces del sistema. El sistema reenvía adecuadamente los paquetes subsiguientes enviados a esas direcciones IP de destino."
@@ -17138,7 +16364,7 @@ msgstr "Utilice este comando para habilitar el Protocolo de resolución de direc
msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
msgstr "Utilice este comando para habilitar sesiones LDP dirigidas al enrutador local. El enrutador entonces responderá a cualquier sesión que intente conectarse a él que no sea un tipo de conexión TCP de enlace local."
-#: ../../configuration/service/pppoe-server.rst:262
+#: ../../configuration/service/pppoe-server.rst:249
msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
msgstr "Use este comando para habilitar el retraso de los paquetes PADO (Oferta de descubrimiento activo PPPoE), que se puede usar como un mecanismo de equilibrio de sesión con otros servidores PPPoE."
@@ -17154,7 +16380,13 @@ msgstr "Utilice este comando para habilitar el registro de la acción predetermi
msgid "Use this command to enable the logging of the default action on custom chains."
msgstr "Use this command to enable the logging of the default action on custom chains."
-#: ../../configuration/system/ipv6.rst:191
+#: ../../configuration/firewall/bridge.rst:163
+#: ../../configuration/firewall/ipv4.rst:214
+#: ../../configuration/firewall/ipv6.rst:214
+msgid "Use this command to enable the logging of the default action on the specified chain."
+msgstr "Use this command to enable the logging of the default action on the specified chain."
+
+#: ../../configuration/system/ipv6.rst:165
msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
msgstr "Utilice este comando para vaciar la caché de rutas IPv6 del kernel. Se puede agregar una dirección para vaciarla solo para esa ruta."
@@ -17162,11 +16394,11 @@ msgstr "Utilice este comando para vaciar la caché de rutas IPv6 del kernel. Se
msgid "Use this command to get an overview of a zone."
msgstr "Utilice este comando para obtener una descripción general de una zona."
-#: ../../configuration/system/ipv6.rst:146
+#: ../../configuration/system/ipv6.rst:120
msgid "Use this command to get information about OSPFv3."
msgstr "Utilice este comando para obtener información sobre OSPFv3."
-#: ../../configuration/system/ipv6.rst:168
+#: ../../configuration/system/ipv6.rst:142
msgid "Use this command to get information about the RIPNG protocol"
msgstr "Use este comando para obtener información sobre el protocolo RIPNG"
@@ -17178,7 +16410,7 @@ msgstr "Utilice este comando para indicarle al sistema que establezca una conexi
msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
msgstr "Utilice este comando para vincular la conexión PPPoE a una interfaz física. Cada conexión PPPoE debe establecerse a través de una interfaz física. Las interfaces pueden ser interfaces Ethernet normales, VIF o interfaces/VIF de vinculación."
-#: ../../configuration/service/pppoe-server.rst:324
+#: ../../configuration/service/pppoe-server.rst:311
msgid "Use this command to locally check the active sessions in the PPPoE server."
msgstr "Utilice este comando para verificar localmente las sesiones activas en el servidor PPPoE."
@@ -17195,7 +16427,7 @@ msgstr "Utilice este comando para no instalar servidores de nombres DNS anunciad
msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
msgstr "Utilice este comando para preferir IPv4 para la conexión de transporte de pares TCP para LDP cuando las direcciones LDP IPv4 e IPv6 están configuradas en la misma interfaz."
-#: ../../configuration/system/ipv6.rst:186
+#: ../../configuration/system/ipv6.rst:160
msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
msgstr "Utilice este comando para restablecer la memoria caché del Protocolo de descubrimiento de vecinos IPv6 para una dirección o interfaz."
@@ -17295,15 +16527,15 @@ msgstr "Utilice este comando para mostrar la pertenencia al grupo de multidifusi
msgid "Use this command to show IPv6 routes."
msgstr "Utilice este comando para mostrar rutas IPv6."
-#: ../../configuration/system/ipv6.rst:104
+#: ../../configuration/system/ipv6.rst:105
msgid "Use this command to show all IPv6 access lists"
msgstr "Use este comando para mostrar todas las listas de acceso de IPv6"
-#: ../../configuration/system/ipv6.rst:89
+#: ../../configuration/system/ipv6.rst:90
msgid "Use this command to show all IPv6 prefix lists"
msgstr "Use este comando para mostrar todas las listas de prefijos de IPv6"
-#: ../../configuration/system/ipv6.rst:172
+#: ../../configuration/system/ipv6.rst:146
msgid "Use this command to show the status of the RIPNG protocol"
msgstr "Use este comando para mostrar el estado del protocolo RIPNG"
@@ -17420,7 +16652,7 @@ msgstr "Frecuencia central del canal operativo VHT - frecuencia central 2 (para
msgid "VLAN"
msgstr "VLAN"
-#: ../../configuration/service/pppoe-server.rst:176
+#: ../../configuration/service/pppoe-server.rst:163
msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
msgstr "Accel-ppp puede crear VLAN sobre la marcha mediante el uso de un módulo Kernel llamado `vlan_mon`, que supervisa las VLAN entrantes y crea la VLAN necesaria si es necesario y está permitido. VyOS admite el uso de ID de VLAN o rangos completos, ambos valores se pueden definir al mismo tiempo para una interfaz."
@@ -17456,7 +16688,7 @@ msgstr "Los clientes VPN solicitarán parámetros de configuración, opcionalmen
msgid "VRF"
msgstr "VRF"
-#: ../../configuration/vrf/index.rst:409
+#: ../../configuration/vrf/index.rst:411
msgid "VRF Route Leaking"
msgstr "Fuga de ruta VRF"
@@ -17464,15 +16696,15 @@ msgstr "Fuga de ruta VRF"
msgid "VRF and NAT"
msgstr "VRF and NAT"
-#: ../../configuration/vrf/index.rst:378
+#: ../../configuration/vrf/index.rst:380
msgid "VRF blue routing table"
msgstr "Tabla de enrutamiento azul VRF"
-#: ../../configuration/vrf/index.rst:345
+#: ../../configuration/vrf/index.rst:347
msgid "VRF default routing table"
msgstr "Tabla de enrutamiento por defecto de VRF"
-#: ../../configuration/vrf/index.rst:361
+#: ../../configuration/vrf/index.rst:363
msgid "VRF red routing table"
msgstr "Tabla de enrutamiento rojo VRF"
@@ -17537,11 +16769,11 @@ msgstr "Los valores válidos son 0..255."
msgid "Value"
msgstr "Valor"
-#: ../../configuration/vpn/sstp.rst:252
+#: ../../configuration/vpn/sstp.rst:263
msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
msgstr "Valor para enviar al servidor RADIUS en el atributo NAS-IP-Address y para que coincida con las solicitudes de DM/CoA. También el servidor DM/CoA se vinculará a esa dirección."
-#: ../../configuration/vpn/sstp.rst:247
+#: ../../configuration/vpn/sstp.rst:258
msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
msgstr "Valor para enviar al servidor RADIUS en el atributo NAS-Identifier y para que coincida con las solicitudes de DM/CoA."
@@ -17555,6 +16787,10 @@ msgstr "Verificación"
msgid "Verification:"
msgstr "Verification:"
+#: ../../configuration/nat/nat66.rst:226
+msgid "Verify that connections are hitting the rule on both sides:"
+msgstr "Verify that connections are hitting the rule on both sides:"
+
#: ../../configuration/highavailability/index.rst:291
msgid "Version"
msgstr "Versión"
@@ -17584,22 +16820,6 @@ msgid "VyOS 1.1 supported login as user ``root``. This has been removed due to t
msgstr "VyOS 1.1 admite el inicio de sesión como usuario ``root``. Esto se eliminó debido a una seguridad más estricta en VyOS 1.2."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
msgstr "VyOS 1.3 (equuleus) es compatible con DHCPv6-PD (:rfc:`3633`). La delegación de prefijos de DHCPv6 es compatible con la mayoría de los ISP que proporcionan IPv6 nativo para consumidores en redes fijas."
@@ -17615,7 +16835,7 @@ msgstr "VyOS 1.4 cambió la forma en que se almacenan las claves de cifrado o lo
msgid "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
msgstr "VyOS 1.4 usa chrony en lugar de ntpd (consulte :vytask:`T3008`), que ya no aceptará solicitudes NTP anónimas como en VyOS 1.3. Todas las configuraciones se migrarán para mantener la funcionalidad anónima. Para configuraciones nuevas, si tiene clientes que usan su instalación de VyOS como servidor NTP, debe especificar la directiva `allow-client`."
-#: ../../configuration/interfaces/bonding.rst:None
+#: ../../configuration/interfaces/bonding.rst:-1
msgid "VyOS Arista EOS setup"
msgstr "Configuración de VyOS Arista EOS"
@@ -17635,7 +16855,11 @@ msgstr "El grupo VyOS IKE tiene las siguientes opciones:"
msgid "VyOS MIBs"
msgstr "MIB de VyOS"
-#: ../../configuration/nat/nat66.rst:None
+#: ../../configuration/nat/nat66.rst:-1
+msgid "VyOS NAT66 DHCPv6 using a dummy interface"
+msgstr "VyOS NAT66 DHCPv6 using a dummy interface"
+
+#: ../../configuration/nat/nat66.rst:-1
msgid "VyOS NAT66 Simple Configure"
msgstr "Configuración sencilla de VyOS NAT66"
@@ -17659,7 +16883,7 @@ msgstr "VyOS SNMP admite tanto IPv4 como IPv6."
msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
msgstr "VyOS también viene con un servidor SSTP integrado, consulte :ref:`sstp`."
-#: ../../configuration/service/dhcp-server.rst:580
+#: ../../configuration/service/dhcp-server.rst:504
msgid "VyOS also provides DHCPv6 server functionality which is described in this section."
msgstr "VyOS también proporciona la funcionalidad del servidor DHCPv6 que se describe en esta sección."
@@ -17704,11 +16928,11 @@ msgstr "VyOS facilita la multidifusión IP al admitir **Modo disperso PIM**, **I
msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
-#: ../../configuration/service/dns.rst:201
+#: ../../configuration/service/dns.rst:214
msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
msgstr "VyOS puede actualizar un registro DNS remoto cuando una interfaz obtiene una nueva dirección IP. Para hacerlo, VyOS incluye ddclient_, un script de Perl escrito para este único propósito."
-#: ../../configuration/service/dns.rst:306
+#: ../../configuration/service/dns.rst:319
msgid "VyOS is also able to use any service relying on protocols supported by ddclient."
msgstr "VyOS también puede usar cualquier servicio que dependa de los protocolos compatibles con ddclient."
@@ -17720,7 +16944,6 @@ msgstr "El propio VyOS es compatible con SNMPv2_ (versión 2) y SNMPv3_ (versió
msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
msgstr "VyOS le permite controlar el tráfico de muchas maneras diferentes, aquí cubriremos todas las posibilidades. Puede configurar tantas políticas como desee, pero solo podrá aplicar una política por interfaz y dirección (entrante o saliente)."
-#: ../../configuration/firewall/general.rst:13
#: ../../configuration/firewall/general-legacy.rst:17
msgid "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
msgstr "VyOS hace uso de Linux `netfilter<https://netfilter.org/> `_ para el filtrado de paquetes."
@@ -17737,7 +16960,7 @@ msgstr "VyOS ahora no solo puede administrar certificados emitidos por autoridad
msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
msgstr "VyOS ahora también tiene la capacidad de crear CA, claves, Diffie-Hellman y otros pares de claves desde un comando de nivel operativo de fácil acceso."
-#: ../../configuration/pki/index.rst:254
+#: ../../configuration/pki/index.rst:292
msgid "VyOS operational mode commands are not only available for generating keys but also to display them."
msgstr "Los comandos del modo operativo VyOS no solo están disponibles para generar claves, sino también para mostrarlas."
@@ -17773,7 +16996,7 @@ msgstr "VyOS proporciona comandos de políticas exclusivamente para el filtrado
msgid "VyOS provides some operational commands on OpenVPN."
msgstr "VyOS proporciona algunos comandos operativos en OpenVPN."
-#: ../../configuration/service/dhcp-server.rst:173
+#: ../../configuration/service/dhcp-server.rst:138
msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
msgstr "VyOS proporciona soporte para conmutación por error de DHCP. La conmutación por error de DHCP debe configurarse explícitamente mediante las siguientes declaraciones."
@@ -17781,7 +17004,11 @@ msgstr "VyOS proporciona soporte para conmutación por error de DHCP. La conmuta
msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
msgstr "El proxy inverso de VyOS es un equilibrador y servidor proxy que proporciona alta disponibilidad, equilibrio de carga y proxy para aplicaciones basadas en TCP (nivel 4) y HTTP (nivel 7)."
-#: ../../configuration/protocols/igmp.rst:30
+#: ../../configuration/protocols/pim.rst:9
+msgid "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+msgstr "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+
+#: ../../configuration/protocols/pim.rst:26
msgid "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
msgstr "VyOS es compatible con la versión 2 y la versión 3 de IGMP (que permite la multidifusión específica de la fuente)."
@@ -17793,11 +17020,15 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec
msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS admite la contabilidad de flujo para el tráfico IPv4 e IPv6. El sistema actúa como un exportador de flujo y puede usarlo con cualquier colector compatible."
+#: ../../configuration/system/updates.rst:5
+msgid "VyOS supports online checking for updates"
+msgstr "VyOS supports online checking for updates"
+
#: ../../configuration/system/sflow.rst:5
msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS admite la contabilidad de sFlow para el tráfico IPv4 e IPv6. El sistema actúa como un exportador de flujo y puede usarlo con cualquier colector compatible."
-#: ../../configuration/system/conntrack.rst:53
+#: ../../configuration/system/conntrack.rst:67
msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
msgstr "VyOS admite la configuración de tiempos de espera para las conexiones según el tipo de conexión. Puede establecer valores de tiempo de espera para conexiones genéricas, para conexiones ICMP, conexiones UDP o para conexiones TCP en varios estados diferentes."
@@ -17809,13 +17040,19 @@ msgstr "VyOS admite la configuración de PPPoE de dos maneras diferentes para un
msgid "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
msgstr "VyOS utiliza el servidor DHCP de ISC para la asignación de direcciones IPv4 e IPv6."
+#: ../../configuration/service/dhcp-server.rst:7
+msgid "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+msgstr "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+
+#: ../../configuration/system/frr.rst:7
+msgid "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+msgstr "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+
#: ../../configuration/interfaces/wwan.rst:12
msgid "VyOS uses the `interfaces wwan` subsystem for configuration."
msgstr "VyOS utiliza el subsistema `interfaces wwan` para la configuración."
#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
msgid "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
msgstr "VyOS usa la opción `mirror` para configurar la duplicación de puertos. La configuración se divide en 2 direcciones diferentes. Los puertos de destino deben configurarse para diferentes direcciones de tráfico."
@@ -17839,7 +17076,7 @@ msgstr "VyOS utiliza accel-ppp_ para proporcionar la funcionalidad del servidor
msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
msgstr "El Equilibrio de carga WAN no debe usarse cuando se usa/necesita el protocolo de enrutamiento dinámico. Esta característica crea tablas de enrutamiento personalizadas y reglas de firewall, lo que hace que su uso sea incompatible con los protocolos de enrutamiento."
-#: ../../configuration/vpn/site2site_ipsec.rst:160
+#: ../../configuration/vpn/site2site_ipsec.rst:164
msgid "WAN interface on `eth1`"
msgstr "Interfaz WAN en `eth1`"
@@ -17876,7 +17113,7 @@ msgstr "Condiciones de advertencia"
msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
-#: ../../configuration/nat/nat44.rst:760
+#: ../../configuration/nat/nat44.rst:782
msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
msgstr "Usaremos los grupos IKE y ESP creados anteriormente para esta VPN. Debido a que necesitamos acceso a 2 subredes diferentes en el lado lejano, necesitaremos dos túneles diferentes. Si cambió los nombres del grupo ESP y del grupo IKE en el paso anterior, asegúrese de usar los nombres correctos aquí también."
@@ -17896,7 +17133,7 @@ msgstr "También podemos crear los certificados usando Cerbort, que es un client
msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
msgstr "Podemos construir mapas de ruta para importar basados en estos estados. Aquí hay una configuración simple de RPKI, donde `routinator` es el servidor de &quot;caché&quot; de validación de RPKI con ip `192.0.2.1`:"
-#: ../../configuration/protocols/bgp.rst:1248
+#: ../../configuration/protocols/bgp.rst:1249
msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny."
msgstr "Podríamos ampliar esto y también denegar enlace local y multidifusión en la acción denegar de la regla 20."
@@ -17924,7 +17161,7 @@ msgstr "Ahora utilizamos `tuned` para el equilibrio dinámico de recursos basado
msgid "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
msgstr "Solo permitimos que la subred 192.168.2.0/24 viaje por el túnel"
-#: ../../configuration/nat/nat44.rst:699
+#: ../../configuration/nat/nat44.rst:723
msgid "We only need a single step for this interface:"
msgstr "Solo necesitamos un solo paso para esta interfaz:"
@@ -17932,11 +17169,15 @@ msgstr "Solo necesitamos un solo paso para esta interfaz:"
msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
msgstr "Enrutamos todo el tráfico de la red 192.168.2.0/24 a la interfaz `wg01`"
-#: ../../configuration/system/login.rst:418
+#: ../../configuration/system/login.rst:420
msgid "We use a vontainer providing the TACACS serve rin this example."
msgstr "Usamos un contenedor que proporciona el servicio TACACS en este ejemplo."
-#: ../../configuration/service/dhcp-server.rst:364
+#: ../../configuration/firewall/flowtables.rst:114
+msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+
+#: ../../configuration/service/dhcp-server.rst:331
msgid "Web Proxy Autodiscovery (WPAD) URL"
msgstr "URL de detección automática de proxy web (WPAD)"
@@ -17944,19 +17185,31 @@ msgstr "URL de detección automática de proxy web (WPAD)"
msgid "Webproxy"
msgstr "Proxy web"
+#: ../../configuration/service/https.rst:40
+msgid "Webserver should listen on specified port."
+msgstr "Webserver should listen on specified port."
+
+#: ../../configuration/service/https.rst:36
+msgid "Webserver should only listen on specified IP address"
+msgstr "Webserver should only listen on specified IP address"
+
#: ../../configuration/protocols/mpls.rst:220
msgid "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
msgstr "Cuando LDP esté funcionando, podrá ver la información de la etiqueta en el resultado de ``show ip route``. Además de esa información, también hay comandos *show* específicos para LDP:"
+#: ../../configuration/protocols/pim.rst:75
+msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+
#: ../../configuration/vrf/index.rst:73
msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
msgstr "Cuando se utilizan VRF, no solo es obligatorio crear un VRF, sino que también es necesario asignar el VRF a una interfaz."
-#: ../../configuration/service/dns.rst:341
+#: ../../configuration/service/dns.rst:354
msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
msgstr "Cuando se utiliza un proveedor DynDNS ``personalizado``, el `<server> ` Debe especificarse a dónde se envían las solicitudes de actualización."
-#: ../../configuration/service/dns.rst:334
+#: ../../configuration/service/dns.rst:347
msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
msgstr "Cuando se utiliza un proveedor DynDNS ``personalizado``, el protocolo utilizado para comunicarse con el proveedor debe especificarse en ``<protocol> `. Consulte el asistente de finalización incorporado para conocer los protocolos disponibles."
@@ -17980,7 +17233,11 @@ msgstr "Cuando falla una ruta, se envía una actualización de enrutamiento para
msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
msgstr "Al agregar la función de intercambio de información de enrutamiento IPv6 a BGP. Hubo algunas propuestas. :abbr:`IETF (Grupo de trabajo de ingeniería de Internet)` :abbr:`IDR (Enrutamiento entre dominios)` adoptó una propuesta llamada Extensión multiprotocolo para BGP. La especificación se describe en :rfc:`2283`. El protocolo no define nuevos protocolos. Define nuevos atributos para el BGP existente. Cuando se utiliza para intercambiar información de enrutamiento IPv6, se denomina BGP-4+. Cuando se utiliza para intercambiar información de enrutamiento de multidifusión, se denomina MBGP."
-#: ../../configuration/service/pppoe-server.rst:182
+#: ../../configuration/service/dns.rst:155
+msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+
+#: ../../configuration/service/pppoe-server.rst:169
msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
msgstr "Cuando está configurado, PPPoE creará las VLAN necesarias cuando sea necesario. Una vez que se haya cancelado la sesión del usuario y ya no se necesite la VLAN, VyOS la eliminará nuevamente."
@@ -17996,11 +17253,13 @@ msgstr "Al configurar su filtro, puede usar la tecla ``Tab`` para ver los difere
msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
msgstr "A la hora de configurar tu política de tráfico tendrás que establecer valores de tasa de datos, ojo con las unidades que estás gestionando, es fácil confundirse con los diferentes prefijos y sufijos que puedes utilizar. VyOS siempre te mostrará las diferentes unidades que puedes usar."
-#: ../../configuration/firewall/general.rst:521
+#: ../../configuration/firewall/bridge.rst:210
+#: ../../configuration/firewall/ipv4.rst:290
+#: ../../configuration/firewall/ipv6.rst:290
msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
-#: ../../configuration/nat/nat44.rst:299
+#: ../../configuration/nat/nat44.rst:311
msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
@@ -18031,21 +17290,6 @@ msgid "When mathcing all patterns defined in a rule, then different actions can
msgstr "Al hacer coincidir todos los patrones definidos en una regla, se pueden realizar diferentes acciones. Esto incluye descartar el paquete, modificar ciertos datos o configurar una tabla de enrutamiento diferente."
#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
msgstr "Cuando se especifica no liberación, dhcp6c enviará un mensaje de liberación al salir del cliente para evitar perder una dirección o prefijo asignado."
@@ -18053,21 +17297,10 @@ msgstr "Cuando se especifica no liberación, dhcp6c enviará un mensaje de liber
msgid "When no options/parameters are used, the contents of the main syslog file are displayed."
msgstr "Cuando no se utilizan opciones/parámetros, se muestra el contenido del archivo syslog principal."
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
+#: ../../configuration/protocols/pim.rst:65
+msgid "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+msgstr "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+
#: ../../_include/interface-dhcpv6-options.txt:40
msgid "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
msgstr "Cuando se especifica una confirmación rápida, dhcp6c incluirá una opción de confirmación rápida en los mensajes de solicitud y esperará una respuesta inmediata en lugar de anuncios."
@@ -18080,6 +17313,10 @@ msgstr "Cuando el par remoto no tiene la función de negociación de capacidad,
msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
msgstr "Cuando se ejecuta a 1 Gbit o menos, es posible que desee reducir el &quot;límite de cola&quot; a 1000 paquetes o menos. En velocidades como 10 Mbit, es posible que desee configurarlo en 600 paquetes."
+#: ../../configuration/protocols/pim.rst:113
+msgid "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+msgstr "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+
#: ../../configuration/interfaces/pppoe.rst:108
msgid "When set the interface is enabled for \"dial-on-demand\"."
msgstr "Cuando se configura, la interfaz está habilitada para &quot;marcar bajo demanda&quot;."
@@ -18097,37 +17334,19 @@ msgstr "Al iniciar un sistema VyOS en vivo (el CD de instalación), el diseño d
msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
msgstr "Cuando el servidor DHCP está considerando asignar dinámicamente una dirección IP a un cliente, primero envía una solicitud de eco ICMP (un ping) a la dirección asignada. Espera un segundo y, si no se escucha ninguna respuesta de eco ICMP, asigna la dirección."
-#: ../../configuration/vpn/site2site_ipsec.rst:407
+#: ../../configuration/vpn/site2site_ipsec.rst:416
msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
msgstr "Cuando la opción de acción de cierre se establece en los pares, el tipo de conexión de cada par debe considerarse cuidadosamente. Por ejemplo, si la opción está configurada en ambos pares, ambos intentarán iniciar y mantener abiertas varias copias de cada SA secundario. Esto podría conducir a la inestabilidad del dispositivo o la utilización de la CPU/memoria."
-#: ../../configuration/firewall/general.rst:106
-#: ../../configuration/firewall/general-legacy.rst:58
+#: ../../configuration/firewall/global-options.rst:43
msgid "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
msgstr "Cuando se establece el comando anterior, VyOS responderá a todas las solicitudes de eco ICMP dirigidas a sí mismo, pero eso solo sucederá si no se aplica ninguna otra regla que descarte o rechace las solicitudes de eco locales. En caso de conflicto, VyOS no responderá a las solicitudes de eco ICMP."
-#: ../../configuration/firewall/general.rst:115
-#: ../../configuration/firewall/general-legacy.rst:67
+#: ../../configuration/firewall/global-options.rst:52
msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
msgstr "Cuando se establece el comando anterior, VyOS no responderá ninguna solicitud de eco ICMP dirigida a sí mismo, sin importar de dónde provenga o si se aplican reglas más específicas para aceptarlas."
#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
msgstr "Cuando se utiliza DHCP para recuperar la dirección IPv4 y si se necesitan personalizaciones locales, deberían ser posibles mediante los ganchos de entrada y salida proporcionados. Los directorios de enlace son:"
@@ -18135,11 +17354,11 @@ msgstr "Cuando se utiliza DHCP para recuperar la dirección IPv4 y si se necesit
msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
msgstr "Cuando use EVE-NG para probar este entorno, asegúrese de usar e1000 como el controlador deseado para sus interfaces de red VyOS. Cuando se utiliza el controlador de red virtio normal, VyOS no enviará PDU LACP, por lo que el canal de puerto nunca se activará."
-#: ../../configuration/nat/nat44.rst:351
+#: ../../configuration/nat/nat44.rst:365
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "Cuando se usa NAT para una gran cantidad de sistemas host, se recomienda usar un mínimo de 1 dirección IP para NAT cada 256 sistemas host. Esto se debe al límite de 65 000 números de puerto disponibles para traducciones únicas y a la reserva de un promedio de 200 a 300 sesiones por sistema host."
-#: ../../configuration/nat/nat44.rst:238
+#: ../../configuration/nat/nat44.rst:250
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "Cuando se usa NAT para una gran cantidad de sistemas host, se recomienda usar un mínimo de 1 dirección IP para NAT cada 256 sistemas host privados. Esto se debe al límite de 65 000 números de puerto disponibles para traducciones únicas y a la reserva de un promedio de 200 a 300 sesiones por sistema host."
@@ -18147,7 +17366,7 @@ msgstr "Cuando se usa NAT para una gran cantidad de sistemas host, se recomienda
msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
msgstr "Cuando se utiliza SSH, el archivo de hosts conocidos, el archivo de clave privada y el archivo de clave pública son opciones obligatorias."
-#: ../../configuration/vpn/openconnect.rst:215
+#: ../../configuration/vpn/openconnect.rst:222
msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
msgstr "Cuando utilice una contraseña de un solo uso basada en el tiempo (TOTP) (OTP HOTP-time), asegúrese de que la hora en el servidor y el generador de tokens OTP estén sincronizados por NTP."
@@ -18171,47 +17390,35 @@ msgstr "Where, main key words and configuration paths that needs to be understoo
msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
msgstr "Donde ambas rutas fueron recibidas de pares eBGP, entonces prefiera la ruta que ya está seleccionada. Tenga en cuenta que esta verificación no se aplica si :cfgcmd:`bgp bestpath compare-routerid` está configurado. Esta verificación puede prevenir algunos casos de oscilación."
+#: ../../configuration/firewall/ipv4.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+
+#: ../../configuration/firewall/ipv6.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+
#: ../../configuration/protocols/bgp.rst:86
msgid "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
msgstr "Cuando las rutas con un MED se recibieron del mismo AS, prefiera la ruta con el MED más bajo."
#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
msgid "Whether to accept DAD (Duplicate Address Detection)."
msgstr "Whether to accept DAD (Duplicate Address Detection)."
-#: ../../configuration/nat/nat44.rst:330
+#: ../../configuration/nat/nat44.rst:342
msgid "Which generates the following configuration:"
msgstr "Lo cual genera la siguiente configuración:"
-#: ../../configuration/nat/nat44.rst:444
+#: ../../configuration/nat/nat44.rst:458
msgid "Which results in a configuration of:"
msgstr "Lo que resulta en una configuración de:"
-#: ../../configuration/nat/nat44.rst:522
+#: ../../configuration/nat/nat44.rst:542
msgid "Which would generate the following NAT destination configuration:"
msgstr "Lo que generaría la siguiente configuración de destino NAT:"
-#: ../../configuration/firewall/general.rst:217
-#: ../../configuration/firewall/general-legacy.rst:193
+#: ../../configuration/firewall/groups.rst:44
msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
msgstr "Si bien los **grupos de red** aceptan redes IP en notación CIDR, se pueden agregar direcciones IP específicas como un prefijo de 32 bits. Si prevé la necesidad de agregar una combinación de direcciones y redes, se recomienda el grupo de red."
@@ -18293,7 +17500,7 @@ msgstr "Opciones inalámbricas"
msgid "Wireless options (Station/Client)"
msgstr "Opciones inalámbricas (Estación/Cliente)"
-#: ../../configuration/firewall/index.rst:23
+#: ../../configuration/firewall/index.rst:7
msgid "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
msgstr "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
@@ -18305,8 +17512,7 @@ msgstr "Con WireGuard, una configuración de VPN de Road Warrior es similar a un
msgid "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
msgstr "Con la opción ``servidor de nombres`` establecida en ``ninguno``, VyOS ignorará los servidores de nombres que le envíe su ISP y, por lo tanto, puede confiar plenamente en los que ha configurado estáticamente."
-#: ../../configuration/firewall/general.rst:94
-#: ../../configuration/firewall/general-legacy.rst:46
+#: ../../configuration/firewall/global-options.rst:31
msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
msgstr "Con el cortafuegos, puede establecer reglas para aceptar, descartar o rechazar tráfico local, entrante o saliente de ICMP. También puede usar el comando general **firewall all-ping**. Este comando afecta solo a LOCAL (paquetes destinados a su sistema VyOS), no al tráfico de ENTRADA o SALIDA."
@@ -18314,29 +17520,29 @@ msgstr "Con el cortafuegos, puede establecer reglas para aceptar, descartar o re
msgid "With this command, you can specify how the URL path should be matched against incoming requests."
msgstr "Con este comando, puede especificar cómo debe coincidir la ruta de URL con las solicitudes entrantes."
-#: ../../configuration/firewall/index.rst:73
+#: ../../configuration/firewall/index.rst:166
msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
-#: ../../configuration/service/dhcp-server.rst:290
-#: ../../configuration/service/dhcp-server.rst:295
-#: ../../configuration/service/dhcp-server.rst:300
-#: ../../configuration/service/dhcp-server.rst:310
-#: ../../configuration/service/dhcp-server.rst:315
-#: ../../configuration/service/dhcp-server.rst:345
-#: ../../configuration/service/dhcp-server.rst:350
-#: ../../configuration/service/dhcp-server.rst:355
-#: ../../configuration/service/dhcp-server.rst:375
-#: ../../configuration/service/dhcp-server.rst:380
-#: ../../configuration/service/dhcp-server.rst:390
+#: ../../configuration/service/dhcp-server.rst:257
+#: ../../configuration/service/dhcp-server.rst:262
+#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:357
msgid "Y"
msgstr "y"
-#: ../../configuration/firewall/zone.rst:99
+#: ../../configuration/firewall/zone.rst:118
msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
msgstr "Siempre aplica un conjunto de reglas a una zona desde otra zona, se recomienda crear un conjunto de reglas para cada par de zonas."
-#: ../../configuration/system/login.rst:363
+#: ../../configuration/system/login.rst:365
msgid "You are able to set post-login or pre-login banner messages to display certain information for this system."
msgstr "Puede configurar mensajes de banner posteriores o previos al inicio de sesión para mostrar cierta información para este sistema."
@@ -18348,24 +17554,23 @@ msgstr "Podrá descargar los archivos usando SCP, una vez que el servicio SSH se
msgid "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
msgstr "También puede configurar el intervalo de tiempo para la preferencia con la opción &quot;principal-retraso&quot;. Por ejemplo, para configurar el enrutador de mayor prioridad para que tome el control en 180 segundos, use:"
-#: ../../configuration/system/conntrack.rst:86
+#: ../../configuration/system/conntrack.rst:99
msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
msgstr "También puede definir valores de tiempo de espera personalizados para aplicar a un subconjunto específico de conexiones, según un paquete y un selector de flujo. Para hacer esto, debe crear una regla que defina el paquete y el selector de flujo."
-#: ../../configuration/service/dns.rst:299
+#: ../../configuration/service/dns.rst:312
msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
msgstr "También puede mantener actualizadas diferentes zonas DNS. Simplemente cree un nuevo nodo de configuración: `` establezca la interfaz dinámica de dns del servicio<interface> rfc2136<other-service-name> ``"
-#: ../../configuration/system/ipv6.rst:106
+#: ../../configuration/system/ipv6.rst:107
msgid "You can also specify which IPv6 access-list should be shown:"
msgstr "También puede especificar qué lista de acceso de IPv6 se debe mostrar:"
-#: ../../configuration/protocols/igmp.rst:121
#: ../../configuration/protocols/pim6.rst:42
msgid "You can also tune multicast with the following commands."
msgstr "También puede sintonizar la multidifusión con los siguientes comandos."
-#: ../../configuration/service/pppoe-server.rst:152
+#: ../../configuration/service/pppoe-server.rst:139
msgid "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
msgstr "También puede usar otros atributos para identificar al cliente para la desconexión, como Dirección IP enmarcada, Id. de sesión de cuenta, etc. Los comandos de resultado aparecen en el registro."
@@ -18377,7 +17582,7 @@ msgstr "También puede escribir una descripción para un filtro:"
msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key."
msgstr "Puede asignar varias claves al mismo usuario utilizando un identificador único por clave SSH."
-#: ../../configuration/nat/nat44.rst:386
+#: ../../configuration/nat/nat44.rst:400
msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
msgstr "Puede evitar el comportamiento de &quot;fugas&quot; mediante el uso de una política de firewall que descarta los paquetes de estado &quot;no válidos&quot;."
@@ -18402,11 +17607,6 @@ msgid "You can configure multiple interfaces which whould participate in sflow a
msgstr "Puede configurar múltiples interfaces que podrían participar en la contabilidad de flujo."
#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
msgstr "Puede crear múltiples interfaces VLAN en una interfaz física. El rango de ID de VLAN es de 0 a 4094."
@@ -18414,7 +17614,7 @@ msgstr "Puede crear múltiples interfaces VLAN en una interfaz física. El rango
msgid "You can disable a VRRP group with ``disable`` option:"
msgstr "Puede deshabilitar un grupo VRRP con la opción ``deshabilitar``:"
-#: ../../configuration/system/ipv6.rst:148
+#: ../../configuration/system/ipv6.rst:122
msgid "You can get more specific OSPFv3 information by using the parameters shown below:"
msgstr "Puede obtener información OSPFv3 más específica utilizando los parámetros que se muestran a continuación:"
@@ -18422,15 +17622,15 @@ msgstr "Puede obtener información OSPFv3 más específica utilizando los parám
msgid "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
msgstr "No puede asignar la misma declaración de ips permitidas a varios pares de WireGuard. Esta es una decisión de diseño. Para obtener más información, consulte la `Lista de correo de WireGuard`_."
-#: ../../configuration/service/mdns.rst:30
+#: ../../configuration/service/mdns.rst:46
msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
msgstr "No puede ejecutar esto en una configuración VRRP, si se lanzan múltiples repetidores mDNS en una subred, experimentará la muerte de la tormenta de paquetes mDNS."
-#: ../../configuration/vpn/sstp.rst:320
+#: ../../configuration/vpn/sstp.rst:332
msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
msgstr "Ahora puede &quot;marcar&quot; al interlocutor con el siguiente comando: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
-#: ../../configuration/system/login.rst:441
+#: ../../configuration/system/login.rst:443
msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
msgstr "Ahora puede usar SSH en su sistema usando admin/admin como un usuario predeterminado suministrado desde el contenedor ``lfkeitel/tacacs_plus:latest``."
@@ -18442,7 +17642,7 @@ msgstr "Solo puede aplicar una política por interfaz y dirección, pero puede r
msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
msgstr "Puede ejecutar el servicio de retransmisión de difusión UDP en varios enrutadores conectados a una subred. **NO** Hay una tormenta de paquetes de retransmisión de difusión UDP."
-#: ../../configuration/service/dhcp-server.rst:211
+#: ../../configuration/service/dhcp-server.rst:176
msgid "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
msgstr "Puede especificar una asignación de DHCP estática por host. Necesitará la dirección MAC de la estación y la dirección IP deseada. La dirección debe estar dentro de la definición de subred pero puede estar fuera de la declaración de rango."
@@ -18462,7 +17662,7 @@ msgstr "Puede verificar el estado de su grupo VRRP con el comando de modo operat
msgid "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
msgstr "Puede ver que la política se está utilizando correctamente (o incorrectamente) con el siguiente comando:"
-#: ../../configuration/protocols/ospf.rst:1342
+#: ../../configuration/protocols/ospf.rst:1344
msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
msgstr "No puede redistribuir fácilmente rutas IPv6 a través de OSPFv3 en un enlace de interfaz WireGuard. Esto requiere que configure manualmente las direcciones locales de enlace en las interfaces de WireGuard, consulte :vytask:`T1483`."
@@ -18482,7 +17682,7 @@ msgstr "Es posible que prefiera las capacidades configuradas localmente más que
msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
msgstr "Es posible que desee deshabilitar el envío del parámetro opcional del mensaje ABIERTO de Negociación de capacidad al par cuando el par remoto no implementa la Negociación de capacidad. Utilice el comando :cfgcmd:`disable-capability-negotiation` para desactivar la función."
-#: ../../configuration/firewall/zone.rst:39
+#: ../../configuration/firewall/zone.rst:58
msgid "You need 2 separate firewalls to define traffic: one for each direction."
msgstr "Necesita 2 firewalls separados para definir el tráfico: uno para cada dirección."
@@ -18534,7 +17734,7 @@ msgstr "Zebra admite listas de prefijos y mapas de rutas para hacer coincidir la
msgid "Zone-Policy Overview"
msgstr "Descripción general de la política de zona"
-#: ../../configuration/firewall/index.rst:66
+#: ../../configuration/firewall/index.rst:159
msgid "Zone-based firewall"
msgstr "Zone-based firewall"
@@ -18587,25 +17787,6 @@ msgid ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a ne
msgstr ":abbr:`EAP (Protocolo de autenticación extensible)` sobre LAN (EAPoL) es un protocolo de autenticación de puerto de red utilizado en IEEE 802.1X (Control de acceso a la red basado en puerto) desarrollado para brindar un inicio de sesión de red genérico para acceder a los recursos de la red."
#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
msgid ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
msgstr ":abbr:`EUI-64 (identificador único extendido de 64 bits)` como se especifica en :rfc:`4291` permite que un host se asigne a sí mismo una dirección IPv6 única de 64 bits."
@@ -18625,7 +17806,7 @@ msgstr ":abbr:`GRO (Descarga de recepción genérica)` es el complemento de GSO.
msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
msgstr ":abbr:`GSO (descarga de segmentación genérica)` es una descarga de software pura que está destinada a tratar los casos en los que los controladores de dispositivos no pueden realizar las descargas descritas anteriormente. Lo que ocurre en GSO es que un skbuff determinado tendrá sus datos desglosados en múltiples skbuffs que se han redimensionado para que coincidan con el MSS proporcionado a través de skb_shinfo()-&gt;gso_size."
-#: ../../configuration/protocols/igmp.rst:181
+#: ../../configuration/protocols/igmp-proxy.rst:9
msgid ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
msgstr ":abbr:El proxy `IGMP (Protocolo de administración de grupos de Internet)` envía mensajes de host IGMP en nombre de un cliente conectado. La configuración debe definir una y solo una interfaz ascendente y una o más interfaces descendentes."
@@ -18637,7 +17818,7 @@ msgstr ":abbr:`IPSec (IP Security)`: demasiados RFC para enumerar, pero comience
msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
msgstr ":abbr:`IS-IS (Sistema intermedio a sistema intermedio)` es un protocolo de puerta de enlace interior (IGP) de estado de enlace que se describe en ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS ejecuta el algoritmo de ruta más corta primero (SPF) de Dijkstra para crear una base de datos de la topología de la red y, a partir de esa base de datos, determinar la mejor ruta (es decir, el costo más bajo) a un destino. Los sistemas intermedios (el nombre de los enrutadores) intercambian información de topología con sus vecinos conectados directamente. IS-IS se ejecuta directamente en la capa de enlace de datos (Capa 2). Las direcciones IS-IS se denominan :abbr:`NET (Títulos de entidad de red)` y pueden tener de 8 a 20 bytes de largo, pero generalmente tienen 10 bytes de largo. La base de datos en árbol que se crea con IS-IS es similar a la que se crea con OSPF en que las rutas elegidas deben ser similares. Las comparaciones con OSPF son inevitables y, a menudo, son razonables con respecto a la forma en que una red responderá con IGP."
-#: ../../configuration/vrf/index.rst:399
+#: ../../configuration/vrf/index.rst:401
msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
msgstr ":abbr:`L3VPN VRF (redes privadas virtuales de capa 3)` bgpd es compatible con IPv4 RFC 4364 e IPv6 RFC 4659. Las rutas L3VPN y sus etiquetas VRF MPLS asociadas se pueden distribuir a los vecinos VPN SAFI de forma predeterminada, es decir, no VRF , instancia de BGP. Las etiquetas VRF MPLS se alcanzan mediante etiquetas MPLS centrales que se distribuyen mediante unidifusión etiquetada LDP o BGP. bgpd también es compatible con la fuga de rutas entre VRF."
@@ -18657,6 +17838,10 @@ msgstr ":abbr:`MKA (protocolo de acuerdo de clave MACsec)` se utiliza para sincr
msgid ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
msgstr ":abbr:`MPLS (Multi-Protocol Label Switching)` es un paradigma de reenvío de paquetes que difiere del reenvío de IP normal. En lugar de utilizar las direcciones IP para tomar la decisión de encontrar la interfaz de salida, un enrutador utilizará una coincidencia exacta en un encabezado de 32 bits/4 bytes llamado etiqueta MPLS. Esta etiqueta se inserta entre el encabezado de ethernet (capa 2) y el encabezado de IP (capa 3). Se pueden asignar asignaciones de etiquetas de forma estática o dinámica, pero nos centraremos en la asignación dinámica de etiquetas utilizando algún tipo de protocolo de distribución de etiquetas (como el acertadamente llamado Protocolo de distribución de etiquetas/LDP, Protocolo de reserva de recursos/RSVP o Enrutamiento de segmentos a través de OSPF/ISIS ). Estos protocolos permiten la creación de una ruta unidireccional/unicast llamada ruta conmutada etiquetada (inicializada como LSP) en toda la red que funciona de manera muy similar a un túnel a través de la red. Una forma sencilla de pensar en cómo un MPLS LSP realmente reenvía el tráfico a través de una red es pensar en un túnel GRE. No son iguales en la forma en que operan, pero son iguales en la forma en que manejan el paquete tunelizado. Sería bueno pensar en MPLS como una tecnología de tunelización que se puede usar para transportar muchos tipos diferentes de paquetes, para ayudar en la ingeniería de tráfico al permitir especificar rutas a través de la red (usando RSVP o SR) y, en general, permitir Transporte de paquetes de datos más fácil dentro o entre redes."
+#: ../../configuration/nat/nat64.rst:7
+msgid ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+msgstr ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+
#: ../../configuration/nat/nat44.rst:7
msgid ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
msgstr ":abbr:`NAT (Traducción de direcciones de red)` es un método común para reasignar un espacio de direcciones IP a otro mediante la modificación de la información de la dirección de red en el encabezado IP de los paquetes mientras están en tránsito a través de un dispositivo de enrutamiento de tráfico. La técnica se usó originalmente como un atajo para evitar la necesidad de volver a direccionar cada host cuando se movía una red. Se ha convertido en una herramienta popular y esencial para conservar el espacio de direcciones global ante el agotamiento de las direcciones IPv4. Una dirección IP enrutable de Internet de una puerta de enlace NAT se puede usar para una red privada completa."
@@ -18685,6 +17870,10 @@ msgstr ":abbr:`NTP (Network Time Protocol`) es un protocolo de red para la sincr
msgid ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
msgstr ":abbr:`OSPF (Open Shortest Path First)` es un protocolo de enrutamiento para redes de Protocolo de Internet (IP). Utiliza un algoritmo de enrutamiento de estado de enlace (LSR) y cae en el grupo de protocolos de puerta de enlace interior (IGP), que opera dentro de un solo sistema autónomo (AS). Se define como OSPF Versión 2 en :rfc:`2328` (1998) para IPv4. Las actualizaciones para IPv6 se especifican como OSPF versión 3 en :rfc:`5340` (2008). OSPF es compatible con el modelo de direccionamiento :abbr:`CIDR (Classless Inter-Domain Routing)`."
+#: ../../configuration/protocols/pim.rst:12
+msgid ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+msgstr ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+
#: ../../configuration/interfaces/pppoe.rst:9
msgid ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
msgstr ":abbr:`PPPoE (protocolo punto a punto sobre Ethernet)` es un protocolo de red para encapsular tramas PPP dentro de tramas Ethernet. Apareció en 1999, en el contexto del auge de DSL como la solución para tunelizar paquetes a través de la conexión DSL a la red IP de los :abbr:`ISP (Proveedores de Servicios de Internet)`, y de allí al resto de Internet. Un libro de redes de 2005 señaló que &quot;la mayoría de los proveedores de DSL usan PPPoE, que proporciona autenticación, cifrado y compresión&quot;. El uso típico de PPPoE implica aprovechar las instalaciones de PPP para autenticar al usuario con un nombre de usuario y una contraseña, principalmente a través del protocolo PAP y, con menos frecuencia, a través de CHAP."
@@ -18706,28 +17895,13 @@ msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementat
msgstr ":abbr:`RPS (Receive Packet Steering)` es lógicamente una implementación de software de :abbr:`RSS (Receive Side Scaling)`. Al estar en el software, necesariamente se llama más adelante en la ruta de datos. Mientras que RSS selecciona la cola y, por lo tanto, la CPU que ejecutará el controlador de interrupciones de hardware, RPS selecciona la CPU para realizar el procesamiento del protocolo por encima del controlador de interrupciones. Esto se logra colocando el paquete en la cola de trabajos pendientes de la CPU deseada y activando la CPU para su procesamiento. RPS tiene algunas ventajas sobre RSS:"
#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
msgid ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
msgstr ":abbr:`SLAAC (Configuración automática de direcciones sin estado)` :rfc:`4862`. Los hosts IPv6 pueden configurarse automáticamente cuando se conectan a una red IPv6 utilizando el Protocolo de detección de vecinos a través de los mensajes de detección del enrutador :abbr:`ICMPv6 (Protocolo de mensajes de control de Internet versión 6)`. Cuando se conecta por primera vez a una red, un host envía una solicitud de multidifusión de solicitud de enrutador de enlace local para sus parámetros de configuración; los enrutadores responden a dicha solicitud con un paquete de anuncio de enrutador que contiene parámetros de configuración de la capa de Internet."
+#: ../../configuration/nat/nat64.rst:28
+msgid ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+msgstr ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+
#: ../../configuration/nat/nat44.rst:78
msgid ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
msgstr ":abbr:`SNAT (Traducción de dirección de red de origen)` es la forma más común de :abbr:`NAT (Traducción de dirección de red)` y normalmente se denomina simplemente NAT. Para ser más correctos, lo que la mayoría de la gente llama :abbr:`NAT (traducción de direcciones de red)` es en realidad el proceso de :abbr:`PAT (traducción de direcciones de puerto)`, o sobrecarga de NAT. Los usuarios internos/hosts privados suelen utilizar SNAT para acceder a Internet: la dirección de origen se traduce y, por lo tanto, se mantiene privada."
@@ -18877,25 +18051,10 @@ msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
msgstr ":ref:`routing-static`: ``establecer nombre vrf<name> protocolos estáticos ...``"
#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
msgstr ":rfc:`2131` estados: El cliente PUEDE optar por proporcionar explícitamente el identificador a través de la opción &#39;identificador de cliente&#39;. Si el cliente proporciona un &#39;identificador de cliente&#39;, el cliente DEBE usar el mismo &#39;identificador de cliente&#39; en todos los mensajes subsiguientes, y el servidor DEBE usar ese identificador para identificar al cliente."
-#: ../../configuration/service/dns.rst:217
+#: ../../configuration/service/dns.rst:230
msgid ":rfc:`2136` Based"
msgstr ":rfc:`2136` Basado"
@@ -18923,7 +18082,7 @@ msgstr "`3. Agregue una ruta completa al script`_"
msgid "`4. Add optional parameters`_"
msgstr "`4. Añadir parámetros opcionales`_"
-#: ../../configuration/service/dhcp-server.rst:189
+#: ../../configuration/service/dhcp-server.rst:154
msgid "`<name>` must be identical on both sides!"
msgstr "`<name> ` debe ser idéntico en ambos lados!"
@@ -18952,42 +18111,10 @@ msgid "``-`` failed"
msgstr "``-`` falló"
#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
msgid "``/config/scripts/dhcp-client/post-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/post-hooks.d/``"
#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
msgid "``/config/scripts/dhcp-client/pre-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/pre-hooks.d/``"
@@ -19063,6 +18190,10 @@ msgstr "``4800`` - 4800 bps"
msgid "``57600`` - 57,600 bps"
msgstr "``57600`` - 57,600 bps"
+#: ../../configuration/nat/nat64.rst:31
+msgid "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+
#: ../../configuration/interfaces/bonding.rst:43
msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
msgstr "``802.3ad`` - Agregación de enlaces dinámicos IEEE 802.3ad. Crea grupos de agregación que comparten la misma configuración de velocidad y dúplex. Utiliza todos los esclavos en el agregador activo según la especificación 802.3ad."
@@ -19095,15 +18226,17 @@ msgstr "``a`` - 802.11a - 54 Mbits/seg"
msgid "``ac`` - 802.11ac - 1300 Mbits/sec"
msgstr "``ac`` - 802.11ac - 1300 Mbits/seg"
-#: ../../configuration/policy/route-map.rst:373
+#: ../../configuration/policy/route-map.rst:375
msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
msgstr "``accept-own-nexthop`` - Las comunidades conocidas valoran accept-own-nexthop 0xFFFF0008"
-#: ../../configuration/policy/route-map.rst:366
+#: ../../configuration/policy/route-map.rst:368
msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
msgstr "``accept-own`` - Valor de comunidades conocidas ACCEPT_OWN 0xFFFF0001"
-#: ../../configuration/firewall/general.rst:334
+#: ../../configuration/firewall/bridge.rst:72
+#: ../../configuration/firewall/ipv4.rst:88
+#: ../../configuration/firewall/ipv6.rst:88
msgid "``accept``: accept the packet."
msgstr "``accept``: accept the packet."
@@ -19135,7 +18268,7 @@ msgstr "``todas disponibles`` todas las direcciones de destino de verificación
msgid "``any-available`` any of the checking target addresses must be available to pass this check"
msgstr "``cualquiera disponible`` cualquiera de las direcciones de destino de verificación debe estar disponible para pasar esta verificación"
-#: ../../configuration/vpn/site2site_ipsec.rst:376
+#: ../../configuration/vpn/site2site_ipsec.rst:385
msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
msgstr "``authentication local-id/remote-id``: la identificación de IKE se utiliza para la validación de los dispositivos del mismo nivel de VPN durante la negociación de IKE. Si no configura la identidad local/remota, el dispositivo utiliza la dirección IPv4 o IPv6 que corresponde al par local/remoto de forma predeterminada. En ciertas configuraciones de red (como la interfaz ipsec con dirección dinámica o detrás de NAT), la ID de IKE recibida del par no coincide con la puerta de enlace IKE configurada en el dispositivo. Esto puede conducir a una falla de validación de Fase 1. Por lo tanto, asegúrese de configurar la identificación local/remota explícitamente y asegúrese de que la identificación IKE sea la misma que la identidad remota configurada en el dispositivo par."
@@ -19163,7 +18296,7 @@ msgstr "``bgp`` - Protocolo de puerta de enlace fronteriza (BGP)"
msgid "``bind`` - select a VTI interface to bind to this peer;"
msgstr "``bind``: seleccione una interfaz VTI para vincular a este par;"
-#: ../../configuration/policy/route-map.rst:374
+#: ../../configuration/policy/route-map.rst:376
msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
msgstr "``blackhole`` - Las comunidades conocidas valoran BLACKHOLE 0xFFFF029A"
@@ -19191,7 +18324,7 @@ msgstr "``cert-file``: archivo de certificado, que se usará para autenticar el
msgid "``clear`` set action to clear;"
msgstr "``borrar`` establece la acción para borrar;"
-#: ../../configuration/vpn/site2site_ipsec.rst:402
+#: ../../configuration/vpn/site2site_ipsec.rst:411
msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
msgstr "``cierre-acción = ninguno | claro | espera | restart`` - define la acción a tomar si el par remoto cierra inesperadamente un CHILD_SA (ver arriba para el significado de los valores). No se debe usar una acción de cierre si el par usa reautenticación o identificadores únicos."
@@ -19215,6 +18348,12 @@ msgstr "``conectado`` - Rutas conectadas (subred o host conectado directamente)"
msgid "``connection-type`` - how to handle this connection process. Possible variants:"
msgstr "``tipo de conexión``: cómo manejar este proceso de conexión. Posibles variantes:"
+#: ../../configuration/firewall/bridge.rst:74
+#: ../../configuration/firewall/ipv4.rst:90
+#: ../../configuration/firewall/ipv6.rst:90
+msgid "``continue``: continue parsing next rule."
+msgstr "``continue``: continue parsing next rule."
+
#: ../../configuration/vpn/site2site_ipsec.rst:62
msgid "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
msgstr "``crl-file`` - archivo con la Lista de Revocación de Certificados. Uso para verificar si un certificado para el par remoto es válido o revocado;"
@@ -19223,7 +18362,7 @@ msgstr "``crl-file`` - archivo con la Lista de Revocación de Certificados. Uso
msgid "``d`` - Execution interval in days"
msgstr "``d`` - Intervalo de ejecución en días"
-#: ../../configuration/vpn/site2site_ipsec.rst:391
+#: ../../configuration/vpn/site2site_ipsec.rst:400
msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
msgstr "``acción de detección de pares muertos = borrar | espera | reiniciar``: los mensajes de notificación R_U_THERE (IKEv1) o los mensajes INFORMATIVOS vacíos (IKEv2) se envían periódicamente para verificar la actividad del par IPsec. Los valores borrar, mantener y reiniciar activan DPD y determinan la acción a realizar en un tiempo de espera. Con ``clear`` la conexión se cierra sin que se realicen más acciones. ``hold`` instala una política de captura, que capturará el tráfico coincidente e intentará renegociar la conexión a pedido. ``reiniciar`` activará inmediatamente un intento de renegociar la conexión."
@@ -19255,7 +18394,7 @@ msgstr "``dhcp-interface``: use una dirección IP, recibida de DHCP para la cone
msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
-#: ../../configuration/vpn/site2site_ipsec.rst:387
+#: ../../configuration/vpn/site2site_ipsec.rst:396
msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
msgstr "``disable-route-autoinstall``: esta opción, cuando se configura, deshabilita las rutas instaladas en la tabla predeterminada 220 para ipsec de sitio a sitio. Se utiliza sobre todo con la configuración de VTI."
@@ -19279,7 +18418,9 @@ msgstr "``disable`` deshabilita la compresión IPComp (predeterminado);"
msgid "``disable`` disable MOBIKE;"
msgstr "``deshabilitar`` deshabilitar MOBIKE;"
-#: ../../configuration/firewall/general.rst:336
+#: ../../configuration/firewall/bridge.rst:76
+#: ../../configuration/firewall/ipv4.rst:92
+#: ../../configuration/firewall/ipv6.rst:92
msgid "``drop``: drop the packet."
msgstr "``drop``: drop the packet."
@@ -19347,6 +18488,10 @@ msgstr "``archivo`` - ruta al archivo clave;"
msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
msgstr "``flexvpn`` Permitir carga útil de ID de proveedor de FlexVPN (solo IKEv2). Envíe la carga útil del ID del proveedor de Cisco FlexVPN (solo IKEv2), que se requiere para que los dispositivos de la marca Cisco permitan negociar un selector de tráfico local (desde el punto de vista de strongSwan) que no es la dirección IP virtual asignada si dicha dirección es solicitada por Cisne fuerte. El envío del Id. de proveedor de Cisco FlexVPN evita que el par limite el selector de tráfico local del iniciador y le permite, por ejemplo, negociar un TS de 0.0.0.0/0 == 0.0.0.0/0 en su lugar. Esto se probó con una plantilla de Cisco de &quot;modo túnel ipsec ipv4&quot;, pero también debería funcionar para la encapsulación GRE;"
+#: ../../configuration/vpn/ipsec.rst:164
+msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+
#: ../../configuration/vpn/site2site_ipsec.rst:97
msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
msgstr "``force-udp-encapsulation`` - fuerza la encapsulación de ESP en datagramas UDP. Útil en caso de que entre el lado local y el remoto haya un cortafuegos o NAT, que no permite pasar paquetes ESP sin formato entre ellos;"
@@ -19355,7 +18500,7 @@ msgstr "``force-udp-encapsulation`` - fuerza la encapsulación de ESP en datagra
msgid "``g`` - 802.11g - 54 Mbits/sec (default)"
msgstr "``g`` - 802.11g - 54 Mbits/seg (predeterminado)"
-#: ../../configuration/policy/route-map.rst:365
+#: ../../configuration/policy/route-map.rst:367
msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
msgstr "``graceful-shutdown`` - Comunidades conocidas valoran GRACEFUL_SHUTDOWN 0xFFFF0000"
@@ -19435,7 +18580,7 @@ msgstr "``interfaz`` Nombre de interfaz a utilizar. El nombre de la interfaz en
msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
msgstr "``interfaz`` se usa para que el comando VyOS CLI identifique la interfaz de WireGuard donde se usará esta clave privada."
-#: ../../configuration/policy/route-map.rst:364
+#: ../../configuration/policy/route-map.rst:366
msgid "``internet`` - Well-known communities value 0"
msgstr "``internet`` - Comunidades conocidas valor 0"
@@ -19447,7 +18592,9 @@ msgstr "``interval`` intervalo de actividad en segundos &lt;2-86400&gt; (predete
msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)"
msgstr "``isis`` - Sistema intermedio a sistema intermedio (IS-IS)"
-#: ../../configuration/firewall/general.rst:340
+#: ../../configuration/firewall/bridge.rst:78
+#: ../../configuration/firewall/ipv4.rst:96
+#: ../../configuration/firewall/ipv6.rst:96
msgid "``jump``: jump to another custom chain."
msgstr "``jump``: jump to another custom chain."
@@ -19469,6 +18616,10 @@ msgstr "``latency``: un perfil de servidor centrado en reducir la latencia de la
#: ../../configuration/loadbalancing/reverse-proxy.rst:108
msgid "``least-connection`` Distributes requests to the server with the fewest active connections"
+msgstr "``least-connection`` Distributes requests to the server with the fewest active connections"
+
+#: ../../configuration/loadbalancing/reverse-proxy.rst:108
+msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
msgstr "``least-connection`` Distribuye las solicitudes al servidor con la menor cantidad de conexiones activas"
#: ../../configuration/vpn/ipsec.rst:125
@@ -19491,7 +18642,7 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);"
msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
msgstr "Vida útil de ``lifetime`` IKE en segundos &lt;30-86400&gt; (predeterminado 28800);"
-#: ../../configuration/policy/route-map.rst:371
+#: ../../configuration/policy/route-map.rst:373
msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
msgstr "``llgr-stale`` - Comunidades conocidas valoran LLGR_STALE 0xFFFF0006"
@@ -19499,7 +18650,7 @@ msgstr "``llgr-stale`` - Comunidades conocidas valoran LLGR_STALE 0xFFFF0006"
msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
msgstr "``local-address``: dirección IP local para la conexión IPSec con este par. Si se define ``cualquiera``, entonces se usará una dirección IP que se configuró en la interfaz con la ruta predeterminada;"
-#: ../../configuration/policy/route-map.rst:361
+#: ../../configuration/policy/route-map.rst:363
msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
msgstr "``local-as`` - Comunidades conocidas valoran NO_EXPORT_SUBCONFED 0xFFFFFF03"
@@ -19564,78 +18715,62 @@ msgid "``n`` - 802.11n - 600 Mbits/sec"
msgstr "``n`` - 802.11n - 600 Mbits/seg"
#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
msgstr "``nombre`` se usa para que el comando CLI de VyOS identifique esta clave. Esta clave ``nombre`` se usa luego en la configuración de la CLI para hacer referencia a la instancia de la clave."
-#: ../../configuration/firewall/general.rst:142
-#: ../../configuration/firewall/general-legacy.rst:93
+#: ../../configuration/firewall/global-options.rst:79
msgid "``net.ipv4.conf.all.accept_redirects``"
msgstr "``net.ipv4.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:132
-#: ../../configuration/firewall/general-legacy.rst:84
+#: ../../configuration/firewall/global-options.rst:69
msgid "``net.ipv4.conf.all.accept_source_route``"
msgstr "``net.ipv4.conf.all.accept_source_route``"
-#: ../../configuration/firewall/general.rst:157
-#: ../../configuration/firewall/general-legacy.rst:108
+#: ../../configuration/firewall/global-options.rst:94
msgid "``net.ipv4.conf.all.log_martians``"
msgstr "``net.ipv4.conf.all.log_martians``"
-#: ../../configuration/firewall/general.rst:165
-#: ../../configuration/firewall/general-legacy.rst:115
+#: ../../configuration/firewall/global-options.rst:102
msgid "``net.ipv4.conf.all.rp_filter``"
msgstr "``net.ipv4.conf.all.rp_filter``"
-#: ../../configuration/firewall/general.rst:150
-#: ../../configuration/firewall/general-legacy.rst:101
+#: ../../configuration/firewall/global-options.rst:87
msgid "``net.ipv4.conf.all.send_redirects``"
msgstr "``net.ipv4.conf.all.send_redirects``"
-#: ../../configuration/firewall/general.rst:124
-#: ../../configuration/firewall/general-legacy.rst:76
+#: ../../configuration/firewall/global-options.rst:61
msgid "``net.ipv4.icmp_echo_ignore_broadcasts``"
msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``"
-#: ../../configuration/firewall/general.rst:180
-#: ../../configuration/firewall/general-legacy.rst:129
+#: ../../configuration/firewall/global-options.rst:117
msgid "``net.ipv4.tcp_rfc1337``"
msgstr "``net.ipv4.tcp_rfc1337&#39;&#39;"
-#: ../../configuration/firewall/general.rst:172
-#: ../../configuration/firewall/general-legacy.rst:122
+#: ../../configuration/firewall/global-options.rst:109
msgid "``net.ipv4.tcp_syncookies``"
msgstr "``net.ipv4.tcp_syncookies``"
-#: ../../configuration/firewall/general.rst:143
-#: ../../configuration/firewall/general-legacy.rst:94
+#: ../../configuration/firewall/global-options.rst:80
msgid "``net.ipv6.conf.all.accept_redirects``"
msgstr "``net.ipv6.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:133
-#: ../../configuration/firewall/general-legacy.rst:85
+#: ../../configuration/firewall/global-options.rst:70
msgid "``net.ipv6.conf.all.accept_source_route``"
msgstr "``net.ipv6.conf.all.accept_source_route``"
-#: ../../configuration/policy/route-map.rst:362
+#: ../../configuration/policy/route-map.rst:364
msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
msgstr "``no-advertise`` - Comunidades conocidas valoran NO_ADVERTISE 0xFFFFFF02"
-#: ../../configuration/policy/route-map.rst:363
+#: ../../configuration/policy/route-map.rst:365
msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
msgstr "``no-export`` - Comunidades conocidas valoran NO_EXPORT 0xFFFFFF01"
-#: ../../configuration/policy/route-map.rst:372
+#: ../../configuration/policy/route-map.rst:374
msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
msgstr "``no-llgr`` - Comunidades conocidas valoran NO_LLGR 0xFFFF0007"
-#: ../../configuration/policy/route-map.rst:375
+#: ../../configuration/policy/route-map.rst:377
msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
msgstr "``no-peer`` - Las comunidades conocidas valoran NOPEER 0xFFFFFF04"
@@ -19740,7 +18875,9 @@ msgstr "``protocolo``: defina el protocolo para el tráfico de coincidencias, qu
msgid "``psk`` - Preshared secret key name:"
msgstr "``psk`` - Nombre de la clave secreta precompartida:"
-#: ../../configuration/firewall/general.rst:345
+#: ../../configuration/firewall/bridge.rst:83
+#: ../../configuration/firewall/ipv4.rst:101
+#: ../../configuration/firewall/ipv6.rst:101
msgid "``queue``: Enqueue packet to userspace."
msgstr "``queue``: Enqueue packet to userspace."
@@ -19748,7 +18885,8 @@ msgstr "``queue``: Enqueue packet to userspace."
msgid "``rate``: Number of packets. Default 5."
msgstr "``tasa``: Número de paquetes. Predeterminado 5."
-#: ../../configuration/firewall/general.rst:338
+#: ../../configuration/firewall/ipv4.rst:94
+#: ../../configuration/firewall/ipv6.rst:94
msgid "``reject``: reject the packet."
msgstr "``reject``: reject the packet."
@@ -19781,7 +18919,9 @@ msgstr "``responder``: no intenta iniciar una conexión con un compañero remoto
msgid "``restart`` set action to restart;"
msgstr "``restart`` establece la acción para reiniciar;"
-#: ../../configuration/firewall/general.rst:342
+#: ../../configuration/firewall/bridge.rst:80
+#: ../../configuration/firewall/ipv4.rst:98
+#: ../../configuration/firewall/ipv6.rst:98
msgid "``return``: Return from the current chain and continue at the next rule of the last chain."
msgstr "``return``: Return from the current chain and continue at the next rule of the last chain."
@@ -19801,19 +18941,19 @@ msgstr "``round-robin`` - Política de round-robin: transmite paquetes en orden
msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
msgstr "``round-robin`` Distribuye solicitudes de manera circular, enviando secuencialmente cada solicitud al siguiente servidor en línea"
-#: ../../configuration/policy/route-map.rst:367
+#: ../../configuration/policy/route-map.rst:369
msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
msgstr "``route-filter-translated-v4`` - Comunidades conocidas valoran ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
-#: ../../configuration/policy/route-map.rst:369
+#: ../../configuration/policy/route-map.rst:371
msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
msgstr "``route-filter-translated-v6`` - Comunidades conocidas valoran ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
-#: ../../configuration/policy/route-map.rst:368
+#: ../../configuration/policy/route-map.rst:370
msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
msgstr "``route-filter-v4`` - Comunidades conocidas valoran ROUTE_FILTER_v4 0xFFFF0003"
-#: ../../configuration/policy/route-map.rst:370
+#: ../../configuration/policy/route-map.rst:372
msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
msgstr "``route-filter-v6`` - Comunidades conocidas valoran ROUTE_FILTER_v6 0xFFFF0005"
@@ -19829,6 +18969,31 @@ msgstr "``rsa``: use una clave RSA compartida simple. La clave debe definirse en
msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
msgstr "``secret`` - secreto compartido predefinido. Se usa si está configurado el modo ``pre-shared-secret``;"
+#: ../../configuration/firewall/index.rst:90
+msgid "``set firewall bridge forward filter ...``."
+msgstr "``set firewall bridge forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:61
+msgid "``set firewall ipv4 forward filter ...``."
+msgstr "``set firewall ipv4 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:72
+msgid "``set firewall ipv4 input filter ...``."
+msgstr "``set firewall ipv4 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:63
+msgid "``set firewall ipv6 forward filter ...``."
+msgstr "``set firewall ipv6 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:56
+msgid "``set firewall ipv6 input filter ...``."
+msgstr "``set firewall ipv6 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:74
+msgid "``set firewall ipv6 output filter ...``."
+msgstr "``set firewall ipv6 output filter ...``."
+
#: ../../configuration/interfaces/wireless.rst:238
msgid "``single-user-beamformee`` - Support for operation as single user beamformee"
msgstr "``single-user-beamformee`` - Soporte para la operación como beamformee de un solo usuario"
@@ -19877,7 +19042,8 @@ msgstr "``static`` - Rutas configuradas estáticamente"
msgid "``station`` - Connects to another access point"
msgstr "``estación`` - Se conecta a otro punto de acceso"
-#: ../../configuration/firewall/general.rst:347
+#: ../../configuration/firewall/ipv4.rst:103
+#: ../../configuration/firewall/ipv6.rst:103
msgid "``synproxy``: synproxy the packet."
msgstr "``synproxy``: synproxy the packet."
@@ -19961,10 +19127,18 @@ msgstr "``tipo``: Especifique el tipo de prueba. el tipo puede ser ping, ttl o u
msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
msgstr "``use-x509-id``: use la identificación local del certificado x509. No se puede usar cuando se define ``id``;"
+#: ../../configuration/vpn/site2site_ipsec.rst:152
+msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+
#: ../../configuration/vpn/ipsec.rst:168
msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
msgstr "``virtual-ip`` Permitir la instalación de direcciones IP virtuales. Lista separada por comas de direcciones IP virtuales para solicitar en cargas útiles de configuración IKEv2 o configuración de modo IKEv1. Las direcciones comodín 0.0.0.0 y :: solicitan una dirección arbitraria, se pueden definir direcciones específicas. Sin embargo, el respondedor puede devolver una dirección diferente o ninguna."
+#: ../../configuration/vpn/ipsec.rst:168
+msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+
#: ../../configuration/policy/route-map.rst:175
msgid "``vnc`` - Virtual Network Control (VNC)"
msgstr "``vnc`` - Control de red virtual (VNC)"
@@ -19993,7 +19167,7 @@ msgstr "``yes`` habilita la reautenticación del host remoto durante un cambio d
msgid "`source-address` and `source-interface` can not be used at the same time."
msgstr "`source-address` y `source-interface` no se pueden usar al mismo tiempo."
-#: ../../configuration/protocols/rpki.rst:16
+#: ../../configuration/protocols/rpki.rst:12
msgid "`tweet by EvilMog`_, 2020-02-21"
msgstr "`tweet de EvilMog`_, 2020-02-21"
@@ -20005,8 +19179,8 @@ msgstr "una prueba de ancho de banda sobre la VPN obtuvo estos resultados:"
msgid "a blank indicates that no test has been carried out"
msgstr "un espacio en blanco indica que no se ha realizado ninguna prueba"
-#: ../../configuration/nat/nat44.rst:728
-#: ../../configuration/nat/nat44.rst:733
+#: ../../configuration/nat/nat44.rst:750
+#: ../../configuration/nat/nat44.rst:755
msgid "aes256 Encryption"
msgstr "Cifrado aes256"
@@ -20020,7 +19194,7 @@ msgstr "Alerta"
msgid "all"
msgstr "todo"
-#: ../../configuration/vrf/index.rst:426
+#: ../../configuration/vrf/index.rst:428
msgid "an RD / RTLIST"
msgstr "un RD / RTLIST"
@@ -20052,27 +19226,31 @@ msgstr "auto - la configuración dúplex de la interfaz se negocia automáticame
msgid "auto - interface speed is auto-negotiated"
msgstr "auto - la velocidad de la interfaz se negocia automáticamente"
+#: ../../configuration/system/frr.rst:32
+msgid "bgpd"
+msgstr "bgpd"
+
#: ../../configuration/service/router-advert.rst:13
msgid "bonding"
msgstr "unión"
-#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:305
msgid "boot-size"
msgstr "tamaño de bota"
-#: ../../configuration/service/dhcp-server.rst:331
+#: ../../configuration/service/dhcp-server.rst:298
msgid "bootfile-name"
msgstr "bootfile-name"
-#: ../../configuration/service/dhcp-server.rst:333
+#: ../../configuration/service/dhcp-server.rst:300
msgid "bootfile-name, filename"
msgstr "bootfile-name, nombre de archivo"
-#: ../../configuration/service/dhcp-server.rst:321
+#: ../../configuration/service/dhcp-server.rst:288
msgid "bootfile-server"
msgstr "servidor de archivos de arranque"
-#: ../../configuration/service/dhcp-server.rst:336
+#: ../../configuration/service/dhcp-server.rst:303
msgid "bootfile-size"
msgstr "tamaño del archivo de arranque"
@@ -20080,7 +19258,7 @@ msgstr "tamaño del archivo de arranque"
msgid "bridge"
msgstr "Puente"
-#: ../../configuration/service/dhcp-server.rst:269
+#: ../../configuration/service/dhcp-server.rst:236
msgid "client-prefix-length"
msgstr "cliente-prefijo-longitud"
@@ -20112,11 +19290,11 @@ msgstr "demonio"
msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
msgstr "ddclient_ tiene otra forma de determinar la dirección IP de WAN. Esto es controlado por:"
-#: ../../configuration/service/dns.rst:205
+#: ../../configuration/service/dns.rst:218
msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
msgstr "ddclient_ utiliza dos métodos para actualizar un registro DNS. El primero enviará actualizaciones directamente al demonio DNS, de conformidad con :rfc:`2136`. El segundo implica un servicio de terceros, como DynDNS.com o cualquier otro sitio web similar. Este método utiliza solicitudes HTTP para transmitir la nueva dirección IP. Puede configurar ambos en VyOS."
-#: ../../configuration/service/dns.rst:400
+#: ../../configuration/service/dns.rst:413
msgid "ddclient_ will skip any address located before the string set in `<pattern>`."
msgstr "ddclient_ omitirá cualquier dirección ubicada antes de la cadena establecida en `<pattern> `."
@@ -20128,7 +19306,7 @@ msgstr "Depurar"
msgid "decrement-lifetime"
msgstr "decremento-vida útil"
-#: ../../configuration/service/dhcp-server.rst:368
+#: ../../configuration/service/dhcp-server.rst:335
msgid "default-lease-time, max-lease-time"
msgstr "tiempo de arrendamiento predeterminado, tiempo de arrendamiento máximo"
@@ -20140,7 +19318,7 @@ msgstr "vida útil predeterminada"
msgid "default-preference"
msgstr "preferencia predeterminada"
-#: ../../configuration/service/dhcp-server.rst:281
+#: ../../configuration/service/dhcp-server.rst:248
msgid "default-router"
msgstr "enrutador predeterminado"
@@ -20156,7 +19334,7 @@ msgstr "prefijo obsoleto"
msgid "destination-hashing"
msgstr "hash de destino"
-#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:285
msgid "dhcp-server-identifier"
msgstr "dhcp-servidor-identificador"
@@ -20168,28 +19346,9 @@ msgstr "Directo"
msgid "directory"
msgstr "directorio"
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/pppoe.rst:241
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/sstp-client.rst:113
#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
msgid "disable: No source validation"
msgstr "deshabilitar: sin validación de fuente"
@@ -20197,17 +19356,17 @@ msgstr "deshabilitar: sin validación de fuente"
msgid "dnssl"
msgstr "DNSSL"
-#: ../../configuration/service/dhcp-server.rst:296
-#: ../../configuration/service/dhcp-server.rst:298
+#: ../../configuration/service/dhcp-server.rst:263
+#: ../../configuration/service/dhcp-server.rst:265
msgid "domain-name"
msgstr "nombre de dominio"
-#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:260
msgid "domain-name-servers"
msgstr "servidores de nombres de dominio"
-#: ../../configuration/service/dhcp-server.rst:351
-#: ../../configuration/service/dhcp-server.rst:353
+#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:320
msgid "domain-search"
msgstr "búsqueda de dominio"
@@ -20215,7 +19374,7 @@ msgstr "búsqueda de dominio"
msgid "emerg"
msgstr "emergente"
-#: ../../configuration/firewall/general.rst:147
+#: ../../configuration/firewall/global-options.rst:84
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
@@ -20223,13 +19382,11 @@ msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following sy
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "habilitar o deshabilitar los mensajes de redirección ICMPv4 enviados por VyOS Se modificará el siguiente parámetro del sistema:"
-#: ../../configuration/firewall/general.rst:139
-#: ../../configuration/firewall/general-legacy.rst:90
+#: ../../configuration/firewall/global-options.rst:76
msgid "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
msgstr "habilite o deshabilite los mensajes de redirección ICMPv4 o ICMPv6 aceptados por VyOS. Se modificará el siguiente parámetro del sistema:"
-#: ../../configuration/firewall/general.rst:154
-#: ../../configuration/firewall/general-legacy.rst:105
+#: ../../configuration/firewall/global-options.rst:91
msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
msgstr "habilitar o deshabilitar el registro de paquetes IPv4 marcianos. Se modificará el siguiente parámetro del sistema:"
@@ -20245,11 +19402,11 @@ msgstr "ethernet"
msgid "exact-match: exact match of the network prefixes."
msgstr "coincidencia exacta: coincidencia exacta de los prefijos de red."
-#: ../../configuration/service/dhcp-server.rst:376
+#: ../../configuration/service/dhcp-server.rst:343
msgid "exclude"
msgstr "Excluir"
-#: ../../configuration/service/dhcp-server.rst:381
+#: ../../configuration/service/dhcp-server.rst:348
msgid "failover"
msgstr "conmutación por error"
@@ -20318,11 +19475,15 @@ msgstr "INVÁLIDO"
msgid "inverse-match: network/netmask to match (requires network be defined)."
msgstr "coincidencia inversa: red/máscara de red para coincidir (requiere que se defina la red)."
-#: ../../configuration/service/dhcp-server.rst:301
-#: ../../configuration/service/dhcp-server.rst:303
+#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:270
msgid "ip-forwarding"
msgstr "reenvío de ip"
+#: ../../configuration/system/frr.rst:33
+msgid "isisd"
+msgstr "isisd"
+
#: ../../configuration/interfaces/ethernet.rst:90
msgid "it can be used with any NIC,"
msgstr "se puede usar con cualquier NIC,"
@@ -20339,7 +19500,11 @@ msgstr "núcleo"
msgid "l2tpv3"
msgstr "L2TPv3"
-#: ../../configuration/service/dhcp-server.rst:366
+#: ../../configuration/system/frr.rst:34
+msgid "ldpd"
+msgstr "ldpd"
+
+#: ../../configuration/service/dhcp-server.rst:333
msgid "lease"
msgstr "Alquiler"
@@ -20347,19 +19512,19 @@ msgstr "Alquiler"
msgid "least-connection"
msgstr "mínima conexión"
-#: ../../configuration/vpn/site2site_ipsec.rst:271
+#: ../../configuration/vpn/site2site_ipsec.rst:275
msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
msgstr "izquierda local_ip: 192.168.0.10 # VPN Gateway, detrás del dispositivo NAT"
-#: ../../configuration/vpn/site2site_ipsec.rst:163
+#: ../../configuration/vpn/site2site_ipsec.rst:167
msgid "left local_ip: `198.51.100.3` # server side WAN IP"
msgstr "left local_ip: `198.51.100.3` # IP WAN del lado del servidor"
-#: ../../configuration/vpn/site2site_ipsec.rst:272
+#: ../../configuration/vpn/site2site_ipsec.rst:276
msgid "left public_ip:172.18.201.10"
msgstr "izquierda public_ip:172.18.201.10"
-#: ../../configuration/vpn/site2site_ipsec.rst:161
+#: ../../configuration/vpn/site2site_ipsec.rst:165
msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
msgstr "subred izquierda: `192.168.0.0/24` site1, lado del servidor (es decir, localidad, en realidad no hay roles de cliente o servidor)"
@@ -20439,28 +19604,9 @@ msgstr "logalert"
msgid "logaudit"
msgstr "auditoría de registro"
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/pppoe.rst:237
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/sstp-client.rst:109
#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
msgstr "suelto: la dirección de origen de cada paquete entrante también se prueba con la FIB y, si no se puede acceder a la dirección de origen a través de ninguna interfaz, la verificación del paquete fallará."
@@ -20472,7 +19618,15 @@ msgstr "lpr"
msgid "mDNS Repeater"
msgstr "Repetidor mDNS"
-#: ../../configuration/service/mdns.rst:28
+#: ../../configuration/service/mdns.rst:38
+msgid "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+msgstr "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+
+#: ../../configuration/service/mdns.rst:33
+msgid "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+
+#: ../../configuration/service/mdns.rst:29
msgid "mDNS repeater can be temporarily disabled without deleting the service using"
msgstr "El repetidor mDNS se puede deshabilitar temporalmente sin eliminar el servicio usando"
@@ -20512,12 +19666,12 @@ msgstr "más información relacionada con IGP - :ref:`routing-isis`"
msgid "more information related IGP - :ref:`routing-ospf`"
msgstr "más información relacionada con IGP - :ref:`routing-ospf`"
-#: ../../configuration/service/dhcp-server.rst:291
+#: ../../configuration/service/dhcp-server.rst:258
#: ../../configuration/service/router-advert.rst:1
msgid "name-server"
msgstr "nombre del servidor"
-#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:280
msgid "netbios-name-servers"
msgstr "servidores de nombres netbios"
@@ -20533,7 +19687,7 @@ msgstr "red: red/máscara de red para hacer coincidir (requiere que se defina la
msgid "news"
msgstr "Novedades"
-#: ../../configuration/service/dhcp-server.rst:323
+#: ../../configuration/service/dhcp-server.rst:290
msgid "next-server"
msgstr "próximo servidor"
@@ -20557,11 +19711,11 @@ msgstr "Aviso"
msgid "ntp"
msgstr "NTP"
-#: ../../configuration/service/dhcp-server.rst:306
+#: ../../configuration/service/dhcp-server.rst:273
msgid "ntp-server"
msgstr "servidor ntp"
-#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:275
msgid "ntp-servers"
msgstr "servidores ntp"
@@ -20573,6 +19727,14 @@ msgstr "una regla con una LAN (interfaz de entrada) y la WAN (interfaz)."
msgid "openvpn"
msgstr "OpenVPN"
+#: ../../configuration/system/frr.rst:35
+msgid "ospf6d"
+msgstr "ospf6d"
+
+#: ../../configuration/system/frr.rst:36
+msgid "ospfd"
+msgstr "ospfd"
+
#: ../../configuration/protocols/ospf.rst:207
msgid "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
msgstr "ospfd admite Opaque LSA :rfc:`2370` como soporte parcial para MPLS Traffic Engineering LSA. La capacidad opaque-lsa debe estar habilitada en la configuración."
@@ -20601,8 +19763,8 @@ msgstr "política extcommunity-list"
msgid "policy large-community-list"
msgstr "política lista-comunidad-grande"
-#: ../../configuration/service/dhcp-server.rst:346
-#: ../../configuration/service/dhcp-server.rst:348
+#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:315
msgid "pop-server"
msgstr "servidor pop"
@@ -20619,8 +19781,8 @@ msgstr "lista de prefijos, lista de distribución"
msgid "pseudo-ethernet"
msgstr "pseudo-ethernet"
-#: ../../configuration/service/dhcp-server.rst:371
-#: ../../configuration/service/dhcp-server.rst:373
+#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:340
msgid "range"
msgstr "Distancia"
@@ -20636,7 +19798,7 @@ msgstr "Restablecer comandos"
msgid "retrans-timer"
msgstr "retrans-temporizador"
-#: ../../configuration/service/dhcp-server.rst:358
+#: ../../configuration/service/dhcp-server.rst:325
msgid "rfc3442-static-route, windows-static-route"
msgstr "rfc3442-ruta-estática, ruta-estática-windows"
@@ -20644,18 +19806,22 @@ msgstr "rfc3442-ruta-estática, ruta-estática-windows"
msgid "rfc3768-compatibility"
msgstr "compatibilidad con rfc3768"
-#: ../../configuration/vpn/site2site_ipsec.rst:273
+#: ../../configuration/vpn/site2site_ipsec.rst:277
msgid "right local_ip: 172.18.202.10 # right side WAN IP"
msgstr "right local_ip: 172.18.202.10 # IP WAN del lado derecho"
-#: ../../configuration/vpn/site2site_ipsec.rst:165
+#: ../../configuration/vpn/site2site_ipsec.rst:169
msgid "right local_ip: `203.0.113.2` # remote office side WAN IP"
msgstr "right local_ip: `203.0.113.2` # IP WAN del lado de la oficina remota"
-#: ../../configuration/vpn/site2site_ipsec.rst:164
+#: ../../configuration/vpn/site2site_ipsec.rst:168
msgid "right subnet: `10.0.0.0/24` site2,remote office side"
msgstr "subred derecha: `10.0.0.0/24` site2, lado de la oficina remota"
+#: ../../configuration/system/frr.rst:37
+msgid "ripd"
+msgstr "ripd"
+
#: ../../configuration/highavailability/index.rst:349
msgid "round-robin"
msgstr "todos contra todos"
@@ -20665,7 +19831,7 @@ msgstr "todos contra todos"
msgid "route-map"
msgstr "mapa de ruta"
-#: ../../configuration/service/dhcp-server.rst:283
+#: ../../configuration/service/dhcp-server.rst:250
msgid "routers"
msgstr "enrutadores"
@@ -20682,7 +19848,7 @@ msgstr "sFlow es una tecnología que permite monitorear el tráfico de la red me
msgid "security"
msgstr "Seguridad"
-#: ../../configuration/service/dhcp-server.rst:316
+#: ../../configuration/service/dhcp-server.rst:283
msgid "server-identifier"
msgstr "identificador de servidor"
@@ -20694,8 +19860,8 @@ msgstr "ejemplo de servidor"
msgid "set a destination and/or source address. Accepted input:"
msgstr "establecer una dirección de destino y/o de origen. Entrada aceptada:"
-#: ../../configuration/nat/nat44.rst:729
-#: ../../configuration/nat/nat44.rst:734
+#: ../../configuration/nat/nat44.rst:751
+#: ../../configuration/nat/nat44.rst:756
msgid "sha256 Hashes"
msgstr "sha256 hash"
@@ -20703,7 +19869,7 @@ msgstr "sha256 hash"
msgid "show commands"
msgstr "Mostrar comandos"
-#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:289
msgid "siaddr"
msgstr "ver"
@@ -20711,8 +19877,8 @@ msgstr "ver"
msgid "slow: Request partner to transmit LACPDUs every 30 seconds"
msgstr "lento: solicite al socio que transmita LACPDU cada 30 segundos"
-#: ../../configuration/service/dhcp-server.rst:341
-#: ../../configuration/service/dhcp-server.rst:343
+#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:310
msgid "smtp-server"
msgstr "servidor SMTP"
@@ -20732,40 +19898,21 @@ msgstr "habla01-habla04"
msgid "spoke05"
msgstr "habló05"
-#: ../../configuration/service/dhcp-server.rst:386
+#: ../../configuration/service/dhcp-server.rst:353
msgid "static-mapping"
msgstr "mapeo estático"
-#: ../../configuration/service/dhcp-server.rst:356
+#: ../../configuration/service/dhcp-server.rst:323
msgid "static-route"
msgstr "ruta estática"
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/pppoe.rst:233
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/sstp-client.rst:105
#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
msgstr "estricto: cada paquete entrante se prueba con la FIB y si la interfaz no es la mejor ruta inversa, la verificación del paquete fallará. Por defecto, los paquetes fallidos se descartan."
-#: ../../configuration/service/dhcp-server.rst:271
+#: ../../configuration/service/dhcp-server.rst:238
msgid "subnet-mask"
msgstr "máscara de subred"
@@ -20781,8 +19928,8 @@ msgstr "cola"
msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
msgstr "tc_ es una poderosa herramienta para el control de tráfico que se encuentra en el kernel de Linux. Sin embargo, su configuración a menudo se considera una tarea engorrosa. Afortunadamente, VyOS facilita el trabajo a través de su CLI, mientras usa ``tc`` como backend."
-#: ../../configuration/service/dhcp-server.rst:326
-#: ../../configuration/service/dhcp-server.rst:328
+#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:295
msgid "tftp-server-name"
msgstr "nombre-servidor-tftp"
@@ -20791,16 +19938,16 @@ msgstr "nombre-servidor-tftp"
msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
msgstr "esta opción permite configurar prefix-sid en SR. El &#39;no-php-flag&#39; significa que NO hay aparición de penúltimo salto que permite que el nodo SR solicite a su vecino que no haga estallar la etiqueta. El indicador &#39;explícito-nulo&#39; permite que el nodo SR solicite a su vecino que envíe un paquete IP con la etiqueta EXPLÍCITO-NULO. La opción &#39;n-flag-clear&#39; se puede usar para borrar explícitamente el indicador de nodo que está configurado de forma predeterminada para los SID de prefijo asociados a las direcciones de bucle invertido. Esta opción es necesaria para configurar Anycast-SID."
-#: ../../configuration/service/dhcp-server.rst:275
-#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:242
+#: ../../configuration/service/dhcp-server.rst:244
msgid "time-offset"
msgstr "desplazamiento de tiempo"
-#: ../../configuration/service/dhcp-server.rst:286
+#: ../../configuration/service/dhcp-server.rst:253
msgid "time-server"
msgstr "contemporizador"
-#: ../../configuration/service/dhcp-server.rst:288
+#: ../../configuration/service/dhcp-server.rst:255
msgid "time-servers"
msgstr "servidores de tiempo"
@@ -20861,7 +20008,7 @@ msgstr "round-robin ponderado"
msgid "while a *byte* is written as a single **b**."
msgstr "mientras que un *byte* se escribe como una sola **b**."
-#: ../../configuration/service/dhcp-server.rst:311
+#: ../../configuration/service/dhcp-server.rst:278
msgid "wins-server"
msgstr "gana-servidor"
@@ -20877,14 +20024,18 @@ msgstr "inalámbrico"
msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
msgstr "con :cfgcmd:`establecer la aceleración del sistema qat` en ambos sistemas aumenta el ancho de banda."
-#: ../../configuration/service/dhcp-server.rst:361
+#: ../../configuration/service/dhcp-server.rst:328
msgid "wpad-url"
msgstr "wpad-url"
-#: ../../configuration/service/dhcp-server.rst:363
+#: ../../configuration/service/dhcp-server.rst:330
msgid "wpad-url, wpad-url code 252 = text"
msgstr "wpad-url, wpad-url código 252 = texto"
#: ../../configuration/service/router-advert.rst:23
msgid "wwan"
msgstr "WWAN"
+
+#: ../../configuration/system/frr.rst:38
+msgid "zebra"
+msgstr "zebra"
diff --git a/docs/_locale/es/contributing.pot b/docs/_locale/es/contributing.pot
index 4e8c2ad7..07b516ff 100644
--- a/docs/_locale/es/contributing.pot
+++ b/docs/_locale/es/contributing.pot
@@ -80,8 +80,8 @@ msgstr "Un resumen único y breve de la confirmación (se recomiendan 50 caracte
msgid "Abbreviations and acronyms **must** be capitalized."
msgstr "Las abreviaturas y los acrónimos **deben** estar en mayúscula."
-#: ../../contributing/build-vyos.rst:403
-#: ../../contributing/build-vyos.rst:591
+#: ../../contributing/build-vyos.rst:443
+#: ../../contributing/build-vyos.rst:631
msgid "Accel-PPP"
msgstr "Accel-PPP"
@@ -93,7 +93,7 @@ msgstr "Los acrónimos también **deben** escribirse en mayúscula para distingu
msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
msgstr "Agregue un archivo al índice de Git usando ``git add myfile``, o para un directorio completo: ``git add somedir/*``"
-#: ../../contributing/testing.rst:99
+#: ../../contributing/testing.rst:100
msgid "Add one or more IP addresses"
msgstr "Agregar una o más direcciones IP"
@@ -101,17 +101,17 @@ msgstr "Agregar una o más direcciones IP"
msgid "Address"
msgstr "DIRECCIÓN"
-#: ../../contributing/build-vyos.rst:800
+#: ../../contributing/build-vyos.rst:840
msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
msgstr "Después de uno o dos minutos, encontrará los paquetes DEB generados junto al directorio fuente de vyos-1x:"
-#: ../../contributing/build-vyos.rst:627
-#: ../../contributing/build-vyos.rst:656
-#: ../../contributing/build-vyos.rst:691
+#: ../../contributing/build-vyos.rst:667
+#: ../../contributing/build-vyos.rst:696
+#: ../../contributing/build-vyos.rst:731
msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
msgstr "Después de compilar los paquetes, encontrará los binarios `*.deb` recién generados en ``vyos-build/packages/linux-kernel`` desde los cuales puede copiarlos a la carpeta ``vyos-build/packages`` para inclusión durante la compilación ISO."
-#: ../../contributing/testing.rst:50
+#: ../../contributing/testing.rst:51
msgid "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
msgstr "Después de su primer arranque en el sistema recién instalado, se ejecuta el script principal de Smoketest, se puede encontrar aquí: `/usr/bin/vyos-smoketest`"
@@ -147,23 +147,23 @@ msgstr "Utilice siempre la opción ``-x`` para el comando ``git cherry-pick`` cu
msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
msgstr "Otra ventaja es la capacidad de prueba del código. Burlarse de todo el subsistema de configuración es difícil, mientras que construir una representación interna a mano es mucho más simple."
-#: ../../contributing/build-vyos.rst:702
+#: ../../contributing/build-vyos.rst:742
msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
msgstr "Cualquier paquete &quot;modificado&quot; puede hacer referencia a una versión alterada de, por ejemplo, el paquete vyos-1x que le gustaría probar antes de presentar una solicitud de extracción en GitHub."
-#: ../../contributing/build-vyos.rst:831
+#: ../../contributing/build-vyos.rst:871
msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
msgstr "Cualquier paquete en el directorio de paquetes se agregará a la iso durante la compilación, reemplazando a los anteriores. Asegúrese de eliminarlos (tanto los directorios de origen como los paquetes deb creados) si desea crear una iso a partir de paquetes puramente ascendentes."
-#: ../../contributing/testing.rst:56
+#: ../../contributing/testing.rst:57
msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
msgstr "Como Smoketests alterará la configuración del sistema y usted está conectado de forma remota, puede perder su conexión con el sistema."
-#: ../../contributing/testing.rst:12
+#: ../../contributing/testing.rst:13
msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
msgstr "Como la documentación de VyOS no es solo para los usuarios, sino también para los desarrolladores, y no guardamos documentación secreta, esta sección describe cómo funcionan las pruebas automatizadas."
-#: ../../contributing/build-vyos.rst:777
+#: ../../contributing/build-vyos.rst:817
msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
msgstr "Supongamos que queremos construir el paquete vyos-1x por nuestra cuenta y modificarlo según nuestras necesidades. Primero necesitamos clonar el repositorio de GitHub."
@@ -215,15 +215,15 @@ msgstr "Temporización de arranque"
msgid "Bug Report/Issue"
msgstr "Informe de error/problema"
-#: ../../contributing/build-vyos.rst:785
+#: ../../contributing/build-vyos.rst:825
msgid "Build"
msgstr "Construir"
-#: ../../contributing/build-vyos.rst:60
+#: ../../contributing/build-vyos.rst:122
msgid "Build Container"
msgstr "Contenedor de construcción"
-#: ../../contributing/build-vyos.rst:182
+#: ../../contributing/build-vyos.rst:215
msgid "Build ISO"
msgstr "Construir ISO"
@@ -231,31 +231,31 @@ msgstr "Construir ISO"
msgid "Build VyOS"
msgstr "Construir VyOS"
-#: ../../contributing/build-vyos.rst:85
+#: ../../contributing/build-vyos.rst:147
msgid "Build from source"
msgstr "Construir desde la fuente"
-#: ../../contributing/build-vyos.rst:582
+#: ../../contributing/build-vyos.rst:622
msgid "Building Out-Of-Tree Modules"
msgstr "Construcción de módulos fuera del árbol"
-#: ../../contributing/build-vyos.rst:435
+#: ../../contributing/build-vyos.rst:475
msgid "Building The Kernel"
msgstr "Construyendo el núcleo"
-#: ../../contributing/build-vyos.rst:246
+#: ../../contributing/build-vyos.rst:286
msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
msgstr "Construir VyOS en Windows WSL2 con Docker integrado en WSL2 funcionará de maravilla. ¡No se conocen problemas hasta ahora!"
-#: ../../contributing/build-vyos.rst:705
+#: ../../contributing/build-vyos.rst:745
msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
msgstr "Crear una imagen ISO con cualquier paquete personalizado no es diferente de crear una imagen ISO normal (personalizada o no). Simplemente coloque su paquete `*.deb` modificado dentro de la carpeta `packages` dentro de `vyos-build`. El proceso de compilación recogerá su paquete personalizado y lo integrará en su ISO."
-#: ../../contributing/build-vyos.rst:584
+#: ../../contributing/build-vyos.rst:624
msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
msgstr "Construir el kernel es una parte, pero ahora también necesita construir los módulos fuera del árbol requeridos para que todo esté alineado y las ABI coincidan. Para hacerlo, puede volver a echar un vistazo a ``vyos-build/packages/linux-kernel/Jenkinsfile`` para ver todos los módulos requeridos y sus versiones seleccionadas. Le mostraremos cómo construir todos los módulos requeridos actualmente."
-#: ../../contributing/build-vyos.rst:475
+#: ../../contributing/build-vyos.rst:515
msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
msgstr "Construir el núcleo llevará algún tiempo dependiendo de la velocidad y la cantidad de su CPU/núcleos y la velocidad del disco. Espere 20 minutos (o incluso más) en hardware de gama baja."
@@ -275,7 +275,7 @@ msgstr "Código de fondo de C++"
msgid "Capitalization and punctuation"
msgstr "Mayúsculas y puntuación"
-#: ../../contributing/build-vyos.rst:448
+#: ../../contributing/build-vyos.rst:488
msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
msgstr "Verifique la versión de kernel requerida; consulte el archivo ``vyos-build/data/defaults.json`` (el ejemplo usa el kernel 4.19.146):"
@@ -283,7 +283,7 @@ msgstr "Verifique la versión de kernel requerida; consulte el archivo ``vyos-bu
msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
msgstr "Clonar: ``git clon https://github.com/<user> /vyos-1x.git``"
-#: ../../contributing/build-vyos.rst:441
+#: ../../contributing/build-vyos.rst:481
msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
msgstr "Clone la fuente del kernel en `vyos-build/packages/linux-kernel/`:"
@@ -299,7 +299,7 @@ msgstr "Las definiciones de comandos son puramente declarativas y no pueden cont
msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
msgstr "Confirma los cambios llamando a ``git commit``. Utilice un título de compromiso significativo (lea arriba) y no olvide hacer referencia al ID de Phabricator_."
-#: ../../contributing/testing.rst:151
+#: ../../contributing/testing.rst:152
msgid "Config Load Tests"
msgstr "Pruebas de carga de configuración"
@@ -323,11 +323,11 @@ msgstr "Consulta la documentación_ para asegurarte de haber configurado correct
msgid "Continuous Integration"
msgstr "Integración continua"
-#: ../../contributing/build-vyos.rst:255
+#: ../../contributing/build-vyos.rst:295
msgid "Customize"
msgstr "personalizar"
-#: ../../contributing/testing.rst:100
+#: ../../contributing/testing.rst:101
msgid "DHCP client and DHCPv6 prefix delegation"
msgstr "Cliente DHCP y delegación de prefijos DHCPv6"
@@ -335,19 +335,31 @@ msgstr "Cliente DHCP y delegación de prefijos DHCPv6"
msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
msgstr "Los parches DMVPN se agregan mediante este compromiso: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
-#: ../../contributing/build-vyos.rst:713
+#: ../../contributing/build-vyos.rst:753
msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
msgstr "Debian APT no es muy detallado cuando se trata de errores. Si su compilación ISO se rompe por cualquier motivo y sospecha que es un problema con las dependencias o la instalación de APT, puede agregar este pequeño parche que aumenta la verbosidad de APT durante la compilación ISO."
+#: ../../contributing/build-vyos.rst:42
+msgid "Debian Bookworm for VyOS 1.4 (sagitta)"
+msgstr "Debian Bookworm for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:43
+msgid "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+msgstr "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+
#: ../../contributing/build-vyos.rst:154
msgid "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
msgstr "Debian Bullseye para VyOS 1.4 (sagitta, actual) - también conocido como lanzamiento continuo"
-#: ../../contributing/build-vyos.rst:153
+#: ../../contributing/build-vyos.rst:154
+msgid "Debian Bullseye for VyOS 1.4 (sagitta)"
+msgstr "Debian Bullseye for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:41
msgid "Debian Buster for VyOS 1.3 (equuleus)"
msgstr "Debian Buster para VyOS 1.3 (equuleus)"
-#: ../../contributing/build-vyos.rst:152
+#: ../../contributing/build-vyos.rst:40
msgid "Debian Jessie for VyOS 1.2 (crux)"
msgstr "Debian Jessie para VyOS 1.2 (crux)"
@@ -379,15 +391,15 @@ msgstr "Desarrollo"
msgid "Do not add angle brackets around the format, they will be inserted automatically"
msgstr "No agregue corchetes angulares alrededor del formato, se insertarán automáticamente"
-#: ../../contributing/build-vyos.rst:33
+#: ../../contributing/build-vyos.rst:83
msgid "Docker"
msgstr "Estibador"
-#: ../../contributing/build-vyos.rst:73
+#: ../../contributing/build-vyos.rst:135
msgid "Dockerhub"
msgstr "Dockerhub"
-#: ../../contributing/build-vyos.rst:50
+#: ../../contributing/build-vyos.rst:112
msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
msgstr "¡Hacerlo otorga privilegios equivalentes a los del usuario ``root``! Se recomienda eliminar al usuario no root del grupo ``docker`` después de compilar la ISO de VyOS. Consulte también `Docker como no root`_."
@@ -395,6 +407,10 @@ msgstr "¡Hacerlo otorga privilegios equivalentes a los del usuario ``root``! Se
msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
msgstr "Debido a problemas en la versión anterior que a veces desactivan las interfaces, se utiliza una versión modificada."
+#: ../../contributing/build-vyos.rst:87
+msgid "Due to the updated version of Docker, the following examples may become invalid."
+msgstr "Due to the updated version of Docker, the following examples may become invalid."
+
#: ../../contributing/debugging.rst:172
msgid "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
msgstr "Durante la migración y la extensa reescritura de la funcionalidad de Perl a Python, se notó un aumento significativo en el tiempo de arranque general del sistema. Se puede analizar el tiempo de inicio del sistema y al final se puede generar un gráfico que muestra en detalle quién llamó a quién durante la fase de inicio del sistema."
@@ -403,7 +419,7 @@ msgstr "Durante la migración y la extensa reescritura de la funcionalidad de Pe
msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
msgstr "Cada módulo se crea bajo demanda si se encuentra una nueva confirmación en la rama en cuestión. Después de una ejecución exitosa, los paquetes Debian resultantes se implementarán en nuestro repositorio Debian, que se usa durante el tiempo de compilación. Se encuentra aquí: http://dev.packages.vyos.net/repositories/."
-#: ../../contributing/build-vyos.rst:407
+#: ../../contributing/build-vyos.rst:447
msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
msgstr "Cada uno de esos módulos tiene una dependencia de la versión del kernel y, si tiene la suerte de recibir un error de compilación ISO que suena como:"
@@ -420,7 +436,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl
msgstr "¡Cada conjunto de cambios debe ser consistente (autocontenido)! No corrija varios errores en una sola confirmación. Si ya trabajó en varias correcciones en el mismo archivo, use `git add --patch` para agregar solo las partes relacionadas con el problema en su próxima confirmación."
#: ../../contributing/development.rst:412
-#: ../../contributing/testing.rst:65
+#: ../../contributing/testing.rst:66
msgid "Example:"
msgstr "Ejemplo:"
@@ -453,11 +469,11 @@ msgstr "FRR"
msgid "Feature Request"
msgstr "Solicitud de función"
-#: ../../contributing/build-vyos.rst:560
+#: ../../contributing/build-vyos.rst:600
msgid "Firmware"
msgstr "firmware"
-#: ../../contributing/build-vyos.rst:593
+#: ../../contributing/build-vyos.rst:633
msgid "First, clone the source code and check out the appropriate version by running:"
msgstr "Primero, clone el código fuente y verifique la versión apropiada ejecutando:"
@@ -485,7 +501,7 @@ msgstr "Por ejemplo, se puede crear ``/tmp/vyos.ifconfig.debug`` para habilitar
msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
msgstr "Por ejemplo, ejecutar ``export VYOS_IFCONFIG_DEBUG=&quot;&quot;`` en su vbash tendrá el mismo efecto que ``touch /tmp/vyos.ifconfig.debug``."
-#: ../../contributing/build-vyos.rst:170
+#: ../../contributing/build-vyos.rst:72
msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
msgstr "Para los paquetes necesarios, puede consultar el archivo ``docker/Dockerfile`` en el repositorio_. El script ``./build-vyos-image`` también le avisará si falta alguna dependencia."
@@ -534,7 +550,7 @@ msgstr "Bueno: PPPoE, IPsec"
msgid "Good: RADIUS (as in remote authentication for dial-in user services)"
msgstr "Bueno: RADIUS (como en la autenticación remota para servicios de acceso telefónico de usuarios)"
-#: ../../contributing/build-vyos.rst:244
+#: ../../contributing/build-vyos.rst:284
msgid "Good luck!"
msgstr "¡Buena suerte!"
@@ -562,11 +578,11 @@ msgstr "Horrible: &quot;algoritmo de frobnicación&quot;."
msgid "How can we reproduce this Bug?"
msgstr "¿Cómo podemos reproducir este Bug?"
-#: ../../contributing/testing.rst:102
+#: ../../contributing/testing.rst:103
msgid "IP and IPv6 options"
msgstr "Opciones de IP e IPv6"
-#: ../../contributing/build-vyos.rst:308
+#: ../../contributing/build-vyos.rst:348
msgid "ISO Build Issues"
msgstr "Problemas de compilación ISO"
@@ -590,11 +606,11 @@ msgstr "Si corresponde, se debe hacer una referencia a una confirmación anterio
msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
msgstr "Si no hay una referencia de Phabricator_ en las confirmaciones de su solicitud de extracción, debemos pedirle que modifique el mensaje de confirmación. De lo contrario tendremos que rechazarlo."
-#: ../../contributing/build-vyos.rst:699
+#: ../../contributing/build-vyos.rst:739
msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
msgstr "Si es lo suficientemente valiente como para crear una imagen ISO que contenga cualquier paquete modificado de nuestra organización GitHub, este es el lugar para estar."
-#: ../../contributing/build-vyos.rst:562
+#: ../../contributing/build-vyos.rst:602
msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
msgstr "Si actualiza su kernel o incluye nuevos controladores, es posible que necesite un nuevo firmware. Cree un nuevo paquete ``vyos-linux-firmware`` con los scripts auxiliares incluidos."
@@ -622,7 +638,7 @@ msgstr "Para recuperar la salida de depuración en la línea de comandos, tambi
msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
msgstr "En algunos contextos, la primera línea se trata como el asunto de un correo electrónico y el resto del texto como el cuerpo. La línea en blanco que separa el resumen del cuerpo es fundamental (a menos que omita el cuerpo por completo); herramientas como rebase pueden confundirse si ejecuta las dos juntas."
-#: ../../contributing/build-vyos.rst:554
+#: ../../contributing/build-vyos.rst:594
msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
msgstr "Al final, se le presentarán los paquetes binarios del kernel que luego puede usar en su proceso de compilación ISO personalizado, colocando todos los archivos `*.deb` en la carpeta vyos-build/packages donde se usarán automáticamente al compilar VyOS como se documentó anteriormente."
@@ -638,7 +654,7 @@ msgstr "Incluir salida"
msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
msgstr "Inserte la siguiente declaración justo antes de la sección en la que desea investigar un problema (por ejemplo, una declaración que ve en un seguimiento): ``import pdb; pdb.set_trace()`` Opcionalmente, puede rodear esta declaración con un ``if`` que solo se activa bajo la condición que le interesa."
-#: ../../contributing/build-vyos.rst:810
+#: ../../contributing/build-vyos.rst:850
msgid "Install"
msgstr "Instalar"
@@ -646,7 +662,7 @@ msgstr "Instalar"
msgid "Install https://pypi.org/project/stdeb/"
msgstr "Instale https://pypi.org/project/stdeb/"
-#: ../../contributing/build-vyos.rst:35
+#: ../../contributing/build-vyos.rst:85
msgid "Installing Docker_ and prerequisites:"
msgstr "Instalación de Docker_ y requisitos previos:"
@@ -654,23 +670,23 @@ msgstr "Instalación de Docker_ y requisitos previos:"
msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
msgstr "En lugar de proporcionar todos esos nodos XML varias veces, ahora se incluyen archivos con características predefinidas. Breve descripción:"
-#: ../../contributing/build-vyos.rst:632
+#: ../../contributing/build-vyos.rst:672
msgid "Intel NIC"
msgstr "NIC de Intel"
-#: ../../contributing/build-vyos.rst:404
+#: ../../contributing/build-vyos.rst:444
msgid "Intel NIC drivers"
msgstr "Controladores de NIC de Intel"
-#: ../../contributing/build-vyos.rst:661
+#: ../../contributing/build-vyos.rst:701
msgid "Intel QAT"
msgstr "QAT de Intel"
-#: ../../contributing/build-vyos.rst:405
+#: ../../contributing/build-vyos.rst:445
msgid "Inter QAT"
msgstr "Inter QAT"
-#: ../../contributing/testing.rst:90
+#: ../../contributing/testing.rst:91
msgid "Interface based tests"
msgstr "Pruebas basadas en interfaz"
@@ -690,11 +706,11 @@ msgstr "Es un programa Ada y requiere GNAT y gprbuild para compilar, las depende
msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
msgstr "También es posible configurar la depuración utilizando variables de entorno. En ese caso, el nombre será (en mayúsculas) VYOS_FEATURE_DEBUG."
-#: ../../contributing/testing.rst:17
+#: ../../contributing/testing.rst:18
msgid "Jenkins CI"
msgstr "CI de Jenkins"
-#: ../../contributing/build-vyos.rst:816
+#: ../../contributing/build-vyos.rst:856
msgid "Just install using the following commands:"
msgstr "Simplemente instale usando los siguientes comandos:"
@@ -710,7 +726,7 @@ msgstr "Keepalived normalmente no se actualiza a versiones de funciones más nue
msgid "Kernel"
msgstr "Núcleo"
-#: ../../contributing/build-vyos.rst:787
+#: ../../contributing/build-vyos.rst:827
msgid "Launch Docker container and build package"
msgstr "Inicie el contenedor Docker y cree el paquete"
@@ -734,7 +750,7 @@ msgstr "Como cualquier otro proyecto, también tenemos algunas pequeñas pautas
msgid "Limits:"
msgstr "Límites:"
-#: ../../contributing/build-vyos.rst:390
+#: ../../contributing/build-vyos.rst:430
msgid "Linux Kernel"
msgstr "Núcleo de Linux"
@@ -742,7 +758,7 @@ msgstr "Núcleo de Linux"
msgid "Live System"
msgstr "Sistema en vivo"
-#: ../../contributing/testing.rst:101
+#: ../../contributing/testing.rst:102
msgid "MTU size"
msgstr "Tamaño de la PERSONA"
@@ -750,11 +766,11 @@ msgstr "Tamaño de la PERSONA"
msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
msgstr "Realice sus cambios y guárdelos. Haga lo siguiente para todos los archivos de cambios para registrarlos en su confirmación de Git creada:"
-#: ../../contributing/testing.rst:60
+#: ../../contributing/testing.rst:61
msgid "Manual Smoketest Run"
msgstr "Ejecución manual de prueba de humo"
-#: ../../contributing/testing.rst:168
+#: ../../contributing/testing.rst:169
msgid "Manual config load test"
msgstr "Prueba de carga de configuración manual"
@@ -770,7 +786,7 @@ msgstr "Migración de la CLI antigua"
msgid "Move default values to scripts"
msgstr "Mover valores predeterminados a scripts"
-#: ../../contributing/build-vyos.rst:147
+#: ../../contributing/build-vyos.rst:35
msgid "Native Build"
msgstr "Construcción nativa"
@@ -807,23 +823,23 @@ msgstr "Ninguno"
msgid "Notes"
msgstr "notas"
-#: ../../contributing/build-vyos.rst:199
+#: ../../contributing/build-vyos.rst:236
msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
msgstr "Ahora puede comenzar una nueva compilación de VyOS ISO. Cambie el directorio al directorio ``vyos-build`` y ejecute:"
-#: ../../contributing/build-vyos.rst:184
+#: ../../contributing/build-vyos.rst:217
msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
msgstr "Ahora que conoce los requisitos previos, podemos continuar y construir nuestro propio ISO desde la fuente. Para esto, tenemos que obtener el código fuente más reciente de GitHub. Tenga en cuenta que esto diferirá tanto para `current` como para `crux`."
-#: ../../contributing/build-vyos.rst:384
+#: ../../contributing/build-vyos.rst:424
msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
msgstr "¡Ahora es el momento de arreglar el espejo del paquete y volver a ejecutar el último paso hasta que la instalación del paquete vuelva a tener éxito!"
-#: ../../contributing/build-vyos.rst:469
+#: ../../contributing/build-vyos.rst:509
msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
msgstr "Ahora podemos usar el script de ayuda ``build-kernel.sh`` que hace todo el vudú necesario al aplicar los parches necesarios de la carpeta `vyos-build/packages/linux-kernel/patches`, copiando nuestra configuración del kernel ``x86_64_vyos_defconfig `` a la ubicación correcta y, finalmente, construir los paquetes de Debian."
-#: ../../contributing/build-vyos.rst:133
+#: ../../contributing/build-vyos.rst:199
msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
msgstr "Ahora está preparado con dos nuevos alias ``vybld`` y ``vybld_crux`` para generar sus contenedores de desarrollo en su directorio de trabajo actual."
@@ -831,7 +847,7 @@ msgstr "Ahora está preparado con dos nuevos alias ``vybld`` y ``vybld_crux`` pa
msgid "Old concept/syntax"
msgstr "Viejo concepto/sintaxis"
-#: ../../contributing/testing.rst:62
+#: ../../contributing/testing.rst:63
msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
msgstr "Por otro lado, como cada prueba está contenida en su propio archivo, siempre se puede ejecutar una sola prueba de humo a mano simplemente ejecutando los scripts de prueba de Python."
@@ -843,7 +859,7 @@ msgstr "Una vez que haya instalado las dependencias requeridas, puede continuar
msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
msgstr "Una vez que ejecutes ``show xyz`` y tu condición se active, deberías ingresar al depurador de python:"
-#: ../../contributing/testing.rst:170
+#: ../../contributing/testing.rst:171
msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
msgstr "Uno no está obligado a cargar todas las configuraciones una tras otra, sino que también puede cargar configuraciones de prueba individuales por su cuenta."
@@ -851,6 +867,10 @@ msgstr "Uno no está obligado a cargar todas las configuraciones una tras otra,
msgid "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
msgstr "Una de las principales ventajas introducidas en VyOS 1.3 es un marco de prueba automatizado. Al ensamblar una imagen ISO, varias cosas pueden salir mal y publicar una imagen ISO defectuosa no tiene sentido. El usuario está decepcionado por la calidad de la imagen y los desarrolladores se ven inundados con informes de errores una y otra vez."
+#: ../../contributing/testing.rst:7
+msgid "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+msgstr "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+
#: ../../contributing/development.rst:665
msgid "Only applicable to leaf nodes"
msgstr "Solo aplicable a los nodos hoja"
@@ -863,7 +883,7 @@ msgstr "Otros paquetes (p. ej., vyos-1x) agregan dependencias al procedimiento d
msgid "Our StrongSWAN build differs from the upstream:"
msgstr "Nuestra construcción StrongSWAN difiere de la anterior:"
-#: ../../contributing/testing.rst:19
+#: ../../contributing/testing.rst:20
msgid "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
msgstr "Nuestro sistema `VyOS CI`_ se basa en Jenkins y crea todos nuestros paquetes necesarios para VyOS 1.2 a 1.4. Además de la compilación del paquete, existe el trabajo vyos-build que compila y prueba la imagen ISO de VyOS que se publica después de una prueba de manejo exitosa."
@@ -875,12 +895,12 @@ msgstr "Nuestro código se divide en varios módulos. VyOS se compone de varios
msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
msgstr "Nuestros scripts de modo operativo utilizan el módulo python-vici, que no está incluido en la compilación de Debian y no es muy fácil de integrar en esa compilación. Por esta razón, debianizamos ese módulo a mano ahora, usando este procedimiento:"
-#: ../../contributing/testing.rst:92
+#: ../../contributing/testing.rst:93
msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
msgstr "Nuestras pruebas de humo no solo prueban demonios y servicios, sino que también verifican si lo que configuramos para una interfaz funciona. Por lo tanto, existe una base común clasificada denominada: ``base_interfaces_test.py`` que contiene todo el código común que admite una interfaz y se prueba."
-#: ../../contributing/build-vyos.rst:697
-#: ../../contributing/build-vyos.rst:766
+#: ../../contributing/build-vyos.rst:737
+#: ../../contributing/build-vyos.rst:806
msgid "Packages"
msgstr "Paquetes"
@@ -904,11 +924,11 @@ msgstr "Envíe sus parches utilizando la conocida solicitud de extracción de Gi
msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
msgstr "Utilice la siguiente plantilla como un buen punto de partida cuando desarrolle nuevos módulos o incluso reescriba un montón de código en el nuevo estilo de interfaz XML/Pyhon."
-#: ../../contributing/testing.rst:103
+#: ../../contributing/testing.rst:104
msgid "Port description"
msgstr "Descripción del puerto"
-#: ../../contributing/testing.rst:104
+#: ../../contributing/testing.rst:105
msgid "Port disable"
msgstr "Deshabilitar puerto"
@@ -952,7 +972,7 @@ msgstr "Python 3 **deberá** ser utilizado. ¿Cuánto tiempo podemos mantener vi
msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
msgstr "Python (o cualquier otro lenguaje, para el caso) no brinda protección automática contra un mal diseño, por lo que también debemos diseñar pautas de diseño y seguirlas para mantener el sistema extensible y mantenible."
-#: ../../contributing/build-vyos.rst:745
+#: ../../contributing/build-vyos.rst:785
msgid "QEMU"
msgstr "QEMU"
@@ -968,16 +988,16 @@ msgstr "Las versiones recientes usan el framework ``vyos.frr``. La clase Python
msgid "Report a Bug"
msgstr "Reportar un error"
-#: ../../contributing/build-vyos.rst:747
+#: ../../contributing/build-vyos.rst:787
msgid "Run the following command after building the ISO image."
msgstr "Ejecute el siguiente comando después de crear la imagen ISO."
-#: ../../contributing/build-vyos.rst:756
+#: ../../contributing/build-vyos.rst:796
msgid "Run the following command after building the QEMU image."
msgstr "Ejecute el siguiente comando después de crear la imagen de QEMU."
-#: ../../contributing/build-vyos.rst:637
-#: ../../contributing/build-vyos.rst:666
+#: ../../contributing/build-vyos.rst:677
+#: ../../contributing/build-vyos.rst:706
msgid "Simply use our wrapper script to build all of the driver modules."
msgstr "Simplemente use nuestra secuencia de comandos contenedora para compilar todos los módulos del controlador."
@@ -985,19 +1005,19 @@ msgstr "Simplemente use nuestra secuencia de comandos contenedora para compilar
msgid "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
msgstr "Dado que VyOS ha cambiado a Debian (11) Bullseye en su rama ``actual``, necesitará un contenedor individual para las compilaciones ``actual`, `equuleus` y `crux`."
-#: ../../contributing/testing.rst:29
+#: ../../contributing/testing.rst:30
msgid "Smoketests"
msgstr "pruebas de humo"
-#: ../../contributing/testing.rst:31
+#: ../../contributing/testing.rst:32
msgid "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
msgstr "Smoketests ejecuta comandos predefinidos de la CLI de VyOS y verifica si la configuración deseada del demonio/servicio está renderizada, así es como decirlo &quot;brevemente&quot;."
-#: ../../contributing/testing.rst:44
+#: ../../contributing/testing.rst:45
msgid "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
msgstr "Entonces, si planea crear su propia imagen ISO personalizada y no quiere utilizar nuestras pruebas de humo, asegúrese de tener instalado el paquete `vyos-1x-smoketest`."
-#: ../../contributing/build-vyos.rst:136
+#: ../../contributing/build-vyos.rst:202
msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
msgstr "Algunos paquetes de VyOS (a saber, vyos-1x) vienen con pruebas de tiempo de compilación que verifican que algunas de las llamadas de la biblioteca interna funcionan como se esperaba. Estas pruebas se realizan a través del módulo Unittest de Python. Si desea compilar el paquete ``vyos-1x`` (que es nuestro paquete de desarrollo principal), debe iniciar su contenedor Docker con el siguiente argumento: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0 ``, de lo contrario esas pruebas fallarán."
@@ -1005,7 +1025,7 @@ msgstr "Algunos paquetes de VyOS (a saber, vyos-1x) vienen con pruebas de tiempo
msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
msgstr "Algunas abreviaturas se escriben tradicionalmente en mayúsculas y minúsculas. Generalmente, si contiene palabras &quot;over&quot; o &quot;version&quot;, la letra **debe** estar en minúscula. Si hay una ortografía aceptada (especialmente si está definida por un RFC u otro estándar), **debe** seguirse."
-#: ../../contributing/testing.rst:201
+#: ../../contributing/testing.rst:202
msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
msgstr "Algunas de las configuraciones tienen condiciones previas que deben cumplirse. Lo más probable es que incluyan la generación de claves criptográficas antes de que se pueda aplicar la configuración; de lo contrario, obtendrá un error de confirmación. Si está interesado en cómo se cumplen esas condiciones previas, consulte el repositorio vyos-build_ y el archivo ``scripts/check-qemu-install``."
@@ -1013,7 +1033,7 @@ msgstr "Algunas de las configuraciones tienen condiciones previas que deben cump
msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
msgstr "A veces puede ser útil depurar el código de Python de forma interactiva en el sistema en vivo en lugar de un IDE. Esto se puede lograr usando pdb."
-#: ../../contributing/build-vyos.rst:229
+#: ../../contributing/build-vyos.rst:269
msgid "Start the build:"
msgstr "Comience la compilación:"
@@ -1057,15 +1077,15 @@ msgstr "Generación de texto"
msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
msgstr "El analizador CLI que se usa en VyOS es una combinación de bash, bash-completion helper y la biblioteca de back-end de C++ [vyatta-cfg](https://github.com/vyos/vyatta-cfg). Esta sección es una referencia de los comandos CLI comunes y el punto de entrada respectivo en el código C/C++."
-#: ../../contributing/build-vyos.rst:634
+#: ../../contributing/build-vyos.rst:674
msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
msgstr "Los controladores de NIC de Intel no provienen de un repositorio de Git, sino que solo buscamos los tarballs de nuestro espejo y los compilamos."
-#: ../../contributing/build-vyos.rst:662
+#: ../../contributing/build-vyos.rst:702
msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
msgstr "Los controladores Intel QAT (tecnología de asistencia rápida) no provienen de un repositorio de Git, sino que solo obtenemos los tarballs de 01.org, el sitio web de código abierto de Intel."
-#: ../../contributing/build-vyos.rst:392
+#: ../../contributing/build-vyos.rst:432
msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
msgstr "El kernel de Linux utilizado por VyOS está fuertemente ligado al proceso de construcción ISO. El archivo ``data/defaults.json`` aloja una definición JSON de la versión del kernel utilizada ``kernel_version`` y el ``kernel_flavor`` del kernel que representa la VERSIÓN_LOCAL del kernel. Ambos juntos forman la variable de versión del kernel en el sistema:"
@@ -1089,7 +1109,7 @@ msgstr "La función ``generate()`` genera archivos de configuración para los co
msgid "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
msgstr "La función ``get_config()`` debe convertir la configuración de VyOS en una representación interna abstracta. No se permite que ninguna otra función llame a ``vyos.config. Config`` método de objeto directamente. La razón de esto es que cuando las lecturas de configuración se mezclan con otra lógica, es muy difícil cambiar la sintaxis de configuración, ya que debe eliminar todas las apariciones de la sintaxis anterior. Si el código específico de la sintaxis se limita a una sola función, el resto del código se puede dejar intacto siempre que la representación interna siga siendo compatible."
-#: ../../contributing/testing.rst:47
+#: ../../contributing/testing.rst:48
msgid "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
msgstr "El comando ``make test`` del repositorio vyos-build_ lanzará una nueva instancia de QEmu y la imagen ISO se instalará primero en el disco duro virtual."
@@ -1101,19 +1121,19 @@ msgstr "La función ``verify()`` toma su representación interna de la configura
msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
msgstr "La finalización de bash (o mejor vbash) en VyOS se define en *templates*. Las plantillas son archivos de texto (llamados ``node.def``) almacenados en un árbol de directorios. Los nombres de los directorios definen los nombres de los comandos y los archivos de plantilla definen el comportamiento de los comandos. Antes de VyOS 1.2 (crux), estos archivos se creaban a mano. Después de un complejo proceso de rediseño, la nueva plantilla de estilo se genera automáticamente a partir de un archivo de entrada XML."
-#: ../../contributing/build-vyos.rst:54
+#: ../../contributing/build-vyos.rst:116
msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
msgstr "El proceso de compilación debe crearse en un sistema de archivos local; la compilación en recursos compartidos SMB o NFS hará que el contenedor no se compile correctamente. VirtualBox Drive Share tampoco es una opción, ya que las operaciones de dispositivos de bloque no están implementadas y la unidad siempre se monta como &quot;nodev&quot;"
-#: ../../contributing/testing.rst:158
+#: ../../contributing/testing.rst:159
msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
msgstr "Todas las configuraciones se derivan de los sistemas de producción y no solo pueden actuar como un caso de prueba, sino también como referencia si se desea habilitar una característica determinada. Las configuraciones se pueden encontrar aquí: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
-#: ../../contributing/build-vyos.rst:87
+#: ../../contributing/build-vyos.rst:149
msgid "The container can also be built directly from source:"
msgstr "El contenedor también se puede construir directamente desde la fuente:"
-#: ../../contributing/build-vyos.rst:62
+#: ../../contributing/build-vyos.rst:124
msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
msgstr "El contenedor se puede construir a mano o obteniendo el preconstruido de DockerHub. El uso de contenedores prediseñados de la `organización VyOS DockerHub`_ garantizará que el contenedor esté siempre actualizado. Se activa una reconstrucción una vez que cambia el contenedor (tenga en cuenta que esto llevará de 2 a 3 horas después de enviar al repositorio de vyos-build)."
@@ -1121,11 +1141,11 @@ msgstr "El contenedor se puede construir a mano o obteniendo el preconstruido de
msgid "The default template processor for VyOS code is Jinja2_."
msgstr "El procesador de plantillas predeterminado para el código VyOS es Jinja2_."
-#: ../../contributing/build-vyos.rst:773
+#: ../../contributing/build-vyos.rst:813
msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
msgstr "La forma más fácil de compilar su paquete es con el contenedor :ref:`build_docker` mencionado anteriormente, que incluye todas las dependencias requeridas para todos los paquetes relacionados con VyOS."
-#: ../../contributing/testing.rst:163
+#: ../../contributing/testing.rst:164
msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
msgstr "Toda la prueba está controlada por la secuencia de comandos contenedora principal ``/usr/bin/vyos-configtest`` que se comporta de la misma manera que la secuencia de comandos principal de smoketest. Escanea la carpeta en busca de posibles archivos de configuración y emite un comando de ``cargar`` uno tras otro."
@@ -1137,6 +1157,10 @@ msgstr "El archivo se puede colocar en ``/tmp`` para una depuración única (ya
msgid "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
msgstr "La primera palabra de cada cadena de ayuda **debe** estar en mayúscula. **No debe** haber un punto al final de las cadenas de ayuda."
+#: ../../contributing/build-vyos.rst:26
+msgid "The following includes the build process for VyOS 1.2 to the latest version."
+msgstr "The following includes the build process for VyOS 1.2 to the latest version."
+
#: ../../contributing/development.rst:71
msgid "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
msgstr "El formato debe ser y está inspirado en: https://git-scm.com/book/ch5-2.html También vale la pena leer https://chris.beams.io/posts/git-commit/"
@@ -1149,11 +1173,11 @@ msgstr "Lo mejor de los esquemas no es solo que las personas pueden conocer la g
msgid "The information is used in three ways:"
msgstr "La información se utiliza de tres maneras:"
-#: ../../contributing/build-vyos.rst:437
+#: ../../contributing/build-vyos.rst:477
msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
msgstr "La compilación del kernel es bastante fácil, la mayoría de los pasos necesarios se pueden encontrar en ``vyos-build/packages/linux-kernel/Jenkinsfile`` pero lo guiaremos a través de él."
-#: ../../contributing/build-vyos.rst:425
+#: ../../contributing/build-vyos.rst:465
msgid "The most obvious reasons could be:"
msgstr "Las razones más obvias podrían ser:"
@@ -1161,7 +1185,7 @@ msgstr "Las razones más obvias podrían ser:"
msgid "The original repo is at https://github.com/dmbaturin/hvinfo"
msgstr "El repositorio original está en https://github.com/dmbaturin/hvinfo"
-#: ../../contributing/testing.rst:153
+#: ../../contributing/testing.rst:154
msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
msgstr "La otra parte de nuestras pruebas se llama &quot;pruebas de carga de configuración&quot;. Las pruebas de carga de configuración cargarán, uno tras otro, archivos de configuración arbitrarios para probar si los scripts de migración de configuración funcionan según lo diseñado y si un conjunto determinado de funcionalidad aún se puede cargar con una nueva imagen ISO de VyOS."
@@ -1181,7 +1205,7 @@ msgstr "La razón es que el backend de migración de configuración se reescribe
msgid "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
msgstr "El repositorio que contiene todos los scripts de compilación ISO es: https://github.com/vyos/vyos-build"
-#: ../../contributing/testing.rst:53
+#: ../../contributing/testing.rst:54
msgid "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
msgstr "El script solo busca &quot;casos de prueba&quot; ejecutables en ``/usr/libexec/vyos/tests/smoke/cli/`` y los ejecuta uno por uno."
@@ -1205,7 +1229,7 @@ msgstr "El cambio al lenguaje de programación Python para código nuevo no es s
msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
msgstr "El inicio del sistema se puede depurar (como cargar el archivo de configuración desde ``/config/config.boot``). Esto se puede lograr extendiendo la línea de comandos del Kernel en el gestor de arranque."
-#: ../../contributing/build-vyos.rst:310
+#: ../../contributing/build-vyos.rst:350
msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
msgstr "Hay situaciones (raras) en las que no es posible crear una imagen ISO debido a un feed de paquete roto en segundo plano. APT no es muy bueno para informar la causa raíz del problema. Su compilación ISO probablemente fallará con un mensaje de error de aspecto más o menos similar:"
@@ -1221,7 +1245,7 @@ msgstr "Hay extensiones para, por ejemplo, VIM (xmllint) que le ayudarán a obte
msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
msgstr "Hay dos banderas disponibles para ayudar en la depuración de scripts de configuración. Dado que los problemas de carga de la configuración se manifestarán durante el arranque, los indicadores se pasan como parámetros de arranque del kernel."
-#: ../../contributing/build-vyos.rst:257
+#: ../../contributing/build-vyos.rst:297
msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
msgstr "Esta ISO se puede personalizar con la siguiente lista de opciones de configuración. La lista completa y actual se puede generar con ``./build-vyos-image --help``:"
@@ -1249,31 +1273,35 @@ msgstr "Este paquete no existe en Debian. Se mantiene una bifurcación debianiza
msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
msgstr "Este paquete no existe en Debian. Se mantiene una bifurcación debianizada en https://github.com/vyos/udp-broadcast-relay"
-#: ../../contributing/build-vyos.rst:572
+#: ../../contributing/build-vyos.rst:612
msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
msgstr "Esto intenta detectar automáticamente qué blobs se necesitan en función de los controladores que se crearon. Si no encuentra los archivos correctos, puede agregarlos manualmente a ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
-#: ../../contributing/build-vyos.rst:26
+#: ../../contributing/build-vyos.rst:76
+msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+
+#: ../../contributing/build-vyos.rst:28
msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
msgstr "Esto lo guiará a través del proceso de creación de una imagen ISO de VyOS con Docker_. Este proceso ha sido probado en instalaciones limpias de Debian Jessie, Stretch y Buster."
-#: ../../contributing/testing.rst:147
+#: ../../contributing/testing.rst:148
msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
msgstr "Esto limitará la prueba de interfaz `bond` para usar solo `eth1` y `eth2` como puertos miembro."
-#: ../../contributing/testing.rst:97
+#: ../../contributing/testing.rst:98
msgid "Those common tests consists out of:"
msgstr "Esas pruebas comunes consisten en:"
-#: ../../contributing/build-vyos.rst:107
+#: ../../contributing/build-vyos.rst:173
msgid "Tips and Tricks"
msgstr "Consejos y trucos"
-#: ../../contributing/build-vyos.rst:46
+#: ../../contributing/build-vyos.rst:108
msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
msgstr "Para poder usar Docker_ sin ``sudo``, el usuario no root actual debe agregarse al grupo ``docker`` llamando: ``sudo usermod -aG docker yourusername``."
-#: ../../contributing/build-vyos.rst:149
+#: ../../contributing/build-vyos.rst:37
msgid "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
msgstr "Para compilar VyOS de forma nativa, necesita un host de compilación configurado correctamente con las siguientes versiones de Debian instaladas:"
@@ -1285,7 +1313,7 @@ msgstr "Para construir nuestros módulos, utilizamos un script Pipeline de CI/CD
msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
msgstr "Para depurar problemas en las prioridades o para ver lo que sucede en segundo plano, puede usar el script ``/opt/vyatta/sbin/priority.pl`` que enumera el orden de ejecución de los scripts."
-#: ../../contributing/build-vyos.rst:333
+#: ../../contributing/build-vyos.rst:373
msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
msgstr "Para depurar el proceso de compilación y obtener información adicional sobre cuál podría ser la causa principal, debe usar `chroot` para cambiar al directorio de compilación. Esto se explica en el siguiente procedimiento paso a paso:"
@@ -1305,19 +1333,19 @@ msgstr "Para garantizar una apariencia uniforme y mejorar la legibilidad, debemo
msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
msgstr "Para que este enfoque funcione, cada cambio debe asociarse con un número de tarea (con el prefijo **T**) y un componente. Si no hay un informe de error/solicitud de funciones para los cambios que va a realizar, primero debe crear una tarea Phabricator_. Una vez que haya una entrada en Phabricator_, debe hacer referencia a su id en su mensaje de confirmación, como se muestra a continuación:"
-#: ../../contributing/build-vyos.rst:75
+#: ../../contributing/build-vyos.rst:137
msgid "To manually download the container from DockerHub, run:"
msgstr "Para descargar manualmente el contenedor desde DockerHub, ejecute:"
-#: ../../contributing/build-vyos.rst:156
+#: ../../contributing/build-vyos.rst:46
msgid "To start, clone the repository to your local machine:"
msgstr "Para comenzar, clone el repositorio en su máquina local:"
-#: ../../contributing/build-vyos.rst:812
+#: ../../contributing/build-vyos.rst:852
msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
msgstr "Para llevar su paquete recién creado a una prueba de manejo, simplemente puede SCP a una instancia de VyOS en ejecución e instalar el nuevo paquete `*.deb` sobre el actual en ejecución."
-#: ../../contributing/build-vyos.rst:711
+#: ../../contributing/build-vyos.rst:751
msgid "Troubleshooting"
msgstr "Solución de problemas"
@@ -1357,11 +1385,11 @@ msgstr "Los comandos útiles son:"
msgid "VIF (incl. VIF-S/VIF-C)"
msgstr "VIF (incl. VIF-S/VIF-C)"
-#: ../../contributing/testing.rst:105
+#: ../../contributing/testing.rst:106
msgid "VLANs (QinQ and regular 802.1q)"
msgstr "VLAN (QinQ y 802.1q regular)"
-#: ../../contributing/build-vyos.rst:754
+#: ../../contributing/build-vyos.rst:794
msgid "VMware"
msgstr "vmware"
@@ -1373,7 +1401,7 @@ msgstr "Los verbos, cuando son necesarios, **deben** estar en su forma infinitiv
msgid "Verbs **should** be avoided. If a verb can be omitted, omit it."
msgstr "Los verbos **deben** evitarse. Si se puede omitir un verbo, omítalo."
-#: ../../contributing/build-vyos.rst:742
+#: ../../contributing/build-vyos.rst:782
msgid "Virtualization Platforms"
msgstr "Plataformas de virtualización"
@@ -1381,7 +1409,11 @@ msgstr "Plataformas de virtualización"
msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
msgstr "VyOS CLI tiene que ver con las prioridades. Cada nodo CLI tiene un archivo ``node.def`` correspondiente y posiblemente un script adjunto que se ejecuta cuando el nodo está presente. Los nodos pueden tener una prioridad, y en el arranque del sistema, o cualquier otro &quot;commit&quot; a la configuración, todos los scripts se ejecutan de menor a mayor prioridad. Esto es bueno ya que da un comportamiento determinista."
-#: ../../contributing/build-vyos.rst:768
+#: ../../contributing/build-vyos.rst:168
+msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+
+#: ../../contributing/build-vyos.rst:808
msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
msgstr "VyOS en sí viene con un montón de paquetes que son específicos de nuestro sistema y, por lo tanto, no se pueden encontrar en ningún espejo de Debian. Esos paquetes se pueden encontrar en el `VyOS GitHub project`_ en su formato fuente y se pueden compilar fácilmente en un paquete Debian personalizado (`*.deb`)."
@@ -1389,19 +1421,19 @@ msgstr "VyOS en sí viene con un montón de paquetes que son específicos de nue
msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
msgstr "VyOS utiliza Jenkins_ como nuestro servicio de integración continua (CI). Nuestro servidor `VyOS CI`_ es de acceso público aquí: https://ci.vyos.net. Puede obtener una breve descripción general de todos los componentes necesarios enviados en una ISO de VyOS."
-#: ../../contributing/build-vyos.rst:600
+#: ../../contributing/build-vyos.rst:640
msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:"
msgstr "Nuevamente hacemos uso de un script de ayuda y algunos parches para que la compilación funcione. Simplemente ejecute el siguiente comando:"
-#: ../../contributing/testing.rst:24
+#: ../../contributing/testing.rst:25
msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
msgstr "Nos diferenciamos en dos pruebas independientes, ambas ejecutadas en paralelo por dos instancias QEmu separadas que se inician a través de ``make test`` y ``make testc`` desde el repositorio vyos-build_."
-#: ../../contributing/build-vyos.rst:349
+#: ../../contributing/build-vyos.rst:389
msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
msgstr "Ahora somos libres de ejecutar cualquier comando que nos gustaría usar para la depuración, por ejemplo, reinstalar el paquete fallido después de actualizar el repositorio."
-#: ../../contributing/build-vyos.rst:341
+#: ../../contributing/build-vyos.rst:381
msgid "We now need to mount some required, volatile filesystems"
msgstr "Ahora necesitamos montar algunos sistemas de archivos volátiles requeridos"
@@ -1425,7 +1457,7 @@ msgstr "¿Cuál era la configuración antes del cambio?"
msgid "What were you attempting to achieve?"
msgstr "¿Qué estabas tratando de lograr?"
-#: ../../contributing/testing.rst:34
+#: ../../contributing/testing.rst:35
msgid "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
msgstr "Cuando `VyOS CI`_ ensambla una imagen ISO, el parámetro ``BUILD_SMOKETEST`` está habilitado de manera predeterminada, lo que extenderá la línea de configuración ISO con los siguientes paquetes:"
@@ -1437,7 +1469,7 @@ msgstr "Cuando tenga problemas para compilar su propia imagen ISO o depurar prob
msgid "When modifying the source code, remember these rules of the legacy elimination campaign:"
msgstr "Al modificar el código fuente, recuerde estas reglas de la campaña de eliminación heredada:"
-#: ../../contributing/build-vyos.rst:241
+#: ../../contributing/build-vyos.rst:281
msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
msgstr "Cuando la construcción es exitosa, el iso resultante se puede encontrar dentro del directorio ``build`` como ``live-image-[architecture].hybrid.iso``."
@@ -1449,7 +1481,7 @@ msgstr "Al escribir un nuevo migrador de configuración, puede suceder que vea u
msgid "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
msgstr "Cuando pueda verificar que en realidad se trata de un error, dedique algún tiempo a documentar cómo reproducir el problema. Esta documentación puede ser invaluable."
-#: ../../contributing/testing.rst:108
+#: ../../contributing/testing.rst:109
msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
msgstr "Cuando está trabajando en la configuración de la interfaz y tampoco quiere probar si las pruebas de humo pasan, normalmente perdería la conexión SSH remota a su :abbr:`DUT (Dispositivo bajo prueba)`. Para manejar este problema, algunas de las pruebas basadas en interfaz se pueden llamar con una variable de entorno de antemano para limitar la cantidad de interfaces utilizadas en la prueba. De forma predeterminada, se utilizan todas las interfaces, por ejemplo, todas las interfaces Ethernet."
@@ -1490,11 +1522,11 @@ msgstr "Los archivos de definición de interfaz XML utilizan la extensión de ar
msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
msgstr "Las definiciones de interfaz XML para VyOS vienen con un esquema RelaxNG y se encuentran en el módulo vyos-1x_. Este esquema es un esquema ligeramente modificado de VyConf_ alias VyOS 2.0, por lo que las definiciones de interfaz de VyOS 1.2.x serán reutilizables en las versiones de Nextgen VyOS con cambios mínimos."
-#: ../../contributing/build-vyos.rst:827
+#: ../../contributing/build-vyos.rst:867
msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
msgstr "También puede colocar el `*.deb` generado en su entorno de compilación ISO para incluirlo en un iso personalizado, consulte :ref:`build_custom_packages` para obtener más información."
-#: ../../contributing/build-vyos.rst:109
+#: ../../contributing/build-vyos.rst:175
msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
msgstr "Puede crear algunos alias de Bash útiles para lanzar siempre el contenedor más reciente, por tren de lanzamiento (`current` o `crux`). Agregue lo siguiente a su archivo ``.bash_aliases``:"
@@ -1506,7 +1538,7 @@ msgstr "Puede escribir ``ayuda`` para obtener una descripción general de los co
msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
msgstr "¿Tiene una idea de cómo mejorar VyOS o necesita una función específica de la que se beneficiarían todos los usuarios de VyOS? Para enviar una solicitud de función, busque Phabricator_ si ya hay una solicitud pendiente. Puede mejorarlo o, si no encuentra uno, crear uno nuevo usando el enlace rápido en el lado izquierdo debajo del proyecto específico."
-#: ../../contributing/build-vyos.rst:430
+#: ../../contributing/build-vyos.rst:470
msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
@@ -1526,7 +1558,7 @@ msgstr "Luego puede continuar con la clonación de su bifurcación o agregar un
msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
msgstr "Su secuencia de comandos de configuración o secuencia de comandos de modo de operación, que también está escrita en Python3, debe tener un salto de línea de 80 caracteres. Esto parece un poco extraño hoy en día, pero como algunas personas también trabajan de forma remota o programan usando vi(m), este es un buen estándar en el que espero podamos confiar."
-#: ../../contributing/testing.rst:106
+#: ../../contributing/testing.rst:107
msgid "..."
msgstr "..."
@@ -1582,7 +1614,7 @@ msgstr "``log``: en algunos casos excepcionales, puede ser útil ver qué está
msgid "``set``"
msgstr "``establecer``"
-#: ../../contributing/build-vyos.rst:427
+#: ../../contributing/build-vyos.rst:467
msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
msgstr "El repositorio ``vyos-build`` está desactualizado, por favor ``git pull`` para actualizar a la última versión de nuestro kernel."
diff --git a/docs/_locale/es/copyright.pot b/docs/_locale/es/copyright.pot
index b4dcfb4e..c7befa5e 100644
--- a/docs/_locale/es/copyright.pot
+++ b/docs/_locale/es/copyright.pot
@@ -13,8 +13,8 @@ msgid "Copyright Notice"
msgstr "Aviso de copyright"
#: ../../copyright.md:3
-msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors"
-msgstr "Copyright (C) 2018-2023 Mantenedores y colaboradores de VyOS"
+msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors"
+msgstr "Copyright (C) 2018-2024 Mantenedores y colaboradores de VyOS"
#: ../../copyright.md:9
msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one."
diff --git a/docs/_locale/es/index.pot b/docs/_locale/es/index.pot
index b58bb8ce..add4272a 100644
--- a/docs/_locale/es/index.pot
+++ b/docs/_locale/es/index.pot
@@ -12,23 +12,23 @@ msgstr ""
msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
msgstr "Agregue partes faltantes o mejore la :ref:`Documentación<documentation:Write Documentation> `."
-#: ../../index.rst:70
+#: ../../index.rst:72
msgid "Adminguide"
msgstr "Guía de administración"
-#: ../../index.rst:31
+#: ../../index.rst:33
msgid "Automate"
msgstr "Automatizar"
-#: ../../index.rst:23
+#: ../../index.rst:25
msgid "Configuration and Operation"
msgstr "Configuración y Operación"
-#: ../../index.rst:44
+#: ../../index.rst:46
msgid "Contribute and Community"
msgstr "Contribuir y Comunidad"
-#: ../../index.rst:83
+#: ../../index.rst:85
msgid "Development"
msgstr "Desarrollo"
@@ -36,31 +36,31 @@ msgstr "Desarrollo"
msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
msgstr "Discutir en `Slack<https://slack.vyos.io/> `_ o el `Foro<https://forum.vyos.io> `_."
-#: ../../index.rst:38
+#: ../../index.rst:40
msgid "Examples"
msgstr "Ejemplos"
-#: ../../index.rst:61
+#: ../../index.rst:63
msgid "First Steps"
msgstr "Primeros pasos"
-#: ../../index.rst:11
+#: ../../index.rst:12
msgid "Get / Build VyOS"
msgstr "Obtener/Crear VyOS"
-#: ../../index.rst:40
+#: ../../index.rst:42
msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
msgstr "Inspírese con los :ref:`Planos de configuración<configexamples/index:Configuration Blueprints> ` para construir su infraestructura."
-#: ../../index.rst:16
+#: ../../index.rst:18
msgid "Install VyOS"
msgstr "Instalar VyOS"
-#: ../../index.rst:33
+#: ../../index.rst:35
msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
msgstr "Integre VyOS en su flujo de trabajo de automatización con :ref:`Ansible<vyos-ansible> `, tenga sus propios scripts locales :ref:`<command-scripting> `, o configure VyOS con :ref:`HTTPS-API<vyosapi> `."
-#: ../../index.rst:96
+#: ../../index.rst:98
msgid "Misc"
msgstr "Misc"
@@ -68,11 +68,11 @@ msgstr "Misc"
msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
msgstr "O puede seleccionar una `Tarea<https://vyos.dev/> `_ y corregir el :ref:`código<contributing/development:development> `."
-#: ../../index.rst:13
+#: ../../index.rst:15
msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
msgstr "Rápidamente :ref:`Construir<contributing/build-vyos:build vyos>` su propia imagen o eche un vistazo a cómo :ref:`descargar<installation/install:download>` una versión gratuita o compatible."
-#: ../../index.rst:18
+#: ../../index.rst:20
msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
msgstr "Lea acerca de cómo instalar VyOS en :ref:`Bare Metal<installation/install:installation> ` o en un :ref:`Entorno Virtual<installation/virtual/index:running vyos in virtual environments> ` y cómo usar una imagen con la habitual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments> ` proveedores"
@@ -80,7 +80,7 @@ msgstr "Lea acerca de cómo instalar VyOS en :ref:`Bare Metal<installation/insta
msgid "There are many ways to contribute to the project."
msgstr "Hay muchas maneras de contribuir al proyecto."
-#: ../../index.rst:25
+#: ../../index.rst:27
msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
msgstr "Utilice la :ref:`Guía de inicio rápido<quick-start:Quick Start> `, para tener una visión general rápida. O profundice y configure :ref:`enrutamiento avanzado<configuration/protocols/index:protocols> `, :ref:`VRF<configuration/vrf/index:vrf> `, o :ref:`VPN<configuration/vpn/index:vpn> `por ejemplo."
diff --git a/docs/_locale/es/installation.pot b/docs/_locale/es/installation.pot
index 66f79801..8d2d1d2d 100644
--- a/docs/_locale/es/installation.pot
+++ b/docs/_locale/es/installation.pot
@@ -28,7 +28,7 @@ msgstr "**Eliminar la VM** del proyecto GNS3."
msgid "**Early Production Access**"
msgstr "**Acceso de producción anticipada**"
-#: ../../installation/install.rst:538
+#: ../../installation/install.rst:541
msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
msgstr "**Primero** ejecute un servidor web; puede usar uno simple como `SimpleHTTPServer de Python`_ y comenzar a servir el archivo `filesystem.squashfs`. El archivo se puede encontrar dentro del directorio `/live` del contenido extraído del archivo ISO."
@@ -56,7 +56,7 @@ msgstr "**Candidato de lanzamiento**"
msgid "**Requirements**"
msgstr "**Requisitos**"
-#: ../../installation/install.rst:543
+#: ../../installation/install.rst:546
msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
msgstr "**Segundo**, edite el archivo de configuración de :ref:`install_from_tftp` para que muestre la URL correcta en ``fetch=http://<address_of_your_HTTP_server> /filesystem.squashfs``."
@@ -128,37 +128,35 @@ msgstr "4 canales Gigabit Ethernet con NIC Intel i211AT"
msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
msgstr "AMD Embedded G series GX-412TC, quad Jaguar core de 1 GHz con 64 bits y compatibilidad con AES-NI, 32 000 datos + 32 000 caché de instrucciones por núcleo, 2 MB de caché L2 compartida."
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 custom VyOS powder coat"
msgstr "Capa de polvo VyOS personalizada APU4"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop back"
msgstr "Parte posterior del escritorio APU4"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop closed"
msgstr "Escritorio APU4 cerrado"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack closed"
msgstr "Bastidor APU4 cerrado"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack front"
msgstr "Frente de rack APU4"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #1"
msgstr "Módulo de bastidor APU4 #1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #2"
msgstr "Módulo de bastidor APU4 #2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #3 with PSU"
msgstr "Módulo de rack APU4 #3 con PSU"
@@ -166,7 +164,7 @@ msgstr "Módulo de rack APU4 #3 con PSU"
msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
msgstr "Una imagen de instalación de VyOS (archivo .iso). Puede encontrar cómo obtenerlo en la página :ref:`installation`"
-#: ../../installation/install.rst:487
+#: ../../installation/install.rst:490
msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
msgstr "Un directorio llamado pxelinux.cfg que debe contener el archivo de configuración. Usaremos el archivo de configuración que se muestra a continuación, al que llamamos default_."
@@ -234,7 +232,7 @@ msgstr "Después de la instalación, salga de la consola usando la combinación
msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
msgstr "Una vez completada la instalación, elimine la iso de instalación utilizando la GUI o ``qm set 200 --ide2 none``."
-#: ../../installation/update.rst:81
+#: ../../installation/update.rst:88
msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
msgstr "Después de reiniciar, es posible que desee verificar la versión que está ejecutando con el comando :opcmd:`show version`."
@@ -262,7 +260,7 @@ msgstr "Una dirección IP"
msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
msgstr "Hay disponible un puerto serie RS232 externo, así como un encabezado GPIO interno. Tiene audio basado en Realtek a bordo por alguna razón, pero puede desactivarlo. El arranque funciona en los puertos USB2 y USB3. El cambio entre el modo BIOS en serie y el modo BIOS HDMI depende de lo que esté conectado al inicio; entra en modo serie si desconecta HDMI y lo conecta en serie, en todos los demás casos es modo HDMI."
-#: ../../installation/install.rst:551
+#: ../../installation/install.rst:554
msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
msgstr "Y **tercero**, reinicie el servicio TFTP. Si está utilizando VyOS como servidor TFTP, puede reiniciar el servicio con ``sudo service tftpd-hpa restart``."
@@ -338,7 +336,7 @@ msgstr "Estando nuevamente en la ventana de **Preferencias**, teniendo seleccion
msgid "Bits per second : 9600"
msgstr "Bits por segundo: 9600"
-#: ../../installation/install.rst:580
+#: ../../installation/install.rst:583
msgid "Black screen on install"
msgstr "Pantalla negra al instalar"
@@ -358,39 +356,39 @@ msgstr "Construyendo desde la fuente"
msgid "CLI"
msgstr "CLI"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Back"
msgstr "CSE-505-203B Volver"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Front"
msgstr "CSE-505-203B Frente"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 1"
msgstr "CSE-505-203B Abierto 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 2"
msgstr "CSE-505-203B Abierto 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 3"
msgstr "CSE-505-203B Abierto 3"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open"
msgstr "CSE-505-203B con 10 GE abierto"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 1"
msgstr "CSE-505-203B con 10 GE Abierto 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 2"
msgstr "CSE-505-203B con 10GE Abierto 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 3"
msgstr "CSE-505-203B con 10GE Abierto 3"
@@ -455,7 +453,7 @@ msgstr "Haga clic en ``Instancias`` y ``Iniciar instancia``"
msgid "Click to your new vm and find out your Public IP address."
msgstr "Haga clic en su nueva máquina virtual y descubra su dirección IP pública."
-#: ../../installation/install.rst:562
+#: ../../installation/install.rst:565
msgid "Client Boot"
msgstr "Arranque del cliente"
@@ -491,7 +489,7 @@ msgstr "Configurar grupo de seguridad. Se recomienda que configure el acceso ssh
msgid "Configure a DHCP server to provide the client with:"
msgstr "Configure un servidor DHCP para proporcionar al cliente:"
-#: ../../installation/install.rst:476
+#: ../../installation/install.rst:479
msgid "Configure a TFTP server so that it serves the following:"
msgstr "Configure un servidor TFTP para que sirva lo siguiente:"
@@ -525,11 +523,8 @@ msgid "Connect to the instance by SSH key."
msgstr "Conéctese a la instancia mediante la clave SSH."
#: ../../installation/cloud/index.rst:7
-#: ../../installation/cloud/index.rst:7
-#: ../../installation/index.rst:7
#: ../../installation/index.rst:7
#: ../../installation/virtual/index.rst:5
-#: ../../installation/virtual/index.rst:5
msgid "Content"
msgstr "Contenido"
@@ -649,7 +644,7 @@ msgstr "Deshabilitar XHCI"
msgid "Disk size"
msgstr "Tamaño del disco"
-#: ../../installation/install.rst:547
+#: ../../installation/install.rst:550
msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
msgstr "No cambie el nombre del archivo *filesystem.squashfs*. Si está trabajando con versiones diferentes, puede crear directorios diferentes en su lugar."
@@ -727,15 +722,10 @@ msgid "Every version is contained in its own squashfs image that is mounted in a
msgstr "Cada versión está contenida en su propia imagen squashfs que está montada en un sistema de archivos de unión junto con un directorio para datos mutables como configuraciones, claves o scripts personalizados."
#: ../../installation/install.rst:17
-#: ../../installation/install.rst:17
-#: ../../installation/install.rst:21
#: ../../installation/install.rst:21
#: ../../installation/install.rst:25
-#: ../../installation/install.rst:25
-#: ../../installation/install.rst:29
#: ../../installation/install.rst:29
#: ../../installation/install.rst:33
-#: ../../installation/install.rst:33
#: ../../installation/install.rst:37
msgid "Everyone"
msgstr "Todo el mundo"
@@ -752,11 +742,11 @@ msgstr "Ejemplo"
msgid "Example:"
msgstr "Ejemplo:"
-#: ../../installation/install.rst:519
+#: ../../installation/install.rst:522
msgid "Example of simple (no menu) configuration file:"
msgstr "Ejemplo de archivo de configuración simple (sin menú):"
-#: ../../installation/install.rst:499
+#: ../../installation/install.rst:502
msgid "Example of the contents of the TFTP server:"
msgstr "Ejemplo del contenido del servidor TFTP:"
@@ -768,7 +758,7 @@ msgstr "Módulos de extensión"
msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
msgstr "Archivos *pxelinux.0* y *ldlinux.c32* `de la distribución Syslinux<https://kernel.org/pub/linux/utils/boot/syslinux/> `_"
-#: ../../installation/install.rst:564
+#: ../../installation/install.rst:567
msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
msgstr "Finalmente, encienda su cliente o clientes habilitados para PXE. Obtendrán automáticamente una dirección IP del servidor DHCP y comenzarán a iniciarse en VyOS en vivo desde los archivos tomados automáticamente de los servidores TFTP y HTTP."
@@ -816,7 +806,7 @@ msgstr "Las versiones futuras de VyOS romperán la ruta de actualización direct
msgid "GPG verification"
msgstr "Verificación GPG"
-#: ../../installation/install.rst:582
+#: ../../installation/install.rst:585
msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
msgstr "GRUB intenta redirigir toda la salida a un puerto serie para facilitar la instalación en hosts sin periféricos. Esto parece provocar un bloqueo permanente en algún hardware que carece de un puerto serie, lo que da como resultado una pantalla negra después de seleccionar la opción &#39;Sistema en vivo&#39; de la imagen de instalación."
@@ -964,7 +954,7 @@ msgstr "En la pestaña **Configuración general** de su **Configuración de plan
msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
msgstr "En la pestaña **Red**, configure **0** como el número de adaptadores, configure el **Formato de nombre** en **eth{0}** y el **Tipo** en **Red paravirtualizada E/S (virtio-net-pci)**."
-#: ../../installation/install.rst:491
+#: ../../installation/install.rst:494
msgid "In the example we configured our existent VyOS as the TFTP server too:"
msgstr "En el ejemplo, también configuramos nuestro VyOS existente como servidor TFTP:"
@@ -985,7 +975,7 @@ msgstr "Instalación"
msgid "Installation and Image Management"
msgstr "Instalación y Gestión de Imágenes"
-#: ../../installation/install.rst:594
+#: ../../installation/install.rst:597
msgid "Installation can then continue as outlined above."
msgstr "La instalación puede continuar como se describe anteriormente."
@@ -1021,7 +1011,7 @@ msgstr "Se recomienda que los enrutadores VyOS estén configurados en un grupo d
msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
msgstr "Su tamaño instalado (completo con libsodium) es menor que el del binario GPG solo (sin incluir libgcrypt y algunas otras librerías, que creo que solo usamos para GPG). Dado que utiliza curvas elípticas, se sale con la suya con claves mucho más pequeñas y, para empezar, no incluye tantos metadatos."
-#: ../../installation/install.rst:575
+#: ../../installation/install.rst:578
msgid "Known Issues"
msgstr "Problemas conocidos"
@@ -1057,7 +1047,7 @@ msgstr "Instalación en vivo"
msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)"
msgstr "Inicie sesión en el sistema VyOS en vivo (utilice las credenciales predeterminadas: vyos, vyos)"
-#: ../../installation/install.rst:555
+#: ../../installation/install.rst:558
msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
msgstr "Asegúrese de que los directorios y archivos disponibles en el servidor TFTP y HTTP tengan los permisos correctos para acceder desde los clientes de arranque."
@@ -1138,7 +1128,7 @@ msgstr "Una vez que ``dd`` haya terminado, extraiga la unidad USB y conéctela a
msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
msgstr "Una vez que haya iniciado el sistema en vivo, escriba ``instalar imagen`` en la línea de comando y siga las indicaciones para instalar VyOS en la unidad virtual."
-#: ../../installation/install.rst:569
+#: ../../installation/install.rst:572
msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
msgstr "Una vez que haya terminado, podrá continuar con el comando ``instalar imagen`` como en una instalación normal de VyOS."
@@ -1462,11 +1452,11 @@ msgstr "Stayed in this stage. This is because the KVM console is chosen as the d
msgid "Step 1: DHCP"
msgstr "Paso 1: DHCP"
-#: ../../installation/install.rst:474
+#: ../../installation/install.rst:477
msgid "Step 2: TFTP"
msgstr "Paso 2: TFTP"
-#: ../../installation/install.rst:531
+#: ../../installation/install.rst:534
msgid "Step 3: HTTP"
msgstr "Paso 3: HTTP"
@@ -1498,11 +1488,11 @@ msgstr "El archivo *VyOS-hda.qcow2* ahora contiene una imagen de VyOS que funcio
msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
msgstr "El *nombre del archivo de arranque* (opción 67 de DHCP), que es *pxelinux.0*"
-#: ../../installation/install.rst:479
+#: ../../installation/install.rst:482
msgid "The *ldlinux.c32* file from the Syslinux distribution"
msgstr "El archivo *ldlinux.c32* de la distribución Syslinux"
-#: ../../installation/install.rst:478
+#: ../../installation/install.rst:481
msgid "The *pxelinux.0* file from the Syslinux distribution"
msgstr "El archivo *pxelinux.0* de la distribución Syslinux"
@@ -1582,7 +1572,7 @@ msgstr "La imagen se cargará y las últimas líneas que obtendrás serán:"
msgid "The import can be verified with:"
msgstr "La importación se puede verificar con:"
-#: ../../installation/install.rst:483
+#: ../../installation/install.rst:486
msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
msgstr "El ramdisk inicial de la ISO de VyOS que desea implementar. Ese es el archivo *initrd.img* dentro del directorio */live* de los contenidos extraídos del archivo ISO. No utilice un archivo initrd.img vacío (0 bytes) que pueda encontrar, el archivo correcto puede tener un nombre más largo."
@@ -1590,7 +1580,7 @@ msgstr "El ramdisk inicial de la ISO de VyOS que desea implementar. Ese es el ar
msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
msgstr "La instalación en esta caja Q355G4 es prácticamente plug and play. La numeración de puertos que hace el sistema operativo puede diferir de las etiquetas en el exterior, pero el firmware UEFI tiene una prueba de parpadeo de puertos incorporada con direcciones MAC para que pueda identificar rápidamente cuál es cuál. Las etiquetas MAC también están en el interior, y esta prueba también se puede realizar desde VyOS o Linux simple. La configuración predeterminada en UEFI hará que se inicie, pero dependiendo de sus deseos de instalación (es decir, tipo de almacenamiento, tipo de inicio, tipo de consola), es posible que desee ajustarlos. Esta empresa Qotom parece ser el verdadero OEM/ODM para muchas otras empresas de reetiquetado como Protectli."
-#: ../../installation/install.rst:480
+#: ../../installation/install.rst:483
msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
msgstr "El núcleo del software VyOS que desea implementar. Ese es el archivo *vmlinuz* dentro del directorio */live* de los contenidos extraídos del archivo ISO."
@@ -1598,7 +1588,7 @@ msgstr "El núcleo del software VyOS que desea implementar. Ese es el archivo *v
msgid "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
msgstr "Los requisitos mínimos del sistema son 1024 MiB de RAM y 2 GiB de almacenamiento. Dependiendo de su uso, es posible que necesite recursos adicionales de RAM y CPU, por ejemplo, cuando tenga varias tablas completas de BGP en su sistema."
-#: ../../installation/update.rst:76
+#: ../../installation/update.rst:83
msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
msgstr "Se puede acceder al Rolling Release más actualizado para AMD64 mediante la siguiente URL:"
@@ -1618,7 +1608,7 @@ msgstr "El sistema está en pleno funcionamiento."
msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
msgstr "La aplicación virt-manager es una interfaz de usuario de escritorio para administrar máquinas virtuales a través de libvirt. En Linux, abra :abbr:`VMM (Administrador de máquinas virtuales)`."
-#: ../../installation/install.rst:587
+#: ../../installation/install.rst:590
msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
msgstr "La solución es escribir `e` cuando aparezca el menú de arranque y editar las opciones de arranque de GRUB. Específicamente, elimine:"
@@ -1663,7 +1653,7 @@ msgstr "Esta guía fue desarrollada utilizando una placa APU4C4 con las siguient
msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
msgstr "Esta guía proporcionará los pasos necesarios para instalar y configurar VyOS en GNS3."
-#: ../../installation/install.rst:577
+#: ../../installation/install.rst:580
msgid "This is a list of known issues that can arise during installation."
msgstr "Esta es una lista de problemas conocidos que pueden surgir durante la instalación."
@@ -1695,6 +1685,10 @@ msgstr "Para convertir la plantilla en una máquina VyOS que funcione, se necesi
msgid "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
msgstr "Para utilizar el agente de Amazon CloudWatch, configúrelo en el almacén de parámetros de Amazon SSM. Si aún no tiene una configuración, haga :ref:`configuration_creation`."
+#: ../../installation/update.rst:81
+msgid "To use the `latest` option the \"system update-check url\" must be configured."
+msgstr "To use the `latest` option the \"system update-check url\" must be configured."
+
#: ../../installation/install.rst:248
msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
msgstr "Para verificar una imagen de VyOS que comienza con VyOS 1.3.0-rc6, puede ejecutar:"
@@ -1827,7 +1821,7 @@ msgstr "Espere hasta obtener el resultado (bytes copiados). Ten paciencia, en al
msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
msgstr "Advertencia: las etiquetas de interfaz de mi dispositivo están al revés; el puerto &quot;LAN4&quot; más a la izquierda es eth0 y el puerto &quot;LAN1&quot; más a la derecha es eth3."
-#: ../../installation/install.rst:533
+#: ../../installation/install.rst:536
msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
msgstr "También debemos proporcionar el archivo *filesystem.squashfs*. Ese es un archivo pesado y TFTP es lento, por lo que podría enviarlo a través de HTTP para acelerar la transferencia. Así es como se hace en nuestro ejemplo, puede encontrarlo en el archivo de configuración anterior."
@@ -1879,6 +1873,10 @@ msgstr "Puede volver a su instalación de Vyatta usando el comando ``set system
msgid "You can now proceed with a regular image installation as described in :ref:`installation`."
msgstr "Ahora puede continuar con una instalación de imagen normal como se describe en :ref:`installation`."
+#: ../../installation/update.rst:75
+msgid "You can use ``latest`` option. It loads the latest available Rolling release."
+msgstr "You can use ``latest`` option. It loads the latest available Rolling release."
+
#: ../../installation/migrate-from-vyatta.rst:28
msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
msgstr "Simplemente use ``agregar imagen del sistema``, como si fuera una nueva versión de VC (consulte :ref:`update_vyos` para obtener información adicional). Lo único que desea hacer es verificar la firma digital de las nuevas imágenes. Tendrá que agregar la clave pública manualmente una vez, ya que no se envía la primera vez."
@@ -1923,7 +1921,7 @@ msgstr "`Página de producto del fabricante<http://www.inctel.com.cn/product/det
msgid "``gpg --recv-keys FD220285A0FE6D7E``"
msgstr "``gpg --recv-keys FD220285A0FE6D7E``"
-#: ../../installation/install.rst:590
+#: ../../installation/install.rst:593
msgid "`console=ttyS0,115200`"
msgstr "`consola=ttyS0,115200`"
@@ -1955,7 +1953,7 @@ msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-
msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
msgstr "https://pgp.mit.edu/pks/lookup?op=get&amp;search=0xFD220285A0FE6D7E"
-#: ../../installation/update.rst:79
+#: ../../installation/update.rst:86
msgid "https://vyos.net/get/nightly-builds/"
msgstr "https://vyos.net/get/nightly-builds/"
@@ -1971,6 +1969,6 @@ msgstr "https://www.oracle.com/cloud/"
msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
-#: ../../installation/install.rst:592
+#: ../../installation/install.rst:595
msgid "option, and type CTRL-X to boot."
msgstr "y escriba CTRL-X para iniciar."
diff --git a/docs/_locale/es/quick-start.pot b/docs/_locale/es/quick-start.pot
index 16169d77..1b96a369 100644
--- a/docs/_locale/es/quick-start.pot
+++ b/docs/_locale/es/quick-start.pot
@@ -8,19 +8,19 @@ msgstr ""
"Language: es\n"
"Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n"
-#: ../../quick-start.rst:178
+#: ../../quick-start.rst:189
msgid "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
msgstr "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
-#: ../../quick-start.rst:124
+#: ../../quick-start.rst:125
msgid "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
msgstr "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
-#: ../../quick-start.rst:180
+#: ../../quick-start.rst:191
msgid "A rule to ``accept`` packets from established and related connections."
msgstr "A rule to ``accept`` packets from established and related connections."
-#: ../../quick-start.rst:181
+#: ../../quick-start.rst:192
msgid "A rule to ``drop`` packets from invalid connections."
msgstr "A rule to ``drop`` packets from invalid connections."
@@ -40,27 +40,31 @@ msgstr "Después de cambiar a :ref:`quick-start-configuration-mode`, ejecute los
msgid "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
msgstr "Después de cambiar a :ref:`quick-start-configuration-mode` emita los siguientes comandos:"
-#: ../../quick-start.rst:301
+#: ../../quick-start.rst:311
msgid "Allow Access to Services"
msgstr "Allow Access to Services"
-#: ../../quick-start.rst:257
+#: ../../quick-start.rst:267
msgid "Allow Management Access"
msgstr "Allow Management Access"
-#: ../../quick-start.rst:208
+#: ../../quick-start.rst:202
msgid "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
msgstr "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
+#: ../../quick-start.rst:219
+msgid "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+msgstr "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+
#: ../../quick-start.rst:167
msgid "Apply the firewall policies:"
msgstr "Aplicar las políticas de cortafuegos:"
-#: ../../quick-start.rst:367
+#: ../../quick-start.rst:377
msgid "As above, commit your changes, save the configuration, and exit configuration mode:"
msgstr "Como arriba, confirme sus cambios, guarde la configuración y salga del modo de configuración:"
-#: ../../quick-start.rst:227
+#: ../../quick-start.rst:237
msgid "Block Incoming Traffic"
msgstr "Block Incoming Traffic"
@@ -76,7 +80,7 @@ msgstr "By default, VyOS is in operational mode, and the command prompt displays
msgid "Commit and Save"
msgstr "Comprométete y ahorra"
-#: ../../quick-start.rst:327
+#: ../../quick-start.rst:337
msgid "Commit changes, save the configuration, and exit configuration mode:"
msgstr "Confirme los cambios, guarde la configuración y salga del modo de configuración:"
@@ -84,19 +88,19 @@ msgstr "Confirme los cambios, guarde la configuración y salga del modo de confi
msgid "Configuration Mode"
msgstr "Modo de configuración"
-#: ../../quick-start.rst:143
+#: ../../quick-start.rst:138
msgid "Configure Firewall Groups"
msgstr "Configure Firewall Groups"
-#: ../../quick-start.rst:162
+#: ../../quick-start.rst:157
msgid "Configure Stateful Packet Filtering"
msgstr "Configure Stateful Packet Filtering"
-#: ../../quick-start.rst:271
+#: ../../quick-start.rst:281
msgid "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
msgstr "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
-#: ../../quick-start.rst:233
+#: ../../quick-start.rst:243
msgid "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
msgstr "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
@@ -120,35 +124,35 @@ msgstr "Las concesiones de DHCP se mantendrán durante un día (86400 segundos)"
msgid "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
msgstr "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
-#: ../../quick-start.rst:341
+#: ../../quick-start.rst:351
msgid "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
msgstr "Especialmente si está permitiendo el acceso remoto SSH desde la interfaz exterior/WAN, hay algunos pasos de configuración adicionales que se deben tomar."
-#: ../../quick-start.rst:281
+#: ../../quick-start.rst:291
msgid "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
msgstr "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
-#: ../../quick-start.rst:357
+#: ../../quick-start.rst:367
msgid "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
msgstr "Finalmente, intente y SSH en la instalación de VyOS como su nuevo usuario. Una vez que haya confirmado que su nuevo usuario puede acceder a su enrutador sin contraseña, elimine el usuario ``vyos`` original y deshabilite completamente la autenticación de contraseña para :ref:`ssh`:"
-#: ../../quick-start.rst:319
+#: ../../quick-start.rst:329
msgid "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
msgstr "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
-#: ../../quick-start.rst:122
+#: ../../quick-start.rst:123
msgid "Firewall"
msgstr "cortafuegos"
-#: ../../quick-start.rst:263
+#: ../../quick-start.rst:273
msgid "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
msgstr "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
-#: ../../quick-start.rst:339
+#: ../../quick-start.rst:349
msgid "Hardening"
msgstr "Endurecimiento"
-#: ../../quick-start.rst:303
+#: ../../quick-start.rst:313
msgid "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
msgstr "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
@@ -156,7 +160,11 @@ msgstr "Here we're allowing the router to respond to pings. Then, we can allow a
msgid "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
msgstr "Si quisiera habilitar el acceso SSH a su firewall desde la interfaz externa/WAN, podría crear algunas reglas adicionales para permitir ese tipo de tráfico."
-#: ../../quick-start.rst:150
+#: ../../quick-start.rst:145
+msgid "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+msgstr "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+
+#: ../../quick-start.rst:144
msgid "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
msgstr "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
@@ -164,11 +172,15 @@ msgstr "In this case, we will create two interface groups—a ``WAN`` group for
msgid "Interface Configuration"
msgstr "Configuración de la interfaz"
-#: ../../quick-start.rst:109
+#: ../../quick-start.rst:170
+msgid "Most installations would choose this option, and will contain:"
+msgstr "Most installations would choose this option, and will contain:"
+
+#: ../../quick-start.rst:110
msgid "NAT"
msgstr "NAT"
-#: ../../quick-start.rst:229
+#: ../../quick-start.rst:239
msgid "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
msgstr "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
@@ -180,19 +192,31 @@ msgstr "Una vez que su configuración funcione como se esperaba, puede guardarla
msgid "Only hosts from your internal/LAN network can use the DNS recursor"
msgstr "Solo los hosts de su red LAN/interna pueden usar el recursor DNS"
-#: ../../quick-start.rst:168
+#: ../../quick-start.rst:162
msgid "Option 1: Common Chain"
msgstr "Option 1: Common Chain"
-#: ../../quick-start.rst:206
+#: ../../quick-start.rst:163
+msgid "Option 1: Global State Policies"
+msgstr "Option 1: Global State Policies"
+
+#: ../../quick-start.rst:179
+msgid "Option 2: Common/Custom Chain"
+msgstr "Option 2: Common/Custom Chain"
+
+#: ../../quick-start.rst:200
msgid "Option 2: Per-Hook Chain"
msgstr "Option 2: Per-Hook Chain"
+#: ../../quick-start.rst:217
+msgid "Option 3: Per-Hook Chain"
+msgstr "Option 3: Per-Hook Chain"
+
#: ../../quick-start.rst:5
msgid "Quick Start"
msgstr "Inicio rápido"
-#: ../../quick-start.rst:344
+#: ../../quick-start.rst:354
msgid "Replace the default ``vyos`` system user:"
msgstr "Replace the default ``vyos`` system user:"
@@ -204,7 +228,7 @@ msgstr "Reemplace el usuario del sistema `vyos` predeterminado:"
msgid "SSH Management"
msgstr "Gestión SSH"
-#: ../../quick-start.rst:350
+#: ../../quick-start.rst:360
msgid "Set up :ref:`ssh_key_based_authentication`:"
msgstr "Configurar :ref:`ssh_key_based_authentication`:"
@@ -216,7 +240,7 @@ msgstr "El rango de direcciones `192.168.0.2/24 - 192.168.0.8/24` se reservará
msgid "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
msgstr "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
-#: ../../quick-start.rst:176
+#: ../../quick-start.rst:187
msgid "The chain we will create is called ``CONN_FILTER`` and has three rules:"
msgstr "The chain we will create is called ``CONN_FILTER`` and has three rules:"
@@ -228,7 +252,7 @@ msgstr "La puerta de enlace predeterminada y la dirección del recursor DNS ser
msgid "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
msgstr "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
-#: ../../quick-start.rst:137
+#: ../../quick-start.rst:132
msgid "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
msgstr "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
@@ -236,11 +260,11 @@ msgstr "The firewall begins with the base ``filter`` tables you define for each
msgid "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
msgstr "Los siguientes ajustes configurarán los servicios DHCP y DNS en su red interna/LAN, donde VyOS actuará como puerta de enlace predeterminada y servidor DNS."
-#: ../../quick-start.rst:111
+#: ../../quick-start.rst:112
msgid "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
msgstr "Los siguientes ajustes configurarán las reglas :ref:`source-nat` para nuestra red interna/LAN, lo que permitirá que los hosts se comuniquen a través de la red externa/WAN a través del enmascaramiento de IP."
-#: ../../quick-start.rst:194
+#: ../../quick-start.rst:205
msgid "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
msgstr "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
@@ -260,31 +284,39 @@ msgstr "Este capítulo lo guiará sobre cómo ponerse al día rápidamente con s
msgid "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
msgstr "Esta configuración crea un firewall con estado adecuado que bloquea todo el tráfico que no se inició primero desde el lado interno/LAN."
-#: ../../quick-start.rst:145
+#: ../../quick-start.rst:140
msgid "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
msgstr "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
+#: ../../quick-start.rst:164
+msgid "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+msgstr "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+
#: ../../quick-start.rst:90
msgid "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
msgstr "VyOS servirá como un recurso de DNS completo, reemplazando la necesidad de utilizar Google, Cloudflare u otros servidores DNS públicos (lo cual es bueno para la privacidad)"
-#: ../../quick-start.rst:170
+#: ../../quick-start.rst:181
msgid "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
msgstr "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
-#: ../../quick-start.rst:259
+#: ../../quick-start.rst:269
msgid "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
msgstr "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
-#: ../../quick-start.rst:247
+#: ../../quick-start.rst:257
msgid "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
msgstr "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
-#: ../../quick-start.rst:164
+#: ../../quick-start.rst:159
+msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+
+#: ../../quick-start.rst:158
msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
-#: ../../quick-start.rst:379
+#: ../../quick-start.rst:389
msgid "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
msgstr "Ahora debería tener un enrutador simple pero seguro y funcional para experimentar más. ¡Disfrutar!"
diff --git a/docs/_locale/ja/404.pot b/docs/_locale/ja/404.pot
index 3284d833..3fc550ec 100644
--- a/docs/_locale/ja/404.pot
+++ b/docs/_locale/ja/404.pot
@@ -25,5 +25,13 @@ msgid "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
msgstr "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
#: ../../404.rst:11
+msgid "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+msgstr "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+
+#: ../../404.rst:12
+msgid "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+msgstr "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+
+#: ../../404.rst:11
msgid "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
msgstr "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
diff --git a/docs/_locale/ja/LC_MESSAGES/404.mo b/docs/_locale/ja/LC_MESSAGES/404.mo
index 9d4f5a00..72395e79 100644
--- a/docs/_locale/ja/LC_MESSAGES/404.mo
+++ b/docs/_locale/ja/LC_MESSAGES/404.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/automation.mo b/docs/_locale/ja/LC_MESSAGES/automation.mo
index 58268446..65013926 100644
--- a/docs/_locale/ja/LC_MESSAGES/automation.mo
+++ b/docs/_locale/ja/LC_MESSAGES/automation.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/cli.mo b/docs/_locale/ja/LC_MESSAGES/cli.mo
index e7c0bd13..778da5ed 100644
--- a/docs/_locale/ja/LC_MESSAGES/cli.mo
+++ b/docs/_locale/ja/LC_MESSAGES/cli.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/configexamples.mo b/docs/_locale/ja/LC_MESSAGES/configexamples.mo
index cfe1f8d7..195ef913 100644
--- a/docs/_locale/ja/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/ja/LC_MESSAGES/configexamples.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/configuration.mo b/docs/_locale/ja/LC_MESSAGES/configuration.mo
index 1716cef9..34b220ee 100644
--- a/docs/_locale/ja/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/ja/LC_MESSAGES/configuration.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/contributing.mo b/docs/_locale/ja/LC_MESSAGES/contributing.mo
index 1c6a7c73..aa7a51ea 100644
--- a/docs/_locale/ja/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/ja/LC_MESSAGES/contributing.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/installation.mo b/docs/_locale/ja/LC_MESSAGES/installation.mo
index f8904cde..ba53282d 100644
--- a/docs/_locale/ja/LC_MESSAGES/installation.mo
+++ b/docs/_locale/ja/LC_MESSAGES/installation.mo
Binary files differ
diff --git a/docs/_locale/ja/LC_MESSAGES/quick-start.mo b/docs/_locale/ja/LC_MESSAGES/quick-start.mo
index badfd0af..ce5e4e11 100644
--- a/docs/_locale/ja/LC_MESSAGES/quick-start.mo
+++ b/docs/_locale/ja/LC_MESSAGES/quick-start.mo
Binary files differ
diff --git a/docs/_locale/ja/automation.pot b/docs/_locale/ja/automation.pot
index 7bea74ac..027ac9ff 100644
--- a/docs/_locale/ja/automation.pot
+++ b/docs/_locale/ja/automation.pot
@@ -32,22 +32,30 @@ msgstr "**user-data**: includes vyos-commands."
msgid "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
msgstr "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
-#: ../../automation/vyos-api.rst:285
+#: ../../automation/vyos-api.rst:322
msgid "/config-file"
msgstr "/config-file"
-#: ../../automation/vyos-api.rst:228
+#: ../../automation/vyos-api.rst:265
msgid "/configure"
msgstr "/configure"
-#: ../../automation/vyos-api.rst:209
+#: ../../automation/vyos-api.rst:246
msgid "/generate"
msgstr "/generate"
-#: ../../automation/vyos-api.rst:147
+#: ../../automation/vyos-api.rst:184
msgid "/image"
msgstr "/image"
+#: ../../automation/vyos-api.rst:165
+msgid "/poweroff"
+msgstr "/poweroff"
+
+#: ../../automation/vyos-api.rst:147
+msgid "/reboot"
+msgstr "/reboot"
+
#: ../../automation/vyos-api.rst:129
msgid "/reset"
msgstr "/reset"
@@ -56,7 +64,7 @@ msgstr "/reset"
msgid "/retrieve"
msgstr "/retrieve"
-#: ../../automation/vyos-api.rst:185
+#: ../../automation/vyos-api.rst:222
msgid "/show"
msgstr "/show"
@@ -178,6 +186,34 @@ msgstr "Configuration"
msgid "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
msgstr "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
+#: ../../automation/vyos-pyvyos.rst:94
+msgid "Configure, then Delete Object"
+msgstr "Configure, then Delete Object"
+
+#: ../../automation/vyos-pyvyos.rst:141
+msgid "Configure, then Load File"
+msgstr "Configure, then Load File"
+
+#: ../../automation/vyos-pyvyos.rst:101
+msgid "Configure, then Save"
+msgstr "Configure, then Save"
+
+#: ../../automation/vyos-pyvyos.rst:108
+msgid "Configure, then Save File"
+msgstr "Configure, then Save File"
+
+#: ../../automation/vyos-pyvyos.rst:68
+msgid "Configure, then Set"
+msgstr "Configure, then Set"
+
+#: ../../automation/vyos-pyvyos.rst:85
+msgid "Configure, then Show Object"
+msgstr "Configure, then Show Object"
+
+#: ../../automation/vyos-pyvyos.rst:77
+msgid "Configure, then Show a Single Object Value"
+msgstr "Configure, then Show a Single Object Value"
+
#: ../../automation/vyos-napalm.rst:89
msgid "Content of commands.conf"
msgstr "Content of commands.conf"
@@ -258,7 +294,7 @@ msgstr "For configuration and enabling the API see :ref:`http-api`"
msgid "For example, get the addresses of a ``dum0`` interface."
msgstr "For example, get the addresses of a ``dum0`` interface."
-#: ../../automation/vyos-api.rst:189
+#: ../../automation/vyos-api.rst:226
msgid "For example, show which images are installed."
msgstr "For example, show which images are installed."
@@ -270,10 +306,18 @@ msgstr "For more information on the NoCloud data source, visit its `page <https:
msgid "From cli or GUI, power on VM, and after it boots, verify configuration"
msgstr "From cli or GUI, power on VM, and after it boots, verify configuration"
+#: ../../automation/vyos-pyvyos.rst:123
+msgid "Generate Object"
+msgstr "Generate Object"
+
#: ../../automation/cloud-init.rst:268
msgid "Generate qcow image"
msgstr "Generate qcow image"
+#: ../../automation/vyos-pyvyos.rst:24
+msgid "Getting Started"
+msgstr "Getting Started"
+
#: ../../automation/command-scripting.rst:82
msgid "Here is a simple example:"
msgstr "Here is a simple example:"
@@ -306,6 +350,10 @@ msgstr "If you need to gather information from linux commands to configure VyOS,
msgid "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
msgstr "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
+#: ../../automation/vyos-pyvyos.rst:27
+msgid "Importing and Disabling Warnings for verify=False"
+msgstr "Importing and Disabling Warnings for verify=False"
+
#: ../../automation/cloud-init.rst:298
msgid "In Proxmox server three files are going to be used for this setup:"
msgstr "In Proxmox server three files are going to be used for this setup:"
@@ -326,6 +374,10 @@ msgstr "In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G.
msgid "Initial Configuration"
msgstr "Initial Configuration"
+#: ../../automation/vyos-pyvyos.rst:47
+msgid "Initializing a VyDevice Object"
+msgstr "Initializing a VyDevice Object"
+
#: ../../automation/cloud-init.rst:180
msgid "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
msgstr "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
@@ -334,6 +386,10 @@ msgstr "Injecting configuration data is not limited to cloud platforms. Users ca
msgid "Install ``napalm-vyos`` module"
msgstr "Install ``napalm-vyos`` module"
+#: ../../automation/vyos-pyvyos.rst:15
+msgid "Installation"
+msgstr "Installation"
+
#: ../../automation/vyos-salt.rst:98
msgid "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
msgstr "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
@@ -451,6 +507,14 @@ msgstr "Proxmox IP address: **192.168.0.253/24**"
msgid "Proxmox `Cloud-init-Support`_."
msgstr "Proxmox `Cloud-init-Support`_."
+#: ../../automation/vyos-pyvyos.rst:6
+msgid "PyVyOS"
+msgstr "PyVyOS"
+
+#: ../../automation/vyos-pyvyos.rst:8
+msgid "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+msgstr "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+
#: ../../automation/cloud-init.rst:416
msgid "References"
msgstr "References"
@@ -459,6 +523,10 @@ msgstr "References"
msgid "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
msgstr "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
+#: ../../automation/vyos-pyvyos.rst:132
+msgid "Reset Object"
+msgstr "Reset Object"
+
#: ../../automation/vyos-ansible.rst:80
msgid "Run ansible"
msgstr "Run ansible"
@@ -487,11 +555,11 @@ msgstr "Salt"
msgid "Salt master configuration:"
msgstr "Salt master configuration:"
-#: ../../automation/vyos-api.rst:307
+#: ../../automation/vyos-api.rst:344
msgid "Save a running configuration to a file."
msgstr "Save a running configuration to a file."
-#: ../../automation/vyos-api.rst:289
+#: ../../automation/vyos-api.rst:326
msgid "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
msgstr "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
@@ -503,6 +571,10 @@ msgstr "Script vyos-napalm.py"
msgid "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
msgstr "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
+#: ../../automation/vyos-pyvyos.rst:115
+msgid "Show Object"
+msgstr "Show Object"
+
#: ../../automation/command-scripting.rst:52
msgid "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
msgstr "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
@@ -523,7 +595,7 @@ msgstr "Structure of files"
msgid "System Defaults/Fallbacks"
msgstr "System Defaults/Fallbacks"
-#: ../../automation/vyos-api.rst:264
+#: ../../automation/vyos-api.rst:301
msgid "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
msgstr "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
@@ -535,11 +607,11 @@ msgstr "The ``/config/scripts/vyos-postconfig-bootup.script`` script is called o
msgid "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
msgstr "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
-#: ../../automation/vyos-api.rst:187
+#: ../../automation/vyos-api.rst:224
msgid "The ``/show`` endpoint is to show everything in the operational mode."
msgstr "The ``/show`` endpoint is to show everything in the operational mode."
-#: ../../automation/vyos-api.rst:211
+#: ../../automation/vyos-api.rst:248
msgid "The ``generate`` endpoint run a ``generate`` command."
msgstr "The ``generate`` endpoint run a ``generate`` command."
@@ -568,7 +640,7 @@ msgstr "The default file looks like this:"
msgid "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
msgstr "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
-#: ../../automation/vyos-api.rst:287
+#: ../../automation/vyos-api.rst:324
msgid "The endpoint ``/config-file`` is to save or load a configuration."
msgstr "The endpoint ``/config-file`` is to save or load a configuration."
@@ -604,11 +676,11 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
msgstr "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
-#: ../../automation/vyos-api.rst:323
+#: ../../automation/vyos-api.rst:360
msgid "To Load a configuration file."
msgstr "To Load a configuration file."
-#: ../../automation/vyos-api.rst:149
+#: ../../automation/vyos-api.rst:186
msgid "To add or delete an image, use the ``/image`` endpoint."
msgstr "To add or delete an image, use the ``/image`` endpoint."
@@ -624,6 +696,10 @@ msgstr "To get the whole configuration, pass an empty list to the ``path`` field
msgid "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
msgstr "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
+#: ../../automation/vyos-api.rst:149
+msgid "To initiate a reboot use the ``reboot`` endpoint."
+msgstr "To initiate a reboot use the ``reboot`` endpoint."
+
#: ../../automation/command-scripting.rst:128
msgid "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
msgstr "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
@@ -632,6 +708,10 @@ msgstr "To make sure that a script is not accidentally called without the ``vyat
msgid "To only get a part of the configuration, for example ``system syslog``."
msgstr "To only get a part of the configuration, for example ``system syslog``."
+#: ../../automation/vyos-api.rst:167
+msgid "To power off the system use the ``poweroff`` endpoint."
+msgstr "To power off the system use the ``poweroff`` endpoint."
+
#: ../../automation/cloud-init.rst:223
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -648,6 +728,14 @@ msgstr "User-data"
msgid "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
msgstr "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
+#: ../../automation/vyos-pyvyos.rst:35
+msgid "Using API Response Class"
+msgstr "Using API Response Class"
+
+#: ../../automation/vyos-pyvyos.rst:65
+msgid "Using PyVyOS"
+msgstr "Using PyVyOS"
+
#: ../../automation/cloud-init.rst:373
msgid "VM ID: in this example, VM ID used is 555."
msgstr "VM ID: in this example, VM ID used is 555."
@@ -736,11 +824,15 @@ msgstr "Without proxy it requires VyOS minion configuration and support op-mode
msgid "Without proxy it requires VyOS minion configuration and supports op-mode data:"
msgstr "Without proxy it requires VyOS minion configuration and supports op-mode data:"
-#: ../../automation/vyos-api.rst:230
+#: ../../automation/vyos-pyvyos.rst:17
+msgid "You can install PyVyOS using pip:"
+msgstr "You can install PyVyOS using pip:"
+
+#: ../../automation/vyos-api.rst:267
msgid "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
msgstr "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
-#: ../../automation/vyos-api.rst:249
+#: ../../automation/vyos-api.rst:286
msgid "``delete`` a single command"
msgstr "``delete`` a single command"
@@ -748,7 +840,7 @@ msgstr "``delete`` a single command"
msgid "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
msgstr "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
-#: ../../automation/vyos-api.rst:233
+#: ../../automation/vyos-api.rst:270
msgid "``set`` a single command"
msgstr "``set`` a single command"
@@ -764,7 +856,7 @@ msgstr "``vyos``/``vyos`` credentials if no others specified by data source."
msgid "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
msgstr "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
-#: ../../automation/vyos-api.rst:151
+#: ../../automation/vyos-api.rst:188
msgid "add an image"
msgstr "add an image"
@@ -784,7 +876,7 @@ msgstr "cloud-init logs to /var/log/cloud-init.log. This file can be helpful in
msgid "commands.txt"
msgstr "commands.txt"
-#: ../../automation/vyos-api.rst:168
+#: ../../automation/vyos-api.rst:205
msgid "delete an image, for example ``1.3-rolling-202006070117``"
msgstr "delete an image, for example ``1.3-rolling-202006070117``"
diff --git a/docs/_locale/ja/cli.pot b/docs/_locale/ja/cli.pot
index c5981e8e..09dede28 100644
--- a/docs/_locale/ja/cli.pot
+++ b/docs/_locale/ja/cli.pot
@@ -124,15 +124,19 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to `
msgid "Get a collection of all the set commands required which led to the running configuration."
msgstr "Get a collection of all the set commands required which led to the running configuration."
-#: ../../cli.rst:930
+#: ../../cli.rst:933
msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
-#: ../../cli.rst:916
+#: ../../cli.rst:919
msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
#: ../../cli.rst:413
+msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+
+#: ../../cli.rst:413
msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
@@ -168,7 +172,7 @@ msgstr "Remote Archive"
msgid "Rename a configuration element."
msgstr "Rename a configuration element."
-#: ../../cli.rst:914
+#: ../../cli.rst:917
msgid "Restore Default"
msgstr "Restore Default"
@@ -184,7 +188,7 @@ msgstr "Rollback Changes"
msgid "Rollback to revision N (currently requires reboot)"
msgstr "Rollback to revision N (currently requires reboot)"
-#: ../../cli.rst:881
+#: ../../cli.rst:884
msgid "Saving and loading manually"
msgstr "Saving and loading manually"
@@ -244,11 +248,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:
msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
-#: ../../cli.rst:869
+#: ../../cli.rst:872
msgid "The number of revisions don't affect the commit-archive."
msgstr "The number of revisions don't affect the commit-archive."
-#: ../../cli.rst:927
+#: ../../cli.rst:930
msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
@@ -280,7 +284,7 @@ msgstr "To remove an existing comment from your current configuration, specify a
msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
-#: ../../cli.rst:892
+#: ../../cli.rst:895
msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
@@ -352,7 +356,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper
msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
-#: ../../cli.rst:886
+#: ../../cli.rst:889
msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
@@ -364,6 +368,10 @@ msgstr "When viewing in page mode the following commands are available:"
msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+#: ../../cli.rst:370
+msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+
#: ../../cli.rst:618
msgid "You can also rename config subtrees:"
msgstr "You can also rename config subtrees:"
@@ -384,15 +392,15 @@ msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down wit
msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
-#: ../../cli.rst:883
+#: ../../cli.rst:886
msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
-#: ../../cli.rst:871
+#: ../../cli.rst:874
msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
-#: ../../cli.rst:924
+#: ../../cli.rst:927
msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
@@ -404,6 +412,18 @@ msgstr "``b`` will scroll back one page"
msgid "``ftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``ftp://<user>:<passwd>@<host>/<dir>``"
+#: ../../cli.rst:870
+msgid "``git+https://<user>:<passwd>@<host>/<path>``"
+msgstr "``git+https://<user>:<passwd>@<host>/<path>``"
+
+#: ../../cli.rst:864
+msgid "``http://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``http://<user>:<passwd>@<host>:/<dir>``"
+
+#: ../../cli.rst:865
+msgid "``https://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``https://<user>:<passwd>@<host>:/<dir>``"
+
#: ../../cli.rst:71
msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
@@ -416,11 +436,11 @@ msgstr "``q`` key can be used to cancel output"
msgid "``return`` will scroll down one line"
msgstr "``return`` will scroll down one line"
-#: ../../cli.rst:864
+#: ../../cli.rst:868
msgid "``scp://<user>:<passwd>@<host>:/<dir>``"
msgstr "``scp://<user>:<passwd>@<host>:/<dir>``"
-#: ../../cli.rst:865
+#: ../../cli.rst:867
msgid "``sftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
@@ -428,7 +448,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
msgid "``space`` will scroll down one page"
msgstr "``space`` will scroll down one page"
-#: ../../cli.rst:867
+#: ../../cli.rst:869
msgid "``tftp://<host>/<dir>``"
msgstr "``tftp://<host>/<dir>``"
diff --git a/docs/_locale/ja/configexamples.pot b/docs/_locale/ja/configexamples.pot
index c1c956cc..f577a4de 100644
--- a/docs/_locale/ja/configexamples.pot
+++ b/docs/_locale/ja/configexamples.pot
@@ -211,22 +211,18 @@ msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them."
msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them."
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
msgid "64496:1"
msgstr "64496:1"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
msgid "64496:100"
msgstr "64496:100"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
msgid "64496:2"
msgstr "64496:2"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
msgid "64496:50"
msgstr "64496:50"
@@ -276,7 +272,7 @@ msgstr "A brief excursion into VRFs: This has been one of the longest-standing f
msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
-#: ../../configexamples/index.rst:35
+#: ../../configexamples/index.rst:37
msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
@@ -322,10 +318,22 @@ msgstr "Active Directory on Windows server"
msgid "Add (temporary) default route"
msgstr "Add (temporary) default route"
+#: ../../configexamples/ansible.rst:73
+msgid "Add all the hosts of VyOS:"
+msgstr "Add all the hosts of VyOS:"
+
+#: ../../configexamples/ansible.rst:85
+msgid "Add general variables:"
+msgstr "Add general variables:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47
msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
+#: ../../configexamples/ansible.rst:99
+msgid "Add the simple playbook with the tasks for each router:"
+msgstr "Add the simple playbook with the tasks for each router:"
+
#: ../../configexamples/wan-load-balancing.rst:167
msgid "Adding a rule for the second interface"
msgstr "Adding a rule for the second interface"
@@ -426,11 +434,15 @@ msgstr "And show all DHCP Leases"
msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig."
msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig."
-#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None
-#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None
+#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1
msgid "Ansible Example topology image"
msgstr "Ansible Example topology image"
+#: ../../configexamples/ansible.rst:7
+msgid "Ansible example"
+msgstr "Ansible example"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10
msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
@@ -559,6 +571,10 @@ msgstr "Basic Firewall"
msgid "Basic Setup (via console)"
msgstr "Basic Setup (via console)"
+#: ../../configexamples/ansible.rst:64
+msgid "Basik configuration of the ansible.cfg:"
+msgstr "Basik configuration of the ansible.cfg:"
+
#: ../../configexamples/qos.rst:74
msgid "Before the interface eth0 on router VyOS3"
msgstr "Before the interface eth0 on router VyOS3"
@@ -611,6 +627,14 @@ msgstr "Check the result"
msgid "Check the result."
msgstr "Check the result."
+#: ../../configexamples/ansible.rst:142
+msgid "Check the result on the vyos10 router:"
+msgstr "Check the result on the vyos10 router:"
+
+#: ../../configexamples/ansible.rst:51
+msgid "Check the version:"
+msgstr "Check the version:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164
msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
@@ -619,6 +643,10 @@ msgstr "Checking the routing table of the VRF should reveal both static and conn
msgid "Checking through op-mode commands"
msgstr "Checking through op-mode commands"
+#: ../../configexamples/site-2-site-cisco.rst:71
+msgid "Cisco"
+msgstr "Cisco"
+
#: ../../configexamples/ha.rst:90
msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
@@ -652,6 +680,7 @@ msgstr "Conclusions"
#: ../../configexamples/ospf-unnumbered.rst:12
#: ../../configexamples/policy-based-ipsec-and-firewall.rst:47
#: ../../configexamples/segment-routing-isis.rst:24
+#: ../../configexamples/site-2-site-cisco.rst:18
msgid "Configuration"
msgstr "Configuration"
@@ -675,7 +704,7 @@ msgstr "Configuration 'dcsp' and shaper using QoS"
msgid "Configuration Blueprints"
msgstr "Configuration Blueprints"
-#: ../../configexamples/index.rst:28
+#: ../../configexamples/index.rst:30
msgid "Configuration Blueprints (autotest)"
msgstr "Configuration Blueprints (autotest)"
@@ -856,7 +885,7 @@ msgstr "Dynamic routing used between CE and PE nodes and eBGP peering establishe
msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
-#: ../../configexamples/index.rst:32
+#: ../../configexamples/index.rst:34
msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
@@ -962,6 +991,10 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman
msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
+#: ../../configexamples/site-2-site-cisco.rst:9
+msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+
#: ../../configexamples/ha.rst:60
msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
@@ -998,6 +1031,10 @@ msgstr "From Management to Outside (fails as intended)"
msgid "Full configuration from all devices"
msgstr "Full configuration from all devices"
+#: ../../configexamples/site-2-site-cisco.rst:23
+msgid "GRE:"
+msgstr "GRE:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19
msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
@@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:"
msgid "IP Schema"
msgstr "IP Schema"
+#: ../../configexamples/site-2-site-cisco.rst:34
+msgid "IPsec:"
+msgstr "IPsec:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85
msgid "IPv4 Network"
msgstr "IPv4 Network"
@@ -1171,6 +1212,10 @@ msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS sys
msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
+#: ../../configexamples/ansible.rst:216
+msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+
#: ../../configexamples/ha.rst:154
msgid "In this case, the hardware router has a different IP, so it would be"
msgstr "In this case, the hardware router has a different IP, so it would be"
@@ -1191,6 +1236,10 @@ msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream
msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
+#: ../../configexamples/ansible.rst:12
+msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42
msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication."
msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication."
@@ -1215,6 +1264,14 @@ msgstr "Information about Ethernet Virtual Private Networks"
msgid "Information about prefix-sid and label-operation from VyOS"
msgstr "Information about prefix-sid and label-operation from VyOS"
+#: ../../configexamples/ansible.rst:37
+msgid "Install the Ansible:"
+msgstr "Install the Ansible:"
+
+#: ../../configexamples/ansible.rst:44
+msgid "Install the paramiko:"
+msgstr "Install the paramiko:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3
msgid "Inter-VRF Routing over VRF Lite"
msgstr "Inter-VRF Routing over VRF Lite"
@@ -1276,7 +1333,7 @@ msgstr "Keep networks isolated is -in general- a good principle, but there are c
msgid "L3VPN EVPN with VyOS"
msgstr "L3VPN EVPN with VyOS"
-#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None
+#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1
msgid "L3VPN EVPN with VyOS topology image"
msgstr "L3VPN EVPN with VyOS topology image"
@@ -1403,29 +1460,14 @@ msgstr "Network Cabling"
msgid "Network Topology"
msgstr "Network Topology"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None
-#: ../../configexamples/l3vpn-hub-and-spoke.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/pppoe-ipv6-basic.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/zone-policy.rst:None
+#: ../../configexamples/ansible.rst:-1
+#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1
+#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1
+#: ../../configexamples/nmp.rst:-1
+#: ../../configexamples/pppoe-ipv6-basic.rst:-1
+#: ../../configexamples/qos.rst:-1
+#: ../../configexamples/wan-load-balancing.rst:-1
+#: ../../configexamples/zone-policy.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -1457,7 +1499,7 @@ msgstr "Node"
msgid "Note that router1 is a VM that runs on one of the compute nodes."
msgstr "Note that router1 is a VM that runs on one of the compute nodes."
-#: ../../configexamples/pppoe-ipv6-basic.rst:111
+#: ../../configexamples/pppoe-ipv6-basic.rst:115
msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
@@ -1554,7 +1596,7 @@ msgstr "One cable/logical connection between LAN2 and Management"
msgid "OpenVPN with LDAP"
msgstr "OpenVPN with LDAP"
-#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None
+#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1
msgid "OpenVPN with LDAP topology image"
msgstr "OpenVPN with LDAP topology image"
@@ -1793,6 +1835,10 @@ msgstr "Sets your LAN interface's IP address"
msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
+#: ../../configexamples/ansible.rst:10
+msgid "Setting up Ansible on a server running the Debian operating system."
+msgstr "Setting up Ansible on a server running the Debian operating system."
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51
msgid "Setup the ipv6 default route to the tunnel interface"
msgstr "Setup the ipv6 default route to the tunnel interface"
@@ -1809,6 +1855,10 @@ msgstr "Similarly, to attach the firewall, you would use `set interfaces etherne
msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
+#: ../../configexamples/site-2-site-cisco.rst:128
+msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+
#: ../../configexamples/zone-policy.rst:236
msgid "Since we have 4 zones, we need to setup the following rulesets."
msgstr "Since we have 4 zones, we need to setup the following rulesets."
@@ -1821,6 +1871,10 @@ msgstr "Single LAN Setup"
msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
+#: ../../configexamples/site-2-site-cisco.rst:4
+msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179
msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
@@ -1838,6 +1892,10 @@ msgstr "Spoke"
msgid "Start by setting the interface and default action for each zone."
msgstr "Start by setting the interface and default action for each zone."
+#: ../../configexamples/ansible.rst:122
+msgid "Start the playbook:"
+msgstr "Start the playbook:"
+
#: ../../configexamples/zone-policy.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
@@ -1909,6 +1967,11 @@ msgstr "Testdate: 2023-05-11"
msgid "Testdate: 2023-08-31"
msgstr "Testdate: 2023-08-31"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7
+msgid "Testdate: 2024-01-13"
+msgstr "Testdate: 2024-01-13"
+
#: ../../configexamples/ha.rst:276
#: ../../configexamples/ha.rst:337
msgid "Testing"
@@ -1979,7 +2042,11 @@ msgstr "The format of these addresses:"
msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
-#: ../../configexamples/index.rst:30
+#: ../../configexamples/site-2-site-cisco.rst:14
+msgid "The lab was built using EVE-NG."
+msgstr "The lab was built using EVE-NG."
+
+#: ../../configexamples/index.rst:32
msgid "The next pages contains automatic full tested configuration examples."
msgstr "The next pages contains automatic full tested configuration examples."
@@ -1987,7 +2054,7 @@ msgstr "The next pages contains automatic full tested configuration examples."
msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
-#: ../../configexamples/index.rst:38
+#: ../../configexamples/index.rst:40
msgid "The process will do the following steps:"
msgstr "The process will do the following steps:"
@@ -1999,6 +2066,10 @@ msgstr "The scope of this document is to cover such cases in a dynamic way witho
msgid "The setup used in this example is shown in the following diagram:"
msgstr "The setup used in this example is shown in the following diagram:"
+#: ../../configexamples/ansible.rst:161
+msgid "The simple way without configuration of the hostname (one task for all routers):"
+msgstr "The simple way without configuration of the hostname (one task for all routers):"
+
#: ../../configexamples/ha.rst:339
msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
@@ -2079,6 +2150,10 @@ msgstr "This example uses the failover mode."
msgid "This gives us MPLS segment routing enabled and labels forwarding :"
msgstr "This gives us MPLS segment routing enabled and labels forwarding :"
+#: ../../configexamples/site-2-site-cisco.rst:6
+msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+
#: ../../configexamples/azure-vpn-dual-bgp.rst:8
msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
@@ -2196,7 +2271,7 @@ msgstr "Transport:"
msgid "Tunnelbroker.net (IPv6)"
msgstr "Tunnelbroker.net (IPv6)"
-#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1
msgid "Tunnelbroker topology image"
msgstr "Tunnelbroker topology image"
@@ -2212,6 +2287,7 @@ msgstr "Two rules will be created, the first rule directs traffic coming in from
msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
+#: ../../configexamples/ansible.rst:15
#: ../../configexamples/qos.rst:16
msgid "Using the general schema for example:"
msgstr "Using the general schema for example:"
@@ -2245,6 +2321,7 @@ msgstr "VRRP Configuration"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829
+#: ../../configexamples/site-2-site-cisco.rst:134
msgid "Verification"
msgstr "Verification"
@@ -2264,9 +2341,18 @@ msgid "Version: 1.4-rolling-202308240020"
msgstr "Version: 1.4-rolling-202308240020"
#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8
+msgid "Version: 1.5-rolling-202401121239"
+msgstr "Version: 1.5-rolling-202401121239"
+
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
msgid "Version: vyos-1.4-rolling-202302150317"
msgstr "Version: vyos-1.4-rolling-202302150317"
+#: ../../configexamples/site-2-site-cisco.rst:21
+msgid "VyOS"
+msgstr "VyOS"
+
#: ../../configexamples/l3vpn-hub-and-spoke.rst:1025
msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
@@ -2434,6 +2520,10 @@ msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF t
msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
+#: ../../configexamples/ansible.rst:22
+msgid "We have four pre-configured routers with this configuration:"
+msgstr "We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/zone-policy.rst:25
msgid "We have three networks."
msgstr "We have three networks."
@@ -2623,15 +2713,15 @@ msgstr "compute3 - Port 11 of each switch"
msgid "compute3 (VMware ESXi 6.5)"
msgstr "compute3 (VMware ESXi 6.5)"
-#: ../../configexamples/index.rst:41
+#: ../../configexamples/index.rst:43
msgid "configure each host in the lab"
msgstr "configure each host in the lab"
-#: ../../configexamples/index.rst:40
+#: ../../configexamples/index.rst:42
msgid "create the lab on a eve-ng server"
msgstr "create the lab on a eve-ng server"
-#: ../../configexamples/index.rst:42
+#: ../../configexamples/index.rst:44
msgid "do some defined tests"
msgstr "do some defined tests"
@@ -2652,7 +2742,7 @@ msgstr "extended community and remote label of specific destination"
msgid "first the PCA"
msgstr "first the PCA"
-#: ../../configexamples/index.rst:44
+#: ../../configexamples/index.rst:46
msgid "generate the documentation and include files"
msgstr "generate the documentation and include files"
@@ -2664,7 +2754,7 @@ msgstr "green uses local routing table id and VNI 4000"
msgid "information between PE and CE:"
msgstr "information between PE and CE:"
-#: ../../configexamples/index.rst:43
+#: ../../configexamples/index.rst:45
msgid "optional do an upgrade to a higher version and do step 3 again."
msgstr "optional do an upgrade to a higher version and do step 3 again."
@@ -2680,7 +2770,7 @@ msgstr "router2 (Random 1RU machine with 4 NICs)"
msgid "save the output to a file and import it in nearly all openvpn clients."
msgstr "save the output to a file and import it in nearly all openvpn clients."
-#: ../../configexamples/index.rst:45
+#: ../../configexamples/index.rst:47
msgid "shutdown and destroy the lab, if there is no error"
msgstr "shutdown and destroy the lab, if there is no error"
@@ -2700,6 +2790,22 @@ msgstr "switch2 (Nexus 10gb Switch)"
msgid "v6 pairs would be:"
msgstr "v6 pairs would be:"
+#: ../../configexamples/ansible.rst:34
+msgid "vyos10 - 192.0.2.108"
+msgstr "vyos10 - 192.0.2.108"
+
+#: ../../configexamples/ansible.rst:31
+msgid "vyos7 - 192.0.2.105"
+msgstr "vyos7 - 192.0.2.105"
+
+#: ../../configexamples/ansible.rst:32
+msgid "vyos8 - 192.0.2.106"
+msgstr "vyos8 - 192.0.2.106"
+
+#: ../../configexamples/ansible.rst:33
+msgid "vyos9 - 192.0.2.107"
+msgstr "vyos9 - 192.0.2.107"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571
msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot
index 7a5f67f1..cf365560 100644
--- a/docs/_locale/ja/configuration.pot
+++ b/docs/_locale/ja/configuration.pot
@@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag"
msgid "\"Other configuration\" flag"
msgstr "\"Other configuration\" flag"
+#: ../../configuration/firewall/flowtables.rst:5
+msgid "###################ä############# Flowtables Firewall Configuration #################################"
+msgstr "###################ä############# Flowtables Firewall Configuration #################################"
+
#: ../../configuration/protocols/babel.rst:146
msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
@@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic."
msgid "**Apply the traffic policy to an interface ingress or egress**."
msgstr "**Apply the traffic policy to an interface ingress or egress**."
+#: ../../configuration/firewall/index.rst:22
+msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+
+#: ../../configuration/firewall/index.rst:23
+msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+
#: ../../configuration/interfaces/tunnel.rst:137
msgid "**Cisco IOS Router:**"
msgstr "**Cisco IOS Router:**"
-#: ../../configuration/service/pppoe-server.rst:69
+#: ../../configuration/service/pppoe-server.rst:66
msgid "**Client IP address via IP range definition**"
msgstr "**Client IP address via IP range definition**"
@@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**"
msgid "**Cluster-List length check**"
msgstr "**Cluster-List length check**"
+#: ../../configuration/firewall/index.rst:35
+msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+
#: ../../configuration/trafficpolicy/index.rst:30
msgid "**Create a traffic policy**."
msgstr "**Create a traffic policy**."
+#: ../../configuration/interfaces/wwan.rst:53
#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021q.txt:97
#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../configuration/interfaces/wwan.rst:53
msgid "**DHCP(v6)**"
msgstr "**DHCP(v6)**"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
msgid "**DHCPv6 Prefix Delegation (PD)**"
msgstr "**DHCPv6 Prefix Delegation (PD)**"
+#: ../../configuration/firewall/index.rst:41
+msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/firewall/index.rst:43
+msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/index.rst:44
+msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/bridge.rst:9
+#: ../../configuration/firewall/flowtables.rst:9
+msgid "**Documentation under development**"
+msgstr "**Documentation under development**"
+
#: ../../configuration/trafficpolicy/index.rst:169
msgid "**Ethernet (protocol, destination address or source address)**"
msgstr "**Ethernet (protocol, destination address or source address)**"
-#: ../../configuration/service/dhcp-server.rst:235
-#: ../../configuration/service/dhcp-server.rst:657
-#: ../../configuration/service/dhcp-server.rst:694
+#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/service/dhcp-server.rst:587
+#: ../../configuration/service/dhcp-server.rst:626
msgid "**Example:**"
msgstr "**Example:**"
@@ -177,10 +182,30 @@ msgstr "**External check**"
msgid "**Firewall mark**"
msgstr "**Firewall mark**"
-#: ../../configuration/firewall/index.rst:41
+#: ../../configuration/firewall/flowtables.rst:51
+msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+
+#: ../../configuration/firewall/index.rst:152
msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
+#: ../../configuration/firewall/index.rst:58
+msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:86
+msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/index.rst:87
+msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/flowtables.rst:83
+msgid "**Hardware offload:** should be supported by the NICs used."
+msgstr "**Hardware offload:** should be supported by the NICs used."
+
#: ../../configuration/protocols/bgp.rst:94
msgid "**IGP cost check**"
msgstr "**IGP cost check**"
@@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr
msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
+#: ../../configuration/firewall/ipv4.rst:60
+#: ../../configuration/firewall/ipv6.rst:60
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+
+#: ../../configuration/firewall/bridge.rst:143
+#: ../../configuration/firewall/ipv4.rst:190
+#: ../../configuration/firewall/ipv6.rst:190
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+
#: ../../configuration/firewall/general.rst:72
msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
@@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term
msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
+#: ../../configuration/firewall/index.rst:48
+msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:49
+msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/trafficpolicy/index.rst:170
msgid "**Interface name**"
msgstr "**Interface name**"
-#: ../../configuration/vpn/site2site_ipsec.rst:299
+#: ../../configuration/vpn/site2site_ipsec.rst:303
msgid "**LEFT**"
msgstr "**LEFT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:283
+#: ../../configuration/vpn/site2site_ipsec.rst:287
msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
-#: ../../configuration/interfaces/vxlan.rst:214
+#: ../../configuration/firewall/bridge.rst:48
+msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+
+#: ../../configuration/interfaces/vxlan.rst:235
msgid "**Leaf2 configuration:**"
msgstr "**Leaf2 configuration:**"
-#: ../../configuration/interfaces/vxlan.rst:239
+#: ../../configuration/interfaces/vxlan.rst:260
msgid "**Leaf3 configuration:**"
msgstr "**Leaf3 configuration:**"
@@ -261,33 +309,33 @@ msgstr "**MED check**"
msgid "**Multi-path check**"
msgstr "**Multi-path check**"
-#: ../../configuration/protocols/bgp.rst:1192
+#: ../../configuration/protocols/bgp.rst:1193
msgid "**Node1:**"
msgstr "**Node1:**"
-#: ../../configuration/protocols/bgp.rst:1220
+#: ../../configuration/protocols/bgp.rst:1221
msgid "**Node2:**"
msgstr "**Node2:**"
#: ../../configuration/protocols/ospf.rst:840
#: ../../configuration/protocols/ospf.rst:913
#: ../../configuration/protocols/ospf.rst:985
-#: ../../configuration/protocols/ospf.rst:1348
+#: ../../configuration/protocols/ospf.rst:1350
#: ../../configuration/protocols/segment-routing.rst:281
msgid "**Node 1**"
msgstr "**Node 1**"
#: ../../configuration/protocols/babel.rst:192
-#: ../../configuration/protocols/bgp.rst:1102
-#: ../../configuration/protocols/bgp.rst:1129
-#: ../../configuration/protocols/bgp.rst:1147
-#: ../../configuration/protocols/bgp.rst:1175
-#: ../../configuration/protocols/isis.rst:313
-#: ../../configuration/protocols/isis.rst:388
-#: ../../configuration/protocols/isis.rst:429
-#: ../../configuration/protocols/isis.rst:467
+#: ../../configuration/protocols/bgp.rst:1103
+#: ../../configuration/protocols/bgp.rst:1130
+#: ../../configuration/protocols/bgp.rst:1148
+#: ../../configuration/protocols/bgp.rst:1176
+#: ../../configuration/protocols/isis.rst:341
+#: ../../configuration/protocols/isis.rst:416
+#: ../../configuration/protocols/isis.rst:457
+#: ../../configuration/protocols/isis.rst:495
#: ../../configuration/protocols/ospf.rst:948
-#: ../../configuration/protocols/ospf.rst:1318
+#: ../../configuration/protocols/ospf.rst:1320
#: ../../configuration/protocols/rip.rst:243
#: ../../configuration/protocols/segment-routing.rst:195
msgid "**Node 1:**"
@@ -296,20 +344,20 @@ msgstr "**Node 1:**"
#: ../../configuration/protocols/ospf.rst:850
#: ../../configuration/protocols/ospf.rst:930
#: ../../configuration/protocols/ospf.rst:1001
-#: ../../configuration/protocols/ospf.rst:1363
+#: ../../configuration/protocols/ospf.rst:1365
#: ../../configuration/protocols/segment-routing.rst:296
msgid "**Node 2**"
msgstr "**Node 2**"
#: ../../configuration/protocols/babel.rst:202
-#: ../../configuration/protocols/bgp.rst:1113
-#: ../../configuration/protocols/bgp.rst:1135
-#: ../../configuration/protocols/bgp.rst:1159
-#: ../../configuration/protocols/bgp.rst:1181
-#: ../../configuration/protocols/isis.rst:324
-#: ../../configuration/protocols/isis.rst:404
-#: ../../configuration/protocols/isis.rst:483
-#: ../../configuration/protocols/ospf.rst:1327
+#: ../../configuration/protocols/bgp.rst:1114
+#: ../../configuration/protocols/bgp.rst:1136
+#: ../../configuration/protocols/bgp.rst:1160
+#: ../../configuration/protocols/bgp.rst:1182
+#: ../../configuration/protocols/isis.rst:352
+#: ../../configuration/protocols/isis.rst:432
+#: ../../configuration/protocols/isis.rst:511
+#: ../../configuration/protocols/ospf.rst:1329
#: ../../configuration/protocols/rip.rst:251
#: ../../configuration/protocols/segment-routing.rst:211
msgid "**Node 2:**"
@@ -331,15 +379,39 @@ msgstr "**One gateway:**"
msgid "**Origin check**"
msgstr "**Origin check**"
+#: ../../configuration/firewall/index.rst:64
+msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:65
+msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/protocols/bgp.rst:125
msgid "**Peer address**"
msgstr "**Peer address**"
+#: ../../configuration/firewall/index.rst:38
+msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+
#: ../../configuration/policy/examples.rst:5
msgid "**Policy definition:**"
msgstr "**Policy definition:**"
-#: ../../configuration/service/dhcp-server.rst:450
+#: ../../configuration/firewall/index.rst:76
+msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+
+#: ../../configuration/firewall/index.rst:29
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/firewall/index.rst:28
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/service/dhcp-server.rst:391
msgid "**Primary**"
msgstr "**Primary**"
@@ -401,19 +473,19 @@ msgstr "**R2**"
msgid "**R2 Static Key**"
msgstr "**R2 Static Key**"
-#: ../../configuration/service/pppoe-server.rst:104
+#: ../../configuration/service/pppoe-server.rst:91
msgid "**RADIUS based IP pools (Framed-IP-Address)**"
msgstr "**RADIUS based IP pools (Framed-IP-Address)**"
-#: ../../configuration/service/pppoe-server.rst:128
+#: ../../configuration/service/pppoe-server.rst:115
msgid "**RADIUS sessions management DM/CoA**"
msgstr "**RADIUS sessions management DM/CoA**"
-#: ../../configuration/vpn/site2site_ipsec.rst:335
+#: ../../configuration/vpn/site2site_ipsec.rst:343
msgid "**RIGHT**"
msgstr "**RIGHT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:289
+#: ../../configuration/vpn/site2site_ipsec.rst:293
msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
@@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172
msgid "**Router-ID check**"
msgstr "**Router-ID check**"
-#: ../../configuration/protocols/igmp.rst:46
+#: ../../configuration/protocols/pim.rst:228
msgid "**Router 1**"
msgstr "**Router 1**"
-#: ../../configuration/protocols/igmp.rst:74
+#: ../../configuration/protocols/pim.rst:256
msgid "**Router 2**"
msgstr "**Router 2**"
-#: ../../configuration/protocols/igmp.rst:59
+#: ../../configuration/protocols/pim.rst:241
msgid "**Router 3**"
msgstr "**Router 3**"
@@ -449,7 +521,7 @@ msgstr "**SW1**"
msgid "**SW2**"
msgstr "**SW2**"
-#: ../../configuration/service/dhcp-server.rst:459
+#: ../../configuration/service/dhcp-server.rst:400
msgid "**Secondary**"
msgstr "**Secondary**"
@@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**"
msgid "**Setting up the GRE tunnel**"
msgstr "**Setting up the GRE tunnel**"
-#: ../../configuration/interfaces/vxlan.rst:191
+#: ../../configuration/firewall/index.rst:80
+msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/interfaces/vxlan.rst:212
msgid "**Spine1 Configuration:**"
msgstr "**Spine1 Configuration:**"
-#: ../../configuration/protocols/ospf.rst:1378
+#: ../../configuration/protocols/ospf.rst:1380
msgid "**Status**"
msgstr "**Status**"
-#: ../../configuration/protocols/ospf.rst:1336
+#: ../../configuration/protocols/ospf.rst:1338
msgid "**To see the redistributed routes:**"
msgstr "**To see the redistributed routes:**"
@@ -490,48 +566,12 @@ msgstr "**VyOS Router:**"
msgid "**Weight check**"
msgstr "**Weight check**"
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
+#: ../../_include/interface-dhcp-options.txt:74
msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
@@ -579,51 +619,19 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe
msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
-#: ../../configuration/vpn/sstp.rst:188
+#: ../../configuration/vpn/sstp.rst:199
msgid "**deny** - deny mppe"
msgstr "**deny** - deny mppe"
-#: ../../configuration/nat/nat44.rst:201
+#: ../../configuration/nat/nat44.rst:213
msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
@@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server
msgid "**discard:** Received packets which already contain relay information will be discarded."
msgstr "**discard:** Received packets which already contain relay information will be discarded."
-#: ../../configuration/protocols/igmp.rst:195
+#: ../../configuration/protocols/igmp-proxy.rst:23
msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
@@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow
msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
-#: ../../configuration/firewall/general.rst:99
+#: ../../configuration/firewall/global-options.rst:36
msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
@@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen
msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
+#: ../../configuration/nat/nat44.rst:165
+msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
#: ../../configuration/interfaces/bonding.rst:161
msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
@@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c
msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
-#: ../../configuration/vpn/sstp.rst:187
+#: ../../configuration/nat/nat44.rst:149
+msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
+#: ../../configuration/vpn/sstp.rst:198
msgid "**prefer** - ask client for mppe, if it rejects don't fail"
msgstr "**prefer** - ask client for mppe, if it rejects don't fail"
@@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro
msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
-#: ../../configuration/nat/nat44.rst:169
+#: ../../configuration/nat/nat44.rst:181
msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
@@ -767,7 +783,7 @@ msgstr "**remote side - commands**"
msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
-#: ../../configuration/vpn/sstp.rst:186
+#: ../../configuration/vpn/sstp.rst:197
msgid "**require** - ask client for mppe, if it rejects drop connection"
msgstr "**require** - ask client for mppe, if it rejects drop connection"
@@ -779,7 +795,7 @@ msgstr "**right**"
msgid "**setpcap**: Capability sets (from bounded or inherited set)"
msgstr "**setpcap**: Capability sets (from bounded or inherited set)"
-#: ../../configuration/nat/nat44.rst:183
+#: ../../configuration/nat/nat44.rst:195
msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
@@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock"
msgid "**transition** - Send and accept both styles of TLVs during transition."
msgstr "**transition** - Send and accept both styles of TLVs during transition."
-#: ../../configuration/protocols/igmp.rst:191
+#: ../../configuration/protocols/igmp-proxy.rst:19
msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
@@ -860,25 +876,6 @@ msgid "011110"
msgstr "011110"
#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
msgid "0: Disable DAD"
msgstr "0: Disable DAD"
@@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing."
msgid "0 if not defined."
msgstr "0 if not defined."
-#: ../../configuration/service/dhcp-server.rst:270
+#: ../../configuration/service/dhcp-server.rst:237
#: ../../configuration/system/syslog.rst:114
#: ../../configuration/system/syslog.rst:173
#: ../../configuration/trafficpolicy/index.rst:801
@@ -898,7 +895,7 @@ msgstr "0 if not defined."
msgid "1"
msgstr "1"
-#: ../../configuration/nat/nat44.rst:588
+#: ../../configuration/nat/nat44.rst:612
msgid "1-to-1 NAT"
msgstr "1-to-1 NAT"
@@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s"
msgid "11"
msgstr "11"
-#: ../../configuration/service/dhcp-server.rst:352
+#: ../../configuration/service/dhcp-server.rst:319
msgid "119"
msgstr "119"
@@ -963,11 +960,11 @@ msgstr "119"
msgid "12"
msgstr "12"
-#: ../../configuration/service/dhcp-server.rst:357
+#: ../../configuration/service/dhcp-server.rst:324
msgid "121, 249"
msgstr "121, 249"
-#: ../../configuration/service/dhcp-server.rst:337
+#: ../../configuration/service/dhcp-server.rst:304
#: ../../configuration/system/syslog.rst:138
#: ../../configuration/trafficpolicy/index.rst:870
msgid "13"
@@ -979,7 +976,7 @@ msgstr "13"
msgid "14"
msgstr "14"
-#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:264
#: ../../configuration/system/syslog.rst:142
#: ../../configuration/trafficpolicy/index.rst:866
msgid "15"
@@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)"
msgid "18"
msgstr "18"
-#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:269
#: ../../configuration/system/syslog.rst:150
msgid "19"
msgstr "19"
@@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)"
msgid "1. Create an event handler"
msgstr "1. Create an event handler"
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
+#: ../../configuration/firewall/flowtables.rst:144
+msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+
#: ../../_include/interface-ipv6.txt:80
msgid "1: Enable DAD (default)"
msgstr "1: Enable DAD (default)"
@@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)"
msgid "1 if not defined."
msgstr "1 if not defined."
-#: ../../configuration/service/dhcp-server.rst:276
+#: ../../configuration/service/dhcp-server.rst:243
#: ../../configuration/system/syslog.rst:116
#: ../../configuration/system/syslog.rst:178
#: ../../configuration/trafficpolicy/index.rst:799
@@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s"
msgid "2500 - 2.5 GBit/s"
msgstr "2500 - 2.5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dhcp-server.rst:329
msgid "252"
msgstr "252"
@@ -1097,30 +1079,15 @@ msgstr "2FA OTP support"
msgid "2. Add regex to the script"
msgstr "2. Add regex to the script"
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
+#: ../../configuration/firewall/flowtables.rst:148
+msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+
#: ../../_include/interface-ipv6.txt:81
msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
-#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:249
#: ../../configuration/system/syslog.rst:118
#: ../../configuration/system/syslog.rst:181
#: ../../configuration/trafficpolicy/index.rst:797
@@ -1148,7 +1115,7 @@ msgstr "38"
msgid "3. Add a full path to the script"
msgstr "3. Add a full path to the script"
-#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:254
#: ../../configuration/system/syslog.rst:120
#: ../../configuration/system/syslog.rst:183
#: ../../configuration/trafficpolicy/index.rst:795
@@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s"
msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
-#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:274
msgid "42"
msgstr "42"
-#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:279
msgid "44"
msgstr "44"
@@ -1180,6 +1147,10 @@ msgstr "46"
msgid "4. Add optional parameters"
msgstr "4. Add optional parameters"
+#: ../../configuration/firewall/flowtables.rst:153
+msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+
#: ../../configuration/system/syslog.rst:122
#: ../../configuration/system/syslog.rst:185
#: ../../configuration/trafficpolicy/index.rst:793
@@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s"
msgid "5000 - 5 GBit/s"
msgstr "5000 - 5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:284
msgid "54"
msgstr "54"
+#: ../../configuration/firewall/flowtables.rst:157
+msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+
#: ../../configuration/highavailability/index.rst:257
#: ../../configuration/highavailability/index.rst:288
msgid "5 if not defined."
msgstr "5 if not defined."
-#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:259
#: ../../configuration/system/syslog.rst:124
#: ../../configuration/system/syslog.rst:189
#: ../../configuration/trafficpolicy/index.rst:791
@@ -1212,7 +1187,7 @@ msgstr "5 if not defined."
msgid "6"
msgstr "6"
-#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:294
msgid "66"
msgstr "66"
@@ -1220,14 +1195,18 @@ msgstr "66"
msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
-#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:299
msgid "67"
msgstr "67"
-#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:309
msgid "69"
msgstr "69"
+#: ../../configuration/firewall/flowtables.rst:161
+msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+
#: ../../configuration/interfaces/tunnel.rst:81
msgid "6in4 (SIT)"
msgstr "6in4 (SIT)"
@@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin
msgid "7"
msgstr "7"
-#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:314
msgid "70"
msgstr "70"
@@ -1252,11 +1231,6 @@ msgid "8"
msgstr "8"
#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
@@ -1325,22 +1299,31 @@ msgstr "<x.x.x.x>-<x.x.x.x>: IP range to match."
msgid "<x.x.x.x>: IP address to match."
msgstr "<x.x.x.x>: IP address to match."
+#: ../../configuration/pki/index.rst:252
+msgid "ACME"
+msgstr "ACME"
+
+#: ../../configuration/pki/index.rst:281
+msgid "ACME Directory Resource URI."
+msgstr "ACME Directory Resource URI."
+
+#: ../../configuration/service/https.rst:59
+msgid "API"
+msgstr "API"
+
#: ../../configuration/protocols/static.rst:150
msgid "ARP"
msgstr "ARP"
-#: ../../configuration/firewall/general.rst:302
-#: ../../configuration/firewall/general-legacy.rst:257
+#: ../../configuration/firewall/groups.rst:129
msgid "A **domain group** represents a collection of domains."
msgstr "A **domain group** represents a collection of domains."
-#: ../../configuration/firewall/general.rst:284
-#: ../../configuration/firewall/general-legacy.rst:242
+#: ../../configuration/firewall/groups.rst:111
msgid "A **mac group** represents a collection of mac addresses."
msgstr "A **mac group** represents a collection of mac addresses."
-#: ../../configuration/firewall/general.rst:259
-#: ../../configuration/firewall/general-legacy.rst:217
+#: ../../configuration/firewall/groups.rst:86
msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
@@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by
msgid "A Rule-Set can be applied to every interface:"
msgstr "A Rule-Set can be applied to every interface:"
-#: ../../configuration/service/dhcp-server.rst:631
+#: ../../configuration/service/dhcp-server.rst:561
msgid "A SNTP server address can be specified for DHCPv6 clients."
msgstr "A SNTP server address can be specified for DHCPv6 clients."
@@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac
msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
-#: ../../configuration/service/dns.rst:149
+#: ../../configuration/service/dns.rst:162
msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
-#: ../../configuration/service/dhcp-server.rst:603
+#: ../../configuration/service/dhcp-server.rst:533
msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
@@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used
msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
-#: ../../configuration/firewall/zone.rst:54
+#: ../../configuration/firewall/zone.rst:73
msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
@@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe
msgid "A complete LDAP auth OpenVPN configuration could look like the following example:"
msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:"
-#: ../../configuration/vpn/sstp.rst:323
+#: ../../configuration/vpn/sstp.rst:335
msgid "A connection attempt will be shown as:"
msgstr "A connection attempt will be shown as:"
@@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w
msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
-#: ../../configuration/nat/nat44.rst:685
+#: ../../configuration/nat/nat44.rst:709
msgid "A dummy interface for the provider-assigned IP;"
msgstr "A dummy interface for the provider-assigned IP;"
@@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi
msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
-#: ../../configuration/service/dhcp-server.rst:187
+#: ../../configuration/service/dhcp-server.rst:152
msgid "A generic `<name>` referencing this sync service."
msgstr "A generic `<name>` referencing this sync service."
@@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik
msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
+#: ../../configuration/firewall/flowtables.rst:44
+msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+
#: ../../configuration/protocols/bgp.rst:698
msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
@@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt
msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
-#: ../../configuration/nat/nat44.rst:360
+#: ../../configuration/nat/nat44.rst:374
msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"
msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:"
-#: ../../configuration/firewall/general.rst:761
-#: ../../configuration/firewall/general-legacy.rst:506
+#: ../../configuration/firewall/ipv4.rst:485
+#: ../../configuration/firewall/ipv6.rst:491
msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."
msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``."
@@ -1536,23 +1523,14 @@ msgid "A segment ID that contains an IP address prefix calculated by an IGP in t
msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it"
#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
-#: ../../configuration/service/dhcp-server.rst:659
+#: ../../configuration/service/dhcp-server.rst:589
msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
-#: ../../configuration/protocols/bgp.rst:1145
+#: ../../configuration/protocols/bgp.rst:1146
msgid "A simple BGP configuration via IPv6."
msgstr "A simple BGP configuration via IPv6."
@@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6."
msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
-#: ../../configuration/protocols/bgp.rst:1100
+#: ../../configuration/protocols/bgp.rst:1101
msgid "A simple eBGP configuration:"
msgstr "A simple eBGP configuration:"
@@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities."
msgid "A simple example of an FQ-CoDel policy working inside a Shaper one."
msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one."
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+
#: ../../configuration/nat/nat66.rst:28
msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
@@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa
msgid "A sync group allows VRRP groups to transition together."
msgstr "A sync group allows VRRP groups to transition together."
-#: ../../configuration/protocols/ospf.rst:1316
+#: ../../configuration/protocols/ospf.rst:1318
msgid "A typical configuration using 2 nodes."
msgstr "A typical configuration using 2 nodes."
-#: ../../configuration/nat/nat44.rst:400
+#: ../../configuration/nat/nat44.rst:414
msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
@@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header
msgid "A very small buffer will soon start dropping packets."
msgstr "A very small buffer will soon start dropping packets."
-#: ../../configuration/firewall/zone.rst:33
+#: ../../configuration/firewall/zone.rst:52
msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
-#: ../../configuration/service/dns.rst:384
+#: ../../configuration/service/dns.rst:397
msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
@@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected
msgid "Action which will be run once the ctrl-alt-del keystroke is received."
msgstr "Action which will be run once the ctrl-alt-del keystroke is received."
-#: ../../configuration/firewall/general.rst:327
+#: ../../configuration/firewall/bridge.rst:65
+#: ../../configuration/firewall/ipv4.rst:81
+#: ../../configuration/firewall/ipv6.rst:81
#: ../../configuration/policy/route.rst:238
msgid "Actions"
msgstr "Actions"
-#: ../../configuration/interfaces/openvpn.rst:431
+#: ../../configuration/interfaces/openvpn.rst:483
msgid "Active Directory"
msgstr "Active Directory"
@@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should
msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI."
msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI."
-#: ../../configuration/vpn/openconnect.rst:169
+#: ../../configuration/vpn/openconnect.rst:176
msgid "Adding a 2FA with an OTP-key"
msgstr "Adding a 2FA with an OTP-key"
@@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing
msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
-#: ../../configuration/nat/nat44.rst:738
+#: ../../configuration/nat/nat44.rst:760
msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
@@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis
msgid "Address"
msgstr "Address"
-#: ../../configuration/nat/nat44.rst:219
+#: ../../configuration/nat/nat44.rst:231
msgid "Address Conversion"
msgstr "Address Conversion"
@@ -1773,20 +1761,19 @@ msgstr "Address Conversion"
msgid "Address Families"
msgstr "Address Families"
-#: ../../configuration/firewall/general.rst:192
-#: ../../configuration/firewall/general-legacy.rst:168
+#: ../../configuration/firewall/groups.rst:19
msgid "Address Groups"
msgstr "Address Groups"
-#: ../../configuration/service/dhcp-server.rst:662
+#: ../../configuration/service/dhcp-server.rst:592
msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
-#: ../../configuration/service/dhcp-server.rst:652
+#: ../../configuration/service/dhcp-server.rst:582
msgid "Address pools"
msgstr "Address pools"
-#: ../../configuration/service/https.rst:42
+#: ../../configuration/service/https.rst:33
msgid "Address to listen for HTTPS requests"
msgstr "Address to listen for HTTPS requests"
@@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for
msgid "Administrative Distance"
msgstr "Administrative Distance"
-#: ../../configuration/nat/nat44.rst:289
+#: ../../configuration/nat/nat44.rst:301
msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
@@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix"
msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
-#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:325
msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
@@ -1846,7 +1833,7 @@ msgstr "Algorithm"
msgid "Aliases"
msgstr "Aliases"
-#: ../../configuration/service/dns.rst:154
+#: ../../configuration/service/dns.rst:167
msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
@@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes
msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
-#: ../../configuration/service/dns.rst:156
+#: ../../configuration/service/dns.rst:169
msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
@@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve
msgid "All reply sizes are accepted by default."
msgstr "All reply sizes are accepted by default."
+#: ../../configuration/protocols/pim.rst:91
+msgid "All routers in the PIM network must agree on these values."
+msgstr "All routers in the PIM network must agree on these values."
+
#: ../../configuration/system/task-scheduler.rst:10
msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
@@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an
msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
-#: ../../configuration/firewall/zone.rst:36
+#: ../../configuration/firewall/zone.rst:55
msgid "All traffic between zones is affected by existing policies"
msgstr "All traffic between zones is affected by existing policies"
-#: ../../configuration/firewall/zone.rst:35
+#: ../../configuration/firewall/zone.rst:54
msgid "All traffic to and from an interface within a zone is permitted."
msgstr "All traffic to and from an interface within a zone is permitted."
@@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy
msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
-#: ../../configuration/service/dns.rst:346
+#: ../../configuration/service/dns.rst:359
msgid "Allow explicit IPv6 address for the interface."
msgstr "Allow explicit IPv6 address for the interface."
@@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface."
msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
+#: ../../configuration/service/mdns.rst:43
+msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+
#: ../../configuration/protocols/bfd.rst:34
msgid "Allow this BFD peer to not be directly connected"
msgstr "Allow this BFD peer to not be directly connected"
-#: ../../configuration/firewall/general.rst:1137
#: ../../configuration/firewall/general-legacy.rst:694
msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
+#: ../../configuration/firewall/ipv4.rst:812
+#: ../../configuration/firewall/ipv6.rst:821
+#: ../../configuration/system/conntrack.rst:199
+msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+
#: ../../configuration/interfaces/bridge.rst:162
msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
@@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP
msgid "Already learned known_hosts files of clients need an update as the public key will change."
msgstr "Already learned known_hosts files of clients need an update as the public key will change."
-#: ../../configuration/firewall/general.rst:377
+#: ../../configuration/firewall/bridge.rst:123
+#: ../../configuration/firewall/ipv4.rst:166
+#: ../../configuration/firewall/ipv6.rst:166
msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
@@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic
msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
-#: ../../configuration/nat/nat44.rst:276
+#: ../../configuration/nat/nat44.rst:288
msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
@@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables"
msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
-#: ../../configuration/interfaces/vxlan.rst:321
+#: ../../configuration/interfaces/vxlan.rst:342
msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
-#: ../../configuration/service/dhcp-server.rst:130
+#: ../../configuration/service/dhcp-server.rst:116
msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
-#: ../../configuration/firewall/general.rst:241
+#: ../../configuration/firewall/groups.rst:68
msgid "An **interface group** represents a collection of interfaces."
msgstr "An **interface group** represents a collection of interfaces."
@@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag
msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
+#: ../../configuration/firewall/ipv4.rst:373
+msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+
#: ../../configuration/firewall/general-legacy.rst:424
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
-#: ../../configuration/firewall/general.rst:619
+#: ../../configuration/firewall/ipv6.rst:371
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:"
msgid "An example of key generation:"
msgstr "An example of key generation:"
-#: ../../configuration/vpn/openconnect.rst:291
+#: ../../configuration/vpn/openconnect.rst:298
msgid "An example of the data captured by a FREERADIUS server with sql accounting:"
msgstr "An example of the data captured by a FREERADIUS server with sql accounting:"
@@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti
msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
+#: ../../configuration/firewall/flowtables.rst:142
+msgid "Analysis on what happens for desired connection:"
+msgstr "Analysis on what happens for desired connection:"
+
+#: ../../configuration/firewall/bridge.rst:297
+msgid "And, to print only bridge firewall information:"
+msgstr "And, to print only bridge firewall information:"
+
+#: ../../configuration/firewall/ipv4.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+
#: ../../configuration/policy/route.rst:76
msgid "And for ipv6:"
msgstr "And for ipv6:"
+#: ../../configuration/firewall/groups.rst:165
+msgid "And next, some configuration example where groups are used:"
+msgstr "And next, some configuration example where groups are used:"
+
+#: ../../configuration/firewall/bridge.rst:349
+msgid "And op-mode commands:"
+msgstr "And op-mode commands:"
+
#: ../../configuration/system/ip.rst:84
msgid "And the different IPv4 **reset** commands available:"
msgstr "And the different IPv4 **reset** commands available:"
@@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:"
msgid "And then hash is reduced modulo slave count."
msgstr "And then hash is reduced modulo slave count."
-#: ../../configuration/nat/nat44.rst:590
+#: ../../configuration/nat/nat44.rst:614
msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
@@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo
msgid "Apply routing policy to **inbound** direction of out VLAN interfaces"
msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces"
-#: ../../configuration/firewall/zone.rst:82
+#: ../../configuration/firewall/zone.rst:101
msgid "Applying a Rule-Set to a Zone"
msgstr "Applying a Rule-Set to a Zone"
@@ -2151,49 +2181,11 @@ msgstr "Arista EOS"
msgid "Aruba/HP"
msgstr "Aruba/HP"
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/pppoe.rst:207
#: ../../configuration/interfaces/pppoe.rst:253
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/sstp-client.rst:79
#: ../../_include/interface-ip.txt:4
#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
@@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de
msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
+#: ../../configuration/firewall/index.rst:7
+msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+
#: ../../configuration/interfaces/wwan.rst:326
msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
@@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b
msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
-#: ../../configuration/firewall/zone.rst:49
+#: ../../configuration/firewall/zone.rst:68
msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
+#: ../../configuration/firewall/flowtables.rst:109
+msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+
#: ../../configuration/system/option.rst:80
msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
@@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys
msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
+#: ../../configuration/firewall/groups.rst:147
+msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+
#: ../../configuration/trafficpolicy/index.rst:196
msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
@@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets
msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
-#: ../../configuration/firewall/index.rst:81
+#: ../../configuration/firewall/index.rst:176
msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
-#: ../../configuration/firewall/index.rst:60
+#: ../../configuration/firewall/index.rst:182
msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
@@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules
msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
-#: ../../configuration/interfaces/vxlan.rst:264
+#: ../../configuration/interfaces/vxlan.rst:285
msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
@@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel"
msgid "Assign static IP address to `<user>` account."
msgstr "Assign static IP address to `<user>` account."
-#: ../../configuration/service/dhcp-server.rst:111
+#: ../../configuration/service/dhcp-server.rst:97
msgid "Assign the IP address to this machine for `<time>` seconds."
msgstr "Assign the IP address to this machine for `<time>` seconds."
@@ -2377,7 +2381,6 @@ msgstr "Assured Forwarding(AF) 43"
msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
-#: ../../configuration/firewall/general.rst:1489
#: ../../configuration/firewall/general-legacy.rst:972
msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
@@ -2434,7 +2437,7 @@ msgstr "Authentication – to verify that the message is from a valid source."
msgid "Authorization token"
msgstr "Authorization token"
-#: ../../configuration/service/pppoe-server.rst:172
+#: ../../configuration/service/pppoe-server.rst:159
msgid "Automatic VLAN Creation"
msgstr "Automatic VLAN Creation"
@@ -2442,6 +2445,10 @@ msgstr "Automatic VLAN Creation"
msgid "Automatic VLAN creation"
msgstr "Automatic VLAN creation"
+#: ../../configuration/protocols/pim.rst:137
+msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+
#: ../../configuration/system/option.rst:19
msgid "Automatically reboot system on kernel panic after 60 seconds."
msgstr "Automatically reboot system on kernel panic after 60 seconds."
@@ -2450,7 +2457,7 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds."
msgid "Autonomous Systems"
msgstr "Autonomous Systems"
-#: ../../configuration/nat/nat44.rst:370
+#: ../../configuration/nat/nat44.rst:384
msgid "Avoiding \"leaky\" NAT"
msgstr "Avoiding \"leaky\" NAT"
@@ -2530,7 +2537,7 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add
msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
-#: ../../configuration/vrf/index.rst:411
+#: ../../configuration/vrf/index.rst:413
msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
@@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name"
msgstr "Balancing based on domain name"
#: ../../configuration/service/ipoe-server.rst:122
-#: ../../configuration/service/pppoe-server.rst:195
+#: ../../configuration/service/pppoe-server.rst:182
#: ../../configuration/vpn/l2tp.rst:113
msgid "Bandwidth Shaping"
msgstr "Bandwidth Shaping"
@@ -2573,7 +2580,7 @@ msgstr "Bandwidth Shaping"
msgid "Bandwidth Shaping for local users"
msgstr "Bandwidth Shaping for local users"
-#: ../../configuration/service/pppoe-server.rst:197
+#: ../../configuration/service/pppoe-server.rst:184
msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes."
@@ -2585,7 +2592,14 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att
msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
-#: ../../configuration/vpn/dmvpn.rst:34
+#: ../../configuration/firewall/ipv4.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+
#: ../../configuration/vpn/dmvpn.rst:34
msgid "Baseline DMVPN topology"
msgstr "Baseline DMVPN topology"
@@ -2594,7 +2608,6 @@ msgstr "Baseline DMVPN topology"
msgid "Basic Concepts"
msgstr "Basic Concepts"
-#: ../../configuration/protocols/igmp.rst:91
#: ../../configuration/protocols/pim6.rst:26
msgid "Basic commands"
msgstr "Basic commands"
@@ -2611,7 +2624,7 @@ msgstr "Basic filtering could also be applied to IPv6 traffic."
msgid "Basic setup"
msgstr "Basic setup"
-#: ../../configuration/vpn/openconnect.rst:255
+#: ../../configuration/vpn/openconnect.rst:262
msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
@@ -2631,11 +2644,11 @@ msgstr "Because existing sessions do not automatically fail over to a new path,
msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
-#: ../../configuration/firewall/zone.rst:84
+#: ../../configuration/firewall/zone.rst:103
msgid "Before you are able to apply a rule-set to a zone you have to create the zones first."
msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first."
-#: ../../configuration/vpn/site2site_ipsec.rst:413
+#: ../../configuration/vpn/site2site_ipsec.rst:422
msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
@@ -2663,7 +2676,7 @@ msgstr "Binary value"
msgid "Bind listener to specific interface/address, mandatory for IPv6"
msgstr "Bind listener to specific interface/address, mandatory for IPv6"
-#: ../../configuration/interfaces/vxlan.rst:285
+#: ../../configuration/interfaces/vxlan.rst:306
msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
@@ -2695,15 +2708,15 @@ msgstr "Bond / Link Aggregation"
msgid "Bond options"
msgstr "Bond options"
-#: ../../configuration/service/dhcp-server.rst:339
+#: ../../configuration/service/dhcp-server.rst:306
msgid "Boot image length in 512-octet blocks"
msgstr "Boot image length in 512-octet blocks"
-#: ../../configuration/service/dhcp-server.rst:334
+#: ../../configuration/service/dhcp-server.rst:301
msgid "Bootstrap file name"
msgstr "Bootstrap file name"
-#: ../../configuration/interfaces/vxlan.rst:102
+#: ../../configuration/interfaces/vxlan.rst:123
msgid "Both IPv4 and IPv6 multicast is possible."
msgstr "Both IPv4 and IPv6 multicast is possible."
@@ -2712,25 +2725,6 @@ msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Aut
msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported."
#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
@@ -2746,10 +2740,18 @@ msgstr "Bridge"
msgid "Bridge:"
msgstr "Bridge:"
+#: ../../configuration/firewall/bridge.rst:7
+msgid "Bridge Firewall Configuration"
+msgstr "Bridge Firewall Configuration"
+
#: ../../configuration/interfaces/bridge.rst:66
msgid "Bridge Options"
msgstr "Bridge Options"
+#: ../../configuration/firewall/bridge.rst:56
+msgid "Bridge Rules"
+msgstr "Bridge Rules"
+
#: ../../configuration/interfaces/bridge.rst:198
#: ../../configuration/interfaces/bridge.rst:233
msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64"
@@ -2779,7 +2781,7 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if
msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
-#: ../../configuration/service/dns.rst:380
+#: ../../configuration/service/dns.rst:393
msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
@@ -2792,7 +2794,7 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic
msgid "By default, it supports both planned and unplanned outages."
msgstr "By default, it supports both planned and unplanned outages."
-#: ../../configuration/service/https.rst:54
+#: ../../configuration/service/https.rst:45
msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
@@ -2808,8 +2810,7 @@ msgstr "By default, the BGP prefix is advertised even if it's not present in the
msgid "By default, this bridging is allowed."
msgstr "By default, this bridging is allowed."
-#: ../../configuration/firewall/general.rst:90
-#: ../../configuration/firewall/general-legacy.rst:42
+#: ../../configuration/firewall/global-options.rst:27
msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
@@ -2876,7 +2877,7 @@ msgstr "Certificates"
msgid "Change system keyboard layout to given language."
msgstr "Change system keyboard layout to given language."
-#: ../../configuration/firewall/zone.rst:75
+#: ../../configuration/firewall/zone.rst:94
msgid "Change the default-action with this setting."
msgstr "Change the default-action with this setting."
@@ -2896,6 +2897,10 @@ msgstr "Changing the keymap only has an effect on the system console, using SSH
msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
+#: ../../configuration/system/updates.rst:28
+msgid "Check:"
+msgstr "Check:"
+
#: ../../configuration/system/acceleration.rst:32
msgid "Check if the Intel® QAT device is up and ready to do the job."
msgstr "Check if the Intel® QAT device is up and ready to do the job."
@@ -2908,10 +2913,14 @@ msgstr "Check status"
msgid "Check the many parameters available for the `show ipv6 route` command:"
msgstr "Check the many parameters available for the `show ipv6 route` command:"
-#: ../../configuration/service/pppoe-server.rst:320
+#: ../../configuration/service/pppoe-server.rst:307
msgid "Checking connections"
msgstr "Checking connections"
+#: ../../configuration/firewall/flowtables.rst:165
+msgid "Checks"
+msgstr "Checks"
+
#: ../../configuration/service/tftp-server.rst:21
msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
@@ -2921,25 +2930,6 @@ msgid "Cisco Catalyst"
msgstr "Cisco Catalyst"
#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
msgid "Cisco and Allied Telesyn call it Private VLAN"
msgstr "Cisco and Allied Telesyn call it Private VLAN"
@@ -2955,7 +2945,7 @@ msgstr "Class treatment"
msgid "Classes"
msgstr "Classes"
-#: ../../configuration/service/dhcp-server.rst:359
+#: ../../configuration/service/dhcp-server.rst:326
msgid "Classless static route"
msgstr "Classless static route"
@@ -2975,7 +2965,7 @@ msgstr "Client:"
msgid "Client Address Pools"
msgstr "Client Address Pools"
-#: ../../configuration/interfaces/openvpn.rst:388
+#: ../../configuration/interfaces/openvpn.rst:440
msgid "Client Authentication"
msgstr "Client Authentication"
@@ -2983,7 +2973,7 @@ msgstr "Client Authentication"
msgid "Client Configuration"
msgstr "Client Configuration"
-#: ../../configuration/vpn/sstp.rst:278
+#: ../../configuration/vpn/sstp.rst:289
msgid "Client IP addresses will be provided from pool `192.0.2.0/25`"
msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`"
@@ -2995,11 +2985,11 @@ msgstr "Client Side"
msgid "Client configuration"
msgstr "Client configuration"
-#: ../../configuration/service/dhcp-server.rst:299
+#: ../../configuration/service/dhcp-server.rst:266
msgid "Client domain name"
msgstr "Client domain name"
-#: ../../configuration/service/dhcp-server.rst:354
+#: ../../configuration/service/dhcp-server.rst:321
msgid "Client domain search"
msgstr "Client domain search"
@@ -3011,7 +3001,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet
msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
-#: ../../configuration/service/dhcp-server.rst:590
+#: ../../configuration/service/dhcp-server.rst:514
msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
@@ -3023,7 +3013,9 @@ msgstr "Clock daemon"
msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
-#: ../../configuration/firewall/general.rst:530
+#: ../../configuration/firewall/bridge.rst:216
+#: ../../configuration/firewall/ipv4.rst:298
+#: ../../configuration/firewall/ipv6.rst:298
msgid "Command for disabling a rule but keep it in the configuration."
msgstr "Command for disabling a rule but keep it in the configuration."
@@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration."
msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
-#: ../../configuration/firewall/general.rst:1544
-#: ../../configuration/firewall/general-legacy.rst:1054
+#: ../../configuration/firewall/ipv4.rst:1179
+#: ../../configuration/firewall/ipv6.rst:1195
msgid "Command used to update GeoIP database and firewall sets."
msgstr "Command used to update GeoIP database and firewall sets."
-#: ../../configuration/service/dhcp-server.rst:438
+#: ../../configuration/firewall/flowtables.rst:119
+msgid "Commands"
+msgstr "Commands"
+
+#: ../../configuration/service/dhcp-server.rst:379
msgid "Common configuration, valid for both primary and secondary node."
msgstr "Common configuration, valid for both primary and secondary node."
@@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut
msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source."
#: ../../configuration/container/index.rst:12
-#: ../../configuration/firewall/zone.rst:47
+#: ../../configuration/firewall/global-options.rst:23
+#: ../../configuration/firewall/groups.rst:11
+#: ../../configuration/firewall/zone.rst:66
#: ../../configuration/interfaces/bonding.rst:17
#: ../../configuration/interfaces/bridge.rst:21
#: ../../configuration/interfaces/dummy.rst:28
@@ -3081,6 +3079,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/l2tpv3.rst:31
#: ../../configuration/interfaces/loopback.rst:26
#: ../../configuration/interfaces/macsec.rst:20
+#: ../../configuration/interfaces/openvpn.rst:585
#: ../../configuration/interfaces/pppoe.rst:59
#: ../../configuration/interfaces/pseudo-ethernet.rst:45
#: ../../configuration/interfaces/sstp-client.rst:20
@@ -3090,7 +3089,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/wireless.rst:30
#: ../../configuration/interfaces/wwan.rst:16
#: ../../configuration/loadbalancing/reverse-proxy.rst:13
-#: ../../configuration/nat/nat44.rst:681
+#: ../../configuration/nat/nat44.rst:705
#: ../../configuration/policy/access-list.rst:13
#: ../../configuration/policy/as-path-list.rst:10
#: ../../configuration/policy/community-list.rst:10
@@ -3101,7 +3100,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/policy/route-map.rst:10
#: ../../configuration/protocols/bfd.rst:143
#: ../../configuration/protocols/bgp.rst:164
-#: ../../configuration/protocols/igmp.rst:186
+#: ../../configuration/protocols/igmp-proxy.rst:14
#: ../../configuration/protocols/isis.rst:28
#: ../../configuration/protocols/ospf.rst:22
#: ../../configuration/protocols/ospf.rst:1076
@@ -3112,13 +3111,13 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/service/dhcp-relay.rst:19
#: ../../configuration/service/dhcp-relay.rst:137
#: ../../configuration/service/dhcp-server.rst:22
-#: ../../configuration/service/dhcp-server.rst:586
+#: ../../configuration/service/dhcp-server.rst:510
#: ../../configuration/service/dns.rst:8
-#: ../../configuration/service/dns.rst:214
+#: ../../configuration/service/dns.rst:227
#: ../../configuration/service/https.rst:14
#: ../../configuration/service/ipoe-server.rst:28
#: ../../configuration/service/lldp.rst:36
-#: ../../configuration/service/mdns.rst:18
+#: ../../configuration/service/mdns.rst:19
#: ../../configuration/service/ntp.rst:40
#: ../../configuration/service/pppoe-server.rst:17
#: ../../configuration/service/salt-minion.rst:25
@@ -3131,28 +3130,31 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/system/login.rst:241
#: ../../configuration/system/login.rst:310
#: ../../configuration/system/sflow.rst:12
+#: ../../configuration/system/updates.rst:8
#: ../../configuration/vpn/dmvpn.rst:38
#: ../../configuration/vpn/dmvpn.rst:182
#: ../../configuration/vpn/openconnect.rst:21
#: ../../configuration/vpn/sstp.rst:65
#: ../../configuration/vrf/index.rst:16
#: ../../configuration/vrf/index.rst:253
-#: ../../configuration/vrf/index.rst:286
-#: ../../configuration/vrf/index.rst:434
+#: ../../configuration/vrf/index.rst:288
+#: ../../configuration/vrf/index.rst:436
msgid "Configuration"
msgstr "Configuration"
+#: ../../configuration/firewall/flowtables.rst:100
#: ../../configuration/protocols/babel.rst:188
-#: ../../configuration/protocols/ospf.rst:1314
+#: ../../configuration/protocols/ospf.rst:1316
#: ../../configuration/protocols/pim6.rst:78
#: ../../configuration/protocols/rip.rst:239
#: ../../configuration/protocols/segment-routing.rst:187
#: ../../configuration/system/login.rst:279
-#: ../../configuration/system/login.rst:348
+#: ../../configuration/system/login.rst:350
msgid "Configuration Example"
msgstr "Configuration Example"
-#: ../../configuration/nat/nat44.rst:313
+#: ../../configuration/nat/nat44.rst:325
+#: ../../configuration/nat/nat64.rst:38
#: ../../configuration/nat/nat66.rst:109
msgid "Configuration Examples"
msgstr "Configuration Examples"
@@ -3165,6 +3167,10 @@ msgstr "Configuration Guide"
msgid "Configuration Options"
msgstr "Configuration Options"
+#: ../../configuration/firewall/global-options.rst:17
+msgid "Configuration commands covered in this section:"
+msgstr "Configuration commands covered in this section:"
+
#: ../../configuration/vpn/ipsec.rst:284
msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
@@ -3173,7 +3179,11 @@ msgstr "Configuration commands for the private and public key will be displayed
msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
-#: ../../configuration/vrf/index.rst:428
+#: ../../configuration/firewall/bridge.rst:323
+msgid "Configuration example:"
+msgstr "Configuration example:"
+
+#: ../../configuration/vrf/index.rst:430
msgid "Configuration for these exported routes must, at a minimum, specify these two parameters."
msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters."
@@ -3181,11 +3191,11 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes
msgid "Configuration of :ref:`routing-static`"
msgstr "Configuration of :ref:`routing-static`"
-#: ../../configuration/service/dhcp-server.rst:430
+#: ../../configuration/service/dhcp-server.rst:371
msgid "Configuration of a DHCP failover pair"
msgstr "Configuration of a DHCP failover pair"
-#: ../../configuration/vrf/index.rst:436
+#: ../../configuration/vrf/index.rst:438
msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
@@ -3198,11 +3208,11 @@ msgstr "Configure"
msgid "Configure BFD"
msgstr "Configure BFD"
-#: ../../configuration/service/dns.rst:245
+#: ../../configuration/service/dns.rst:258
msgid "Configure DNS `<record>` which should be updated. This can be set multiple times."
msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times."
-#: ../../configuration/service/dns.rst:240
+#: ../../configuration/service/dns.rst:253
msgid "Configure DNS `<zone>` to be updated."
msgstr "Configure DNS `<zone>` to be updated."
@@ -3224,59 +3234,42 @@ msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
-#: ../../configuration/vpn/sstp.rst:203
+#: ../../configuration/vpn/sstp.rst:214
msgid "Configure RADIUS `<server>` and its required port for authentication requests."
msgstr "Configure RADIUS `<server>` and its required port for authentication requests."
-#: ../../configuration/vpn/sstp.rst:207
+#: ../../configuration/vpn/sstp.rst:218
msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
-#: ../../configuration/nat/nat44.rst:210
+#: ../../configuration/nat/nat44.rst:222
msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
-#: ../../configuration/system/login.rst:373
+#: ../../configuration/system/login.rst:375
msgid "Configure `<message>` which is shown after user has logged in to the system."
msgstr "Configure `<message>` which is shown after user has logged in to the system."
-#: ../../configuration/system/login.rst:368
+#: ../../configuration/system/login.rst:370
msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in."
msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in."
-#: ../../configuration/service/dns.rst:328
+#: ../../configuration/service/dns.rst:341
msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
-#: ../../configuration/service/dns.rst:321
+#: ../../configuration/service/dns.rst:334
msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
+#: ../../configuration/system/updates.rst:17
+msgid "Configure a URL that contains information about images."
+msgstr "Configure a URL that contains information about images."
+
#: ../../configuration/system/flow-accounting.rst:158
msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
@@ -3311,7 +3304,7 @@ msgstr "Configure agent IP address associated with this interface."
msgid "Configure aggregation delay timer interval."
msgstr "Configure aggregation delay timer interval."
-#: ../../configuration/vpn/openconnect.rst:278
+#: ../../configuration/vpn/openconnect.rst:285
msgid "Configure an accounting server and enable accounting with:"
msgstr "Configure an accounting server and enable accounting with:"
@@ -3323,10 +3316,18 @@ msgstr "Configure and enable collection of flow information for the interface id
msgid "Configure and enable collection of flow information for the interface identified by `<interface>`."
msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`."
+#: ../../configuration/system/updates.rst:12
+msgid "Configure auto-checking for new images"
+msgstr "Configure auto-checking for new images"
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:114
msgid "Configure backend `<name>` mode TCP or HTTP"
msgstr "Configure backend `<name>` mode TCP or HTTP"
+#: ../../configuration/nat/nat66.rst:148
+msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+
#: ../../configuration/service/console-server.rst:49
msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
@@ -3339,75 +3340,16 @@ msgstr "Configure either seven or eight data bits. This defaults to eight data b
msgid "Configure individual bridge port `<priority>`."
msgstr "Configure individual bridge port `<priority>`."
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/pppoe.rst:223
#: ../../configuration/interfaces/pppoe.rst:269
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/sstp-client.rst:95
#: ../../_include/interface-ip.txt:59
#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
msgstr "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
msgid "Configure interface `<interface>` with one or more interface addresses."
msgstr "Configure interface `<interface>` with one or more interface addresses."
@@ -3439,7 +3381,7 @@ msgstr "Configure one or more attributes to the given NTP server."
msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
-#: ../../configuration/service/dns.rst:251
+#: ../../configuration/service/dns.rst:264
msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
@@ -3452,14 +3394,10 @@ msgid "Configure physical interface speed setting."
msgstr "Configure physical interface speed setting."
#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
@@ -3491,7 +3429,7 @@ msgstr "Configure service `<name>` mode TCP or HTTP"
msgid "Configure service `<name>` to use the backend <name>"
msgstr "Configure service `<name>` to use the backend <name>"
-#: ../../configuration/system/login.rst:392
+#: ../../configuration/system/login.rst:394
msgid "Configure session timeout after which the user will be logged out."
msgstr "Configure session timeout after which the user will be logged out."
@@ -3499,7 +3437,15 @@ msgstr "Configure session timeout after which the user will be logged out."
msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
-#: ../../configuration/service/dns.rst:234
+#: ../../configuration/nat/nat66.rst:182
+msgid "Configure the A-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the A-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/nat/nat66.rst:204
+msgid "Configure the B-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the B-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/service/dns.rst:247
msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
@@ -3524,26 +3470,13 @@ msgid "Configure the load-balancing reverse-proxy service for HTTP."
msgstr "Configure the load-balancing reverse-proxy service for HTTP."
#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
+#: ../../configuration/protocols/pim.rst:180
+msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+
#: ../../configuration/vrf/index.rst:28
msgid "Configured routing table `<id>` is used by VRF `<name>`."
msgstr "Configured routing table `<id>` is used by VRF `<name>`."
@@ -3556,7 +3489,7 @@ msgstr "Configured value"
msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
-#: ../../configuration/vpn/openconnect.rst:272
+#: ../../configuration/vpn/openconnect.rst:279
msgid "Configuring RADIUS accounting"
msgstr "Configuring RADIUS accounting"
@@ -3569,11 +3502,15 @@ msgstr "Configuring a listen-address is essential for the service to work."
msgid "Connect/Disconnect"
msgstr "Connect/Disconnect"
-#: ../../configuration/vpn/sstp.rst:144
+#: ../../configuration/vpn/sstp.rst:155
msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
#: ../../configuration/protocols/rpki.rst:129
+msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+
+#: ../../configuration/protocols/rpki.rst:129
msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
@@ -3585,10 +3522,18 @@ msgstr "Conntrack"
msgid "Conntrack Sync"
msgstr "Conntrack Sync"
-#: ../../configuration/service/conntrack-sync.rst:None
+#: ../../configuration/service/conntrack-sync.rst:-1
msgid "Conntrack Sync Example"
msgstr "Conntrack Sync Example"
+#: ../../configuration/system/conntrack.rst:178
+msgid "Conntrack ignore rules"
+msgstr "Conntrack ignore rules"
+
+#: ../../configuration/system/conntrack.rst:204
+msgid "Conntrack log"
+msgstr "Conntrack log"
+
#: ../../configuration/system/syslog.rst:21
msgid "Console"
msgstr "Console"
@@ -3605,6 +3550,10 @@ msgstr "Constrain the memory available to the container."
msgid "Container"
msgstr "Container"
+#: ../../configuration/system/conntrack.rst:65
+msgid "Contrack Timeouts"
+msgstr "Contrack Timeouts"
+
#: ../../configuration/nat/nat66.rst:98
msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
msgstr "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
@@ -3629,11 +3578,11 @@ msgstr "Creat community-list policy identified by name <text>."
msgid "Creat extcommunity-list policy identified by name <text>."
msgstr "Creat extcommunity-list policy identified by name <text>."
-#: ../../configuration/service/dhcp-server.rst:118
+#: ../../configuration/service/dhcp-server.rst:104
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
-#: ../../configuration/service/dhcp-server.rst:124
+#: ../../configuration/service/dhcp-server.rst:110
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
@@ -3657,16 +3606,11 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using
msgid "Create a load balancing rule, it can be a number between 1 and 9999:"
msgstr "Create a load balancing rule, it can be a number between 1 and 9999:"
-#: ../../configuration/service/dhcp-server.rst:218
+#: ../../configuration/service/dhcp-server.rst:183
msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
@@ -3714,6 +3658,22 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho
msgid "Create as-path-policy identified by name <text>."
msgstr "Create as-path-policy identified by name <text>."
+#: ../../configuration/firewall/flowtables.rst:64
+msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+
+#: ../../configuration/firewall/flowtables.rst:95
+msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:90
+msgid "Create firewall rule in forward chain, and set action to ``offload``."
+msgstr "Create firewall rule in forward chain, and set action to ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:61
+msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+
#: ../../configuration/policy/large-community-list.rst:17
msgid "Create large-community-list policy identified by name <text>."
msgstr "Create large-community-list policy identified by name <text>."
@@ -3726,7 +3686,7 @@ msgstr "Create named `<alias>` for the configured static mapping for `<hostname>
msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
msgstr "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
-#: ../../configuration/service/dns.rst:221
+#: ../../configuration/service/dns.rst:234
msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
@@ -3750,10 +3710,18 @@ msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broa
msgid "Creating a bridge interface is very simple. In this example, we will have:"
msgstr "Creating a bridge interface is very simple. In this example, we will have:"
+#: ../../configuration/firewall/flowtables.rst:67
+msgid "Creating a flow table:"
+msgstr "Creating a flow table:"
+
#: ../../configuration/trafficpolicy/index.rst:335
msgid "Creating a traffic policy"
msgstr "Creating a traffic policy"
+#: ../../configuration/firewall/flowtables.rst:85
+msgid "Creating rules for using flow tables:"
+msgstr "Creating rules for using flow tables:"
+
#: ../../configuration/system/syslog.rst:178
msgid "Critical"
msgstr "Critical"
@@ -3794,15 +3762,27 @@ msgstr "Currently dynamic routing is supported for the following protocols:"
msgid "Custom File"
msgstr "Custom File"
+#: ../../configuration/firewall/bridge.rst:44
+msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+
#: ../../configuration/firewall/general.rst:77
msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+#: ../../configuration/firewall/ipv4.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
+#: ../../configuration/firewall/ipv6.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
#: ../../configuration/highavailability/index.rst:373
msgid "Custom health-check script allows checking real-server availability"
msgstr "Custom health-check script allows checking real-server availability"
-#: ../../configuration/system/conntrack.rst:167
+#: ../../configuration/system/conntrack.rst:180
msgid "Customized ignore rules, based on a packet and flow selector."
msgstr "Customized ignore rules, based on a packet and flow selector."
@@ -3822,20 +3802,19 @@ msgstr "DHCP Relay"
msgid "DHCP Server"
msgstr "DHCP Server"
-#: ../../configuration/service/dhcp-server.rst:384
+#: ../../configuration/service/dhcp-server.rst:351
msgid "DHCP failover parameters"
msgstr "DHCP failover parameters"
-#: ../../configuration/service/dhcp-server.rst:374
+#: ../../configuration/service/dhcp-server.rst:341
msgid "DHCP lease range"
msgstr "DHCP lease range"
-#: ../../configuration/service/dhcp-server.rst:436
+#: ../../configuration/service/dhcp-server.rst:377
msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
#: ../../configuration/service/dhcp-relay.rst:96
-#: ../../configuration/service/dhcp-relay.rst:96
msgid "DHCP relay example"
msgstr "DHCP relay example"
@@ -3843,20 +3822,19 @@ msgstr "DHCP relay example"
msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
-#: ../../configuration/service/dhcp-server.rst:654
+#: ../../configuration/service/dhcp-server.rst:584
msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
-#: ../../configuration/service/dhcp-relay.rst:182
-#: ../../configuration/service/dhcp-relay.rst:182
+#: ../../configuration/service/dhcp-relay.rst:184
msgid "DHCPv6 relay example"
msgstr "DHCPv6 relay example"
-#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-relay.rst:176
msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
msgstr "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
-#: ../../configuration/nat/nat44.rst:735
+#: ../../configuration/nat/nat44.rst:757
msgid "DH Group 14"
msgstr "DH Group 14"
@@ -3884,11 +3862,11 @@ msgstr "DNAT"
msgid "DNAT66"
msgstr "DNAT66"
-#: ../../configuration/nat/nat44.rst:494
+#: ../../configuration/nat/nat44.rst:514
msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
msgstr "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
-#: ../../configuration/nat/nat44.rst:268
+#: ../../configuration/nat/nat44.rst:280
msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
msgstr "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
@@ -3909,11 +3887,11 @@ msgstr "DNS name servers"
msgid "DNS search list to advertise"
msgstr "DNS search list to advertise"
-#: ../../configuration/service/dhcp-server.rst:294
+#: ../../configuration/service/dhcp-server.rst:261
msgid "DNS server IPv4 address"
msgstr "DNS server IPv4 address"
-#: ../../configuration/service/dhcp-server.rst:661
+#: ../../configuration/service/dhcp-server.rst:591
msgid "DNS server is located at ``2001:db8::ffff``"
msgstr "DNS server is located at ``2001:db8::ffff``"
@@ -3925,8 +3903,8 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:"
msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
-#: ../../configuration/firewall/general.rst:714
-#: ../../configuration/firewall/general-legacy.rst:480
+#: ../../configuration/firewall/ipv4.rst:444
+#: ../../configuration/firewall/ipv6.rst:451
msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
@@ -3943,28 +3921,13 @@ msgid "Default"
msgstr "Default"
#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
msgid "Default: 1"
msgstr "Default: 1"
+#: ../../configuration/service/https.rst:42
+msgid "Default: 443"
+msgstr "Default: 443"
+
#: ../../configuration/protocols/failover.rst:58
msgid "Default 1."
msgstr "Default 1."
@@ -3977,11 +3940,11 @@ msgstr "Default Gateway/Route"
msgid "Default Router Preference"
msgstr "Default Router Preference"
-#: ../../configuration/vpn/sstp.rst:190
+#: ../../configuration/vpn/sstp.rst:201
msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
-#: ../../configuration/service/dhcp-server.rst:433
+#: ../../configuration/service/dhcp-server.rst:374
msgid "Default gateway and DNS server is at `192.0.2.254`"
msgstr "Default gateway and DNS server is at `192.0.2.254`"
@@ -3998,25 +3961,6 @@ msgid "Default is ``icmp``."
msgstr "Default is ``icmp``."
#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
msgid "Default is to detects physical link state changes."
msgstr "Default is to detects physical link state changes."
@@ -4044,36 +3988,31 @@ msgstr "Define Conection Timeouts"
msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
-#: ../../configuration/firewall/general.rst:225
-#: ../../configuration/firewall/general-legacy.rst:201
+#: ../../configuration/firewall/groups.rst:52
msgid "Define a IPv4 or IPv6 Network group."
msgstr "Define a IPv4 or IPv6 Network group."
-#: ../../configuration/firewall/general.rst:201
-#: ../../configuration/firewall/general-legacy.rst:177
+#: ../../configuration/firewall/groups.rst:28
msgid "Define a IPv4 or a IPv6 address group"
msgstr "Define a IPv4 or a IPv6 address group"
-#: ../../configuration/firewall/zone.rst:59
+#: ../../configuration/firewall/zone.rst:78
msgid "Define a Zone"
msgstr "Define a Zone"
-#: ../../configuration/nat/nat44.rst:246
+#: ../../configuration/nat/nat44.rst:258
msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
-#: ../../configuration/firewall/general.rst:306
-#: ../../configuration/firewall/general-legacy.rst:261
+#: ../../configuration/firewall/groups.rst:133
msgid "Define a domain group."
msgstr "Define a domain group."
-#: ../../configuration/firewall/general.rst:288
-#: ../../configuration/firewall/general-legacy.rst:246
+#: ../../configuration/firewall/groups.rst:115
msgid "Define a mac group."
msgstr "Define a mac group."
-#: ../../configuration/firewall/general.rst:268
-#: ../../configuration/firewall/general-legacy.rst:226
+#: ../../configuration/firewall/groups.rst:95
msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
@@ -4081,119 +4020,51 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service
msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
-#: ../../configuration/firewall/general.rst:245
+#: ../../configuration/firewall/groups.rst:72
msgid "Define an interface group. Wildcard are accepted too."
msgstr "Define an interface group. Wildcard are accepted too."
#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
msgstr "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
-#: ../../configuration/firewall/general.rst:476
-#: ../../configuration/firewall/general-legacy.rst:361
+#: ../../configuration/firewall/flowtables.rst:71
+msgid "Define interfaces to be used in the flowtable."
+msgstr "Define interfaces to be used in the flowtable."
+
+#: ../../configuration/firewall/bridge.rst:187
+#: ../../configuration/firewall/ipv4.rst:252
+#: ../../configuration/firewall/ipv6.rst:252
msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
-#: ../../configuration/firewall/general.rst:450
-#: ../../configuration/firewall/general-legacy.rst:347
+#: ../../configuration/firewall/bridge.rst:173
+#: ../../configuration/firewall/ipv4.rst:230
+#: ../../configuration/firewall/ipv6.rst:230
msgid "Define log-level. Only applicable if rule log is enable."
msgstr "Define log-level. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:463
-#: ../../configuration/firewall/general-legacy.rst:354
+#: ../../configuration/firewall/bridge.rst:180
+#: ../../configuration/firewall/ipv4.rst:241
+#: ../../configuration/firewall/ipv6.rst:241
msgid "Define log group to send message to. Only applicable if rule log is enable."
msgstr "Define log group to send message to. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:490
-#: ../../configuration/firewall/general-legacy.rst:369
+#: ../../configuration/firewall/bridge.rst:195
+#: ../../configuration/firewall/ipv4.rst:264
+#: ../../configuration/firewall/ipv6.rst:264
msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
@@ -4201,15 +4072,19 @@ msgstr "Define number of packets to queue inside the kernel before sending them
msgid "Define the time interval to update the local cache"
msgstr "Define the time interval to update the local cache"
-#: ../../configuration/firewall/zone.rst:70
+#: ../../configuration/firewall/zone.rst:89
msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
+#: ../../configuration/firewall/flowtables.rst:80
+msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+
#: ../../configuration/protocols/rpki.rst:114
msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
-#: ../../configuration/protocols/igmp.rst:202
+#: ../../configuration/protocols/igmp-proxy.rst:30
msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
msgstr "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
@@ -4233,7 +4108,7 @@ msgstr "Defines next-hop distance for this route, routes with smaller administra
msgid "Defines protocols for checking ARP, ICMP, TCP"
msgstr "Defines protocols for checking ARP, ICMP, TCP"
-#: ../../configuration/vpn/sstp.rst:167
+#: ../../configuration/vpn/sstp.rst:178
msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
@@ -4245,7 +4120,7 @@ msgstr "Defines the specified device as a system console. Available console devi
msgid "Defining Peers"
msgstr "Defining Peers"
-#: ../../configuration/service/dhcp-server.rst:649
+#: ../../configuration/service/dhcp-server.rst:579
msgid "Delegate prefixes from the range indicated by the start and stop qualifier."
msgstr "Delegate prefixes from the range indicated by the start and stop qualifier."
@@ -4282,7 +4157,6 @@ msgid "Depending on the location, not all of these channels may be available for
msgstr "Depending on the location, not all of these channels may be available for use!"
#: ../../configuration/service/router-advert.rst:1
-#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/system/syslog.rst:107
#: ../../configuration/system/syslog.rst:167
#: ../../configuration/trafficpolicy/index.rst:262
@@ -4297,11 +4171,11 @@ msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets
msgid "Despite the fact that AD is a superset of LDAP"
msgstr "Despite the fact that AD is a superset of LDAP"
-#: ../../configuration/nat/nat44.rst:261
+#: ../../configuration/nat/nat44.rst:273
msgid "Destination Address"
msgstr "Destination Address"
-#: ../../configuration/nat/nat44.rst:492
+#: ../../configuration/nat/nat44.rst:512
msgid "Destination NAT"
msgstr "Destination NAT"
@@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r
msgstr "Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6."
#: ../../configuration/nat/nat44.rst:71
+#: ../../configuration/nat/nat64.rst:21
#: ../../configuration/nat/nat66.rst:18
msgid "Different NAT Types"
msgstr "Different NAT Types"
@@ -4350,7 +4225,8 @@ msgstr "Disable a BFD peer"
msgid "Disable a container."
msgstr "Disable a container."
-#: ../../configuration/firewall/general.rst:1283
+#: ../../configuration/firewall/ipv4.rst:930
+#: ../../configuration/firewall/ipv6.rst:939
msgid "Disable conntrack loose track option"
msgstr "Disable conntrack loose track option"
@@ -4363,29 +4239,6 @@ msgid "Disable dhcpv6-relay service."
msgstr "Disable dhcpv6-relay service."
#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
@@ -4397,6 +4250,10 @@ msgstr "Disable immediate session reset if peer's connected link goes down."
msgid "Disable password based authentication. Login via SSH keys only. This hardens security!"
msgstr "Disable password based authentication. Login via SSH keys only. This hardens security!"
+#: ../../configuration/protocols/pim.rst:167
+msgid "Disable sending and receiving PIM control packets on the interface."
+msgstr "Disable sending and receiving PIM control packets on the interface."
+
#: ../../configuration/service/ssh.rst:64
msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
@@ -4413,7 +4270,7 @@ msgstr "Disable this IPv4 static route entry."
msgid "Disable this IPv6 static route entry."
msgstr "Disable this IPv6 static route entry."
-#: ../../configuration/protocols/igmp.rst:228
+#: ../../configuration/protocols/igmp-proxy.rst:56
msgid "Disable this service."
msgstr "Disable this service."
@@ -4437,7 +4294,7 @@ msgstr "Disables interface-based IPv4 static route."
msgid "Disables interface-based IPv6 static route."
msgstr "Disables interface-based IPv6 static route."
-#: ../../configuration/protocols/igmp.rst:215
+#: ../../configuration/protocols/igmp-proxy.rst:43
msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
msgstr "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
@@ -4534,25 +4391,6 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege
msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows."
#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
msgid "Do not assign a link-local IPv6 address to this interface."
msgstr "Do not assign a link-local IPv6 address to this interface."
@@ -4565,25 +4403,6 @@ msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP se
msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses."
#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
msgid "Does not need to be used together with proxy_arp."
msgstr "Does not need to be used together with proxy_arp."
@@ -4591,8 +4410,7 @@ msgstr "Does not need to be used together with proxy_arp."
msgid "Domain"
msgstr "Domain"
-#: ../../configuration/firewall/general.rst:300
-#: ../../configuration/firewall/general-legacy.rst:255
+#: ../../configuration/firewall/groups.rst:127
msgid "Domain Groups"
msgstr "Domain Groups"
@@ -4600,7 +4418,7 @@ msgstr "Domain Groups"
msgid "Domain Name"
msgstr "Domain Name"
-#: ../../configuration/service/https.rst:59
+#: ../../configuration/service/https.rst:50
msgid "Domain name(s) for which to obtain certificate"
msgstr "Domain name(s) for which to obtain certificate"
@@ -4608,6 +4426,10 @@ msgstr "Domain name(s) for which to obtain certificate"
msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
+#: ../../configuration/pki/index.rst:259
+msgid "Domain names to apply, multiple domain-names can be specified."
+msgstr "Domain names to apply, multiple domain-names can be specified."
+
#: ../../configuration/system/name-server.rst:13
#: ../../configuration/system/name-server.rst:45
msgid "Domain search order"
@@ -4617,15 +4439,15 @@ msgstr "Domain search order"
msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
-#: ../../configuration/protocols/bgp.rst:1171
+#: ../../configuration/protocols/bgp.rst:1172
msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/protocols/bgp.rst:1125
+#: ../../configuration/protocols/bgp.rst:1126
msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/vpn/site2site_ipsec.rst:295
+#: ../../configuration/vpn/site2site_ipsec.rst:299
msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
@@ -4657,7 +4479,7 @@ msgstr "Drop rate"
msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
-#: ../../configuration/service/pppoe-server.rst:380
+#: ../../configuration/service/pppoe-server.rst:367
msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
@@ -4665,7 +4487,7 @@ msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgid "Dummy"
msgstr "Dummy"
-#: ../../configuration/nat/nat44.rst:692
+#: ../../configuration/nat/nat44.rst:716
msgid "Dummy interface"
msgstr "Dummy interface"
@@ -4677,11 +4499,15 @@ msgstr "Dummy interfaces can be used as interfaces that always stay up (in the s
msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
+#: ../../configuration/pki/index.rst:285
+msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/service/ssh.rst:113
msgid "Dynamic-protection"
msgstr "Dynamic-protection"
-#: ../../configuration/service/dns.rst:199
+#: ../../configuration/service/dns.rst:212
msgid "Dynamic DNS"
msgstr "Dynamic DNS"
@@ -4689,7 +4515,7 @@ msgstr "Dynamic DNS"
msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
-#: ../../configuration/nat/nat44.rst:731
+#: ../../configuration/nat/nat44.rst:753
msgid "ESP Phase:"
msgstr "ESP Phase:"
@@ -4757,10 +4583,14 @@ msgstr "Each site-to-site peer has the next options:"
msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
-#: ../../configuration/service/https.rst:63
+#: ../../configuration/service/https.rst:54
msgid "Email address to associate with certificate"
msgstr "Email address to associate with certificate"
+#: ../../configuration/pki/index.rst:265
+msgid "Email used for registration and recovery contact."
+msgstr "Email used for registration and recovery contact."
+
#: ../../configuration/trafficpolicy/index.rst:300
msgid "Embedding one policy into another one"
msgstr "Embedding one policy into another one"
@@ -4809,6 +4639,10 @@ msgstr "Enable DHCP failover configuration for this address pool."
msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
+#: ../../configuration/system/frr.rst:24
+msgid "Enable ICMP Router Discovery Protocol support"
+msgstr "Enable ICMP Router Discovery Protocol support"
+
#: ../../configuration/interfaces/bridge.rst:81
msgid "Enable IGMP and MLD querier."
msgstr "Enable IGMP and MLD querier."
@@ -4817,23 +4651,23 @@ msgstr "Enable IGMP and MLD querier."
msgid "Enable IGMP and MLD snooping."
msgstr "Enable IGMP and MLD snooping."
-#: ../../configuration/service/dhcp-server.rst:304
+#: ../../configuration/service/dhcp-server.rst:271
msgid "Enable IP forwarding on client"
msgstr "Enable IP forwarding on client"
-#: ../../configuration/protocols/isis.rst:311
+#: ../../configuration/protocols/isis.rst:339
msgid "Enable IS-IS"
msgstr "Enable IS-IS"
-#: ../../configuration/protocols/isis.rst:427
+#: ../../configuration/protocols/isis.rst:455
msgid "Enable IS-IS and IGP-LDP synchronization"
msgstr "Enable IS-IS and IGP-LDP synchronization"
-#: ../../configuration/protocols/isis.rst:386
+#: ../../configuration/protocols/isis.rst:414
msgid "Enable IS-IS and redistribute routes not natively in IS-IS"
msgstr "Enable IS-IS and redistribute routes not natively in IS-IS"
-#: ../../configuration/protocols/isis.rst:465
+#: ../../configuration/protocols/isis.rst:493
#: ../../configuration/protocols/segment-routing.rst:193
msgid "Enable IS-IS with Segment Routing (Experimental)"
msgstr "Enable IS-IS with Segment Routing (Experimental)"
@@ -4883,6 +4717,10 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k
msgid "Enable SNMP queries of the LLDP database"
msgstr "Enable SNMP queries of the LLDP database"
+#: ../../configuration/system/frr.rst:28
+msgid "Enable SNMP support for an individual routing daemon."
+msgstr "Enable SNMP support for an individual routing daemon."
+
#: ../../configuration/interfaces/bridge.rst:197
#: ../../configuration/interfaces/bridge.rst:232
msgid "Enable STP"
@@ -4900,6 +4738,14 @@ msgstr "Enable VHT TXOP Power Save Mode"
msgid "Enable VLAN-Aware Bridge"
msgstr "Enable VLAN-Aware Bridge"
+#: ../../configuration/system/frr.rst:13
+msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+
+#: ../../configuration/service/https.rst:46
+msgid "Enable automatic redirect from http to https."
+msgstr "Enable automatic redirect from http to https."
+
#: ../../configuration/vpn/dmvpn.rst:132
msgid "Enable creation of shortcut routes."
msgstr "Enable creation of shortcut routes."
@@ -4916,18 +4762,22 @@ msgstr "Enable given legacy protocol on this LLDP instance. Legacy protocols inc
msgid "Enable layer 7 HTTP health check"
msgstr "Enable layer 7 HTTP health check"
-#: ../../configuration/firewall/general.rst:177
-#: ../../configuration/firewall/general-legacy.rst:126
+#: ../../configuration/firewall/bridge.rst:157
+#: ../../configuration/firewall/ipv4.rst:206
+#: ../../configuration/firewall/ipv6.rst:206
+msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+
+#: ../../configuration/firewall/global-options.rst:114
msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:169
-#: ../../configuration/firewall/general-legacy.rst:119
+#: ../../configuration/firewall/global-options.rst:106
msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:426
-#: ../../configuration/firewall/general-legacy.rst:340
+#: ../../configuration/firewall/ipv4.rst:173
+#: ../../configuration/firewall/ipv6.rst:173
msgid "Enable or disable logging for the matched packet."
msgstr "Enable or disable logging for the matched packet."
@@ -4935,28 +4785,9 @@ msgstr "Enable or disable logging for the matched packet."
msgid "Enable ospf on an interface and set associated area."
msgstr "Enable ospf on an interface and set associated area."
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/pppoe.rst:228
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/sstp-client.rst:100
#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
@@ -5002,18 +4833,22 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic
msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
-#: ../../configuration/vrf/index.rst:459
+#: ../../configuration/vrf/index.rst:461
msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
-#: ../../configuration/vpn/sstp.rst:266
+#: ../../configuration/vpn/sstp.rst:277
msgid "Enables bandwidth shaping via RADIUS."
msgstr "Enables bandwidth shaping via RADIUS."
-#: ../../configuration/vrf/index.rst:481
+#: ../../configuration/vrf/index.rst:483
msgid "Enables import or export of routes between the current unicast VRF and VPN."
msgstr "Enables import or export of routes between the current unicast VRF and VPN."
+#: ../../configuration/interfaces/vxlan.rst:72
+msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+
#: ../../configuration/protocols/bfd.rst:30
msgid "Enables the echo transmission mode"
msgstr "Enables the echo transmission mode"
@@ -5022,7 +4857,7 @@ msgstr "Enables the echo transmission mode"
msgid "Enabling Advertisments"
msgstr "Enabling Advertisments"
-#: ../../configuration/interfaces/openvpn.rst:627
+#: ../../configuration/interfaces/openvpn.rst:679
msgid "Enabling OpenVPN DCO"
msgstr "Enabling OpenVPN DCO"
@@ -5030,11 +4865,11 @@ msgstr "Enabling OpenVPN DCO"
msgid "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
msgstr "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
-#: ../../configuration/protocols/igmp.rst:224
+#: ../../configuration/protocols/igmp-proxy.rst:52
msgid "Enabling this function increases the risk of bandwidth saturation."
msgstr "Enabling this function increases the risk of bandwidth saturation."
-#: ../../configuration/service/https.rst:37
+#: ../../configuration/service/https.rst:73
msgid "Enforce strict path checking"
msgstr "Enforce strict path checking"
@@ -5051,25 +4886,6 @@ msgid "Enterprise installations usually ship a kind of directory service which i
msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend."
#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
@@ -5090,15 +4906,6 @@ msgid "Ethernet"
msgstr "Ethernet"
#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
msgstr "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
@@ -5130,7 +4937,7 @@ msgstr "Event handler script"
msgid "Event handler that monitors the state of interface eth0."
msgstr "Event handler that monitors the state of interface eth0."
-#: ../../configuration/nat/nat44.rst:221
+#: ../../configuration/nat/nat44.rst:233
msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
msgstr "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
@@ -5162,441 +4969,90 @@ msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which
msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
+#: ../../configuration/firewall/bridge.rst:321
#: ../../configuration/highavailability/index.rst:397
#: ../../configuration/interfaces/bonding.rst:291
#: ../../configuration/interfaces/l2tpv3.rst:86
#: ../../configuration/interfaces/pppoe.rst:323
#: ../../configuration/interfaces/virtual-ethernet.rst:92
-#: ../../configuration/interfaces/vxlan.rst:166
+#: ../../configuration/interfaces/vxlan.rst:187
#: ../../configuration/interfaces/wwan.rst:294
#: ../../configuration/protocols/failover.rst:63
-#: ../../configuration/protocols/igmp.rst:35
-#: ../../configuration/protocols/igmp.rst:233
+#: ../../configuration/protocols/igmp-proxy.rst:61
+#: ../../configuration/protocols/pim.rst:217
#: ../../configuration/protocols/rpki.rst:156
#: ../../configuration/service/broadcast-relay.rst:55
#: ../../configuration/service/conntrack-sync.rst:186
#: ../../configuration/service/dhcp-relay.rst:85
-#: ../../configuration/service/dhcp-relay.rst:172
-#: ../../configuration/service/dhcp-server.rst:421
-#: ../../configuration/service/dns.rst:147
-#: ../../configuration/service/dns.rst:263
+#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:276
#: ../../configuration/service/eventhandler.rst:83
#: ../../configuration/service/ipoe-server.rst:150
-#: ../../configuration/service/mdns.rst:34
+#: ../../configuration/service/mdns.rst:50
#: ../../configuration/service/monitoring.rst:134
#: ../../configuration/service/snmp.rst:94
#: ../../configuration/service/snmp.rst:145
#: ../../configuration/service/tftp-server.rst:47
#: ../../configuration/system/acceleration.rst:58
-#: ../../configuration/system/login.rst:395
+#: ../../configuration/system/login.rst:397
#: ../../configuration/system/name-server.rst:28
#: ../../configuration/system/name-server.rst:63
#: ../../configuration/system/sflow.rst:49
+#: ../../configuration/system/updates.rst:21
#: ../../configuration/trafficpolicy/index.rst:530
#: ../../configuration/trafficpolicy/index.rst:1122
#: ../../configuration/vpn/dmvpn.rst:161
#: ../../configuration/vpn/openconnect.rst:97
-#: ../../configuration/vpn/sstp.rst:275
+#: ../../configuration/vpn/sstp.rst:286
#: ../../configuration/vrf/index.rst:99
#: ../../configuration/vrf/index.rst:232
msgid "Example"
msgstr "Example"
-#: ../../configuration/service/pppoe-server.rst:144
+#: ../../configuration/service/pppoe-server.rst:131
msgid "Example, from radius-server send command for disconnect client with username test"
msgstr "Example, from radius-server send command for disconnect client with username test"
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-eapol.txt:18
-#: ../../_include/interface-eapol.txt:33
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/pppoe.rst:127
#: ../../configuration/interfaces/pppoe.rst:140
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/sstp-client.rst:49
#: ../../configuration/interfaces/sstp-client.rst:62
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
+#: ../../configuration/nat/nat44.rst:170
+#: ../../configuration/nat/nat44.rst:185
+#: ../../configuration/nat/nat44.rst:199
+#: ../../configuration/nat/nat44.rst:220
+#: ../../configuration/nat/nat44.rst:256
+#: ../../configuration/nat/nat44.rst:278
+#: ../../configuration/nat/nat44.rst:425
+#: ../../configuration/nat/nat66.rst:78
+#: ../../configuration/nat/nat66.rst:96
+#: ../../configuration/protocols/static.rst:174
+#: ../../configuration/service/dns.rst:363
+#: ../../configuration/service/monitoring.rst:69
+#: ../../configuration/service/monitoring.rst:98
+#: ../../configuration/service/ssh.rst:165
+#: ../../configuration/service/ssh.rst:200
+#: ../../configuration/system/flow-accounting.rst:164
+#: ../../configuration/vpn/l2tp.rst:41
+#: ../../configuration/vpn/site2site_ipsec.rst:162
+#: ../../configuration/vpn/site2site_ipsec.rst:273
#: ../../_include/interface-address-with-dhcp.txt:22
+#: ../../_include/interface-address.txt:9
#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
#: ../../_include/interface-dhcp-options.txt:10
#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
+#: ../../_include/interface-dhcp-options.txt:39
+#: ../../_include/interface-dhcp-options.txt:51
+#: ../../_include/interface-dhcp-options.txt:62
+#: ../../_include/interface-dhcp-options.txt:77
+#: ../../_include/interface-dhcp-options.txt:91
#: ../../_include/interface-disable-flow-control.txt:19
#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
+#: ../../_include/interface-eapol.txt:18
+#: ../../_include/interface-eapol.txt:33
#: ../../_include/interface-ip.txt:27
#: ../../_include/interface-ip.txt:50
#: ../../_include/interface-ip.txt:144
@@ -5606,120 +5062,22 @@ msgstr "Example, from radius-server send command for disconnect client with user
#: ../../_include/interface-ipv6.txt:51
#: ../../_include/interface-ipv6.txt:83
#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
#: ../../_include/interface-mac.txt:7
#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
+#: ../../_include/interface-per-client-thread.txt:10
#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../configuration/nat/nat44.rst:153
-#: ../../configuration/nat/nat44.rst:163
-#: ../../configuration/nat/nat44.rst:173
-#: ../../configuration/nat/nat44.rst:187
-#: ../../configuration/nat/nat44.rst:208
-#: ../../configuration/nat/nat44.rst:244
-#: ../../configuration/nat/nat44.rst:266
-#: ../../configuration/nat/nat44.rst:411
-#: ../../configuration/nat/nat66.rst:78
-#: ../../configuration/nat/nat66.rst:96
-#: ../../configuration/protocols/static.rst:174
-#: ../../configuration/service/dns.rst:350
-#: ../../configuration/service/monitoring.rst:69
-#: ../../configuration/service/monitoring.rst:98
-#: ../../configuration/service/ssh.rst:165
-#: ../../configuration/service/ssh.rst:200
-#: ../../configuration/system/flow-accounting.rst:164
-#: ../../configuration/vpn/l2tp.rst:41
-#: ../../configuration/vpn/site2site_ipsec.rst:158
-#: ../../configuration/vpn/site2site_ipsec.rst:269
msgid "Example:"
msgstr "Example:"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
-#: ../../configuration/nat/nat44.rst:357
+#: ../../configuration/nat/nat44.rst:371
msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
msgstr "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
msgstr "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
@@ -5769,24 +5127,24 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is `
msgid "Example Configuration"
msgstr "Example Configuration"
-#: ../../configuration/service/dns.rst:365
+#: ../../configuration/service/dns.rst:378
msgid "Example IPv6 only:"
msgstr "Example IPv6 only:"
-#: ../../configuration/nat/nat44.rst:666
+#: ../../configuration/nat/nat44.rst:690
msgid "Example Network"
msgstr "Example Network"
-#: ../../configuration/firewall/general.rst:1495
-#: ../../configuration/firewall/general-legacy.rst:979
+#: ../../configuration/firewall/ipv4.rst:1130
+#: ../../configuration/firewall/ipv6.rst:1153
msgid "Example Partial Config"
msgstr "Example Partial Config"
-#: ../../configuration/protocols/ospf.rst:1346
+#: ../../configuration/protocols/ospf.rst:1348
msgid "Example configuration for WireGuard interfaces:"
msgstr "Example configuration for WireGuard interfaces:"
-#: ../../configuration/service/pppoe-server.rst:160
+#: ../../configuration/service/pppoe-server.rst:147
msgid "Example for changing rate-limit via RADIUS CoA."
msgstr "Example for changing rate-limit via RADIUS CoA."
@@ -5794,28 +5152,31 @@ msgstr "Example for changing rate-limit via RADIUS CoA."
msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
-#: ../../configuration/nat/nat44.rst:280
+#: ../../configuration/nat/nat44.rst:292
msgid "Example of redirection:"
msgstr "Example of redirection:"
-#: ../../configuration/firewall/general.rst:1278
+#: ../../configuration/firewall/ipv4.rst:925
+#: ../../configuration/firewall/ipv6.rst:934
msgid "Example synproxy"
msgstr "Example synproxy"
+#: ../../configuration/firewall/groups.rst:145
#: ../../configuration/interfaces/bridge.rst:187
#: ../../configuration/interfaces/macsec.rst:153
#: ../../configuration/interfaces/wireless.rst:541
#: ../../configuration/loadbalancing/reverse-proxy.rst:187
#: ../../configuration/policy/index.rst:46
-#: ../../configuration/protocols/bgp.rst:1095
-#: ../../configuration/protocols/isis.rst:308
+#: ../../configuration/protocols/bgp.rst:1096
+#: ../../configuration/protocols/isis.rst:336
#: ../../configuration/protocols/ospf.rst:834
-#: ../../configuration/service/pppoe-server.rst:356
+#: ../../configuration/service/pppoe-server.rst:343
#: ../../configuration/service/webproxy.rst:419
msgid "Examples"
msgstr "Examples"
-#: ../../configuration/vpn/site2site_ipsec.rst:153
+#: ../../configuration/nat/nat44.rst:154
+#: ../../configuration/vpn/site2site_ipsec.rst:157
msgid "Examples:"
msgstr "Examples:"
@@ -5847,11 +5208,15 @@ msgstr "Exit policy on match: go to rule <1-65535>"
msgid "Expedited forwarding (EF)"
msgstr "Expedited forwarding (EF)"
+#: ../../configuration/firewall/flowtables.rst:140
+msgid "Explanation"
+msgstr "Explanation"
+
#: ../../configuration/service/salt-minion.rst:33
msgid "Explicitly declare ID for this minion to use (default: hostname)"
msgstr "Explicitly declare ID for this minion to use (default: hostname)"
-#: ../../configuration/service/dhcp-relay.rst:176
+#: ../../configuration/service/dhcp-relay.rst:178
msgid "External DHCPv6 server is at 2001:db8::4"
msgstr "External DHCPv6 server is at 2001:db8::4"
@@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds
msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
+#: ../../configuration/system/frr.rst:5
+msgid "FRR"
+msgstr "FRR"
+
#: ../../configuration/protocols/ospf.rst:213
msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
msgstr "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
-#: ../../configuration/interfaces/vxlan.rst:138
+#: ../../configuration/interfaces/vxlan.rst:159
msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
@@ -5905,8 +5274,8 @@ msgstr "Facility Code"
#: ../../configuration/loadbalancing/wan.rst:218
#: ../../configuration/protocols/failover.rst:3
-#: ../../configuration/service/dhcp-server.rst:171
-#: ../../configuration/service/dhcp-server.rst:428
+#: ../../configuration/service/dhcp-server.rst:136
+#: ../../configuration/service/dhcp-server.rst:369
msgid "Failover"
msgstr "Failover"
@@ -5942,15 +5311,15 @@ msgstr "Features of the Current Implementation"
msgid "Field"
msgstr "Field"
-#: ../../configuration/service/dns.rst:228
+#: ../../configuration/service/dns.rst:241
msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
-#: ../../configuration/service/pppoe-server.rst:241
+#: ../../configuration/service/pppoe-server.rst:228
msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
-#: ../../configuration/service/pppoe-server.rst:167
+#: ../../configuration/service/pppoe-server.rst:154
msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
@@ -5982,6 +5351,14 @@ msgstr "Firewall"
msgid "Firewall-Legacy"
msgstr "Firewall-Legacy"
+#: ../../configuration/firewall/ipv4.rst:72
+msgid "Firewall - IPv4 Rules"
+msgstr "Firewall - IPv4 Rules"
+
+#: ../../configuration/firewall/ipv6.rst:72
+msgid "Firewall - IPv6 Rules"
+msgstr "Firewall - IPv6 Rules"
+
#: ../../configuration/firewall/general.rst:7
msgid "Firewall Configuration"
msgstr "Firewall Configuration"
@@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration"
msgid "Firewall Configuration (Deprecated)"
msgstr "Firewall Configuration (Deprecated)"
-#: ../../configuration/firewall/general.rst:495
+#: ../../configuration/firewall/bridge.rst:199
+#: ../../configuration/firewall/ipv4.rst:268
+#: ../../configuration/firewall/ipv6.rst:268
msgid "Firewall Description"
msgstr "Firewall Description"
@@ -5999,7 +5378,9 @@ msgstr "Firewall Description"
msgid "Firewall Exceptions"
msgstr "Firewall Exceptions"
-#: ../../configuration/firewall/general.rst:410
+#: ../../configuration/firewall/bridge.rst:149
+#: ../../configuration/firewall/ipv4.rst:196
+#: ../../configuration/firewall/ipv6.rst:196
msgid "Firewall Logs"
msgstr "Firewall Logs"
@@ -6007,6 +5388,14 @@ msgstr "Firewall Logs"
msgid "Firewall Rules"
msgstr "Firewall Rules"
+#: ../../configuration/firewall/groups.rst:7
+msgid "Firewall groups"
+msgstr "Firewall groups"
+
+#: ../../configuration/firewall/groups.rst:13
+msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+
#: ../../configuration/firewall/general.rst:186
msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
@@ -6023,10 +5412,14 @@ msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark``
msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
-#: ../../configuration/nat/nat44.rst:620
+#: ../../configuration/nat/nat44.rst:644
msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
msgstr "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
+#: ../../configuration/nat/nat44.rst:572
+msgid "Firewall rules for Destination NAT"
+msgstr "Firewall rules for Destination NAT"
+
#: ../../configuration/interfaces/wwan.rst:321
msgid "Firmware Update"
msgstr "Firmware Update"
@@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi
msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
msgstr "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
-#: ../../configuration/nat/nat44.rst:635
+#: ../../configuration/nat/nat44.rst:659
msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
@@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu
msgid "First steps"
msgstr "First steps"
-#: ../../configuration/vpn/openconnect.rst:171
+#: ../../configuration/vpn/openconnect.rst:178
msgid "First the OTP keys must be generated and sent to the user and to the configuration:"
msgstr "First the OTP keys must be generated and sent to the user and to the configuration:"
@@ -6103,10 +5496,30 @@ msgstr "Flow and packet-based balancing"
msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
+#: ../../configuration/firewall/flowtables.rst:57
+msgid "Flowtable Configuration"
+msgstr "Flowtable Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:7
+msgid "Flowtables Firewall Configuration"
+msgstr "Flowtables Firewall Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:32
+msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+
#: ../../configuration/loadbalancing/wan.rst:244
msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
+#: ../../configuration/service/ssh.rst:236
+msgid "Follow the SSH dynamic-protection log."
+msgstr "Follow the SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:228
+msgid "Follow the SSH server log."
+msgstr "Follow the SSH server log."
+
#: ../../configuration/vpn/openconnect.rst:102
msgid "Follow the instructions to generate CA cert (in configuration mode):"
msgstr "Follow the instructions to generate CA cert (in configuration mode):"
@@ -6115,6 +5528,10 @@ msgstr "Follow the instructions to generate CA cert (in configuration mode):"
msgid "Follow the instructions to generate server cert (in configuration mode):"
msgstr "Follow the instructions to generate server cert (in configuration mode):"
+#: ../../configuration/service/mdns.rst:91
+msgid "Follow the logs for mDNS repeater service."
+msgstr "Follow the logs for mDNS repeater service."
+
#: ../../configuration/interfaces/openvpn.rst:258
msgid "For Encryption:"
msgstr "For Encryption:"
@@ -6131,11 +5548,11 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router
msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
-#: ../../configuration/service/pppoe-server.rst:201
+#: ../../configuration/service/pppoe-server.rst:188
msgid "For Local Users"
msgstr "For Local Users"
-#: ../../configuration/service/pppoe-server.rst:236
+#: ../../configuration/service/pppoe-server.rst:223
msgid "For RADIUS users"
msgstr "For RADIUS users"
@@ -6147,11 +5564,11 @@ msgstr "For USB port information please refor to: :ref:`hardware_usb`."
msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
msgstr "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
-#: ../../configuration/nat/nat44.rst:263
+#: ../../configuration/nat/nat44.rst:275
msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
msgstr "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
-#: ../../configuration/nat/nat44.rst:228
+#: ../../configuration/nat/nat44.rst:240
msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
@@ -6163,7 +5580,7 @@ msgstr "For a headstart you can use the below example on how to build a bond,por
msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
-#: ../../configuration/nat/nat44.rst:248
+#: ../../configuration/nat/nat44.rst:260
msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
msgstr "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
@@ -6187,7 +5604,9 @@ msgstr "For example:"
msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
-#: ../../configuration/firewall/general.rst:320
+#: ../../configuration/firewall/bridge.rst:58
+#: ../../configuration/firewall/ipv4.rst:74
+#: ../../configuration/firewall/ipv6.rst:74
msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
@@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc
msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
msgstr "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
-#: ../../configuration/service/pppoe-server.rst:312
+#: ../../configuration/service/pppoe-server.rst:299
msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
-#: ../../configuration/interfaces/vxlan.rst:131
+#: ../../configuration/interfaces/vxlan.rst:152
msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
@@ -6235,7 +5654,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead
msgid "For outbound updates the order of preference is:"
msgstr "For outbound updates the order of preference is:"
-#: ../../configuration/firewall/general.rst:497
+#: ../../configuration/firewall/bridge.rst:201
+msgid "For reference, a description can be defined for every defined custom chain."
+msgstr "For reference, a description can be defined for every defined custom chain."
+
+#: ../../configuration/firewall/ipv4.rst:270
+#: ../../configuration/firewall/ipv6.rst:270
msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."
msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain."
@@ -6279,10 +5703,28 @@ msgstr "For the sake of demonstration, `example #1 in the official documentation
msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+
+#: ../../configuration/firewall/ipv4.rst:46
+#: ../../configuration/firewall/ipv6.rst:46
+msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+
#: ../../configuration/firewall/general.rst:69
msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
+#: ../../configuration/firewall/ipv4.rst:36
+#: ../../configuration/firewall/ipv6.rst:36
+msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+
#: ../../configuration/firewall/general.rst:62
msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
@@ -6315,6 +5757,14 @@ msgstr "From :rfc:`1930`:"
msgid "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
msgstr "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
+#: ../../configuration/firewall/bridge.rst:21
+#: ../../configuration/firewall/flowtables.rst:20
+#: ../../configuration/firewall/ipv4.rst:19
+#: ../../configuration/firewall/ipv6.rst:19
+#: ../../configuration/firewall/zone.rst:31
+msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+
#: ../../configuration/highavailability/index.rst:380
msgid "Fwmark"
msgstr "Fwmark"
@@ -6369,6 +5819,10 @@ msgstr "General"
msgid "General Configuration"
msgstr "General Configuration"
+#: ../../configuration/firewall/bridge.rst:291
+msgid "General commands for firewall configuration, counter and statiscits:"
+msgstr "General commands for firewall configuration, counter and statiscits:"
+
#: ../../configuration/interfaces/wireguard.rst:29
msgid "Generate Keypair"
msgstr "Generate Keypair"
@@ -6424,6 +5878,10 @@ msgstr "Get an overview over the encryption counters."
msgid "Get detailed information about LLDP neighbors."
msgstr "Get detailed information about LLDP neighbors."
+#: ../../configuration/nat/nat66.rst:160
+msgid "Get the DHCPv6-PD prefixes from both routers:"
+msgstr "Get the DHCPv6-PD prefixes from both routers:"
+
#: ../../configuration/protocols/rpki.rst:39
msgid "Getting started"
msgstr "Getting started"
@@ -6444,6 +5902,10 @@ msgstr "Gloabal"
msgid "Global Options"
msgstr "Global Options"
+#: ../../configuration/firewall/global-options.rst:7
+msgid "Global Options Firewall Configuration"
+msgstr "Global Options Firewall Configuration"
+
#: ../../configuration/highavailability/index.rst:224
msgid "Global options"
msgstr "Global options"
@@ -6465,7 +5927,6 @@ msgstr "Graceful Restart"
msgid "Gratuitous ARP"
msgstr "Gratuitous ARP"
-#: ../../configuration/firewall/general.rst:184
#: ../../configuration/firewall/general-legacy.rst:153
msgid "Groups"
msgstr "Groups"
@@ -6482,7 +5943,11 @@ msgstr "HQ's router requires the following steps to generate crypto materials fo
msgid "HTTP-API"
msgstr "HTTP-API"
-#: ../../configuration/service/dns.rst:304
+#: ../../configuration/service/https.rst:5
+msgid "HTTP API"
+msgstr "HTTP API"
+
+#: ../../configuration/service/dns.rst:317
msgid "HTTP based services"
msgstr "HTTP based services"
@@ -6499,11 +5964,11 @@ msgstr "HTTP client"
msgid "HT (High Throughput) capabilities (802.11n)"
msgstr "HT (High Throughput) capabilities (802.11n)"
-#: ../../configuration/nat/nat44.rst:398
+#: ../../configuration/nat/nat44.rst:412
msgid "Hairpin NAT/NAT Reflection"
msgstr "Hairpin NAT/NAT Reflection"
-#: ../../configuration/service/dhcp-server.rst:643
+#: ../../configuration/service/dhcp-server.rst:573
msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
@@ -6511,7 +5976,7 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe
msgid "Handling and monitoring"
msgstr "Handling and monitoring"
-#: ../../configuration/nat/nat44.rst:389
+#: ../../configuration/nat/nat44.rst:403
msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
@@ -6527,15 +5992,15 @@ msgstr "Health check scripts"
msgid "Health checks"
msgstr "Health checks"
-#: ../../configuration/nat/nat44.rst:602
+#: ../../configuration/nat/nat44.rst:626
msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
-#: ../../configuration/nat/nat44.rst:668
+#: ../../configuration/nat/nat44.rst:692
msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
msgstr "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
-#: ../../configuration/protocols/isis.rst:357
+#: ../../configuration/protocols/isis.rst:385
msgid "Here's the IP routes that are populated. Just the loopback:"
msgstr "Here's the IP routes that are populated. Just the loopback:"
@@ -6563,37 +6028,22 @@ msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:"
msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
-#: ../../configuration/protocols/isis.rst:523
+#: ../../configuration/firewall/groups.rst:150
+msgid "Here is an example were multiple groups are created:"
+msgstr "Here is an example were multiple groups are created:"
+
+#: ../../configuration/protocols/isis.rst:551
#: ../../configuration/protocols/ospf.rst:1036
#: ../../configuration/protocols/segment-routing.rst:251
#: ../../configuration/protocols/segment-routing.rst:330
msgid "Here is the routing tables showing the MPLS segment routing label operations:"
msgstr "Here is the routing tables showing the MPLS segment routing label operations:"
-#: ../../configuration/nat/nat44.rst:633
+#: ../../configuration/nat/nat44.rst:657
msgid "Here we provide two examples on how to apply NAT Load Balance."
msgstr "Here we provide two examples on how to apply NAT Load Balance."
#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
msgid "Hewlett-Packard call it Source-Port filtering or port-isolation"
msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation"
@@ -6624,7 +6074,7 @@ msgstr "Host Information"
msgid "Host name"
msgstr "Host name"
-#: ../../configuration/service/dhcp-server.rst:698
+#: ../../configuration/service/dhcp-server.rst:630
msgid "Host specific mapping shall be named ``client1``"
msgstr "Host specific mapping shall be named ``client1``"
@@ -6677,17 +6127,10 @@ msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in
msgstr "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network."
#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
msgstr "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
@@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard tha
msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
msgstr "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
-#: ../../configuration/protocols/igmp.rst:179
+#: ../../configuration/protocols/pim.rst:176
+msgid "IGMP - Internet Group Management Protocol)"
+msgstr "IGMP - Internet Group Management Protocol)"
+
+#: ../../configuration/protocols/igmp-proxy.rst:7
msgid "IGMP Proxy"
msgstr "IGMP Proxy"
-#: ../../configuration/nat/nat44.rst:726
+#: ../../configuration/nat/nat44.rst:748
msgid "IKE Phase:"
msgstr "IKE Phase:"
@@ -6711,11 +6158,11 @@ msgstr "IKE (Internet Key Exchange) Attributes"
msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
-#: ../../configuration/vpn/site2site_ipsec.rst:156
+#: ../../configuration/vpn/site2site_ipsec.rst:160
msgid "IKEv1"
msgstr "IKEv1"
-#: ../../configuration/vpn/site2site_ipsec.rst:267
+#: ../../configuration/vpn/site2site_ipsec.rst:271
msgid "IKEv2"
msgstr "IKEv2"
@@ -6739,11 +6186,11 @@ msgstr "IPIP6"
msgid "IPSec:"
msgstr "IPSec:"
-#: ../../configuration/nat/nat44.rst:722
+#: ../../configuration/nat/nat44.rst:744
msgid "IPSec IKE and ESP"
msgstr "IPSec IKE and ESP"
-#: ../../configuration/nat/nat44.rst:687
+#: ../../configuration/nat/nat44.rst:711
msgid "IPSec IKE and ESP Groups;"
msgstr "IPSec IKE and ESP Groups;"
@@ -6751,19 +6198,19 @@ msgstr "IPSec IKE and ESP Groups;"
msgid "IPSec IKEv2 Remote Access VPN"
msgstr "IPSec IKEv2 Remote Access VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN"
msgstr "IPSec IKEv2 site2site VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
-#: ../../configuration/nat/nat44.rst:758
+#: ../../configuration/nat/nat44.rst:780
msgid "IPSec VPN Tunnels"
msgstr "IPSec VPN Tunnels"
-#: ../../configuration/nat/nat44.rst:688
+#: ../../configuration/nat/nat44.rst:712
msgid "IPSec VPN tunnels."
msgstr "IPSec VPN tunnels."
@@ -6771,7 +6218,7 @@ msgstr "IPSec VPN tunnels."
msgid "IP address"
msgstr "IP address"
-#: ../../configuration/service/dhcp-server.rst:237
+#: ../../configuration/service/dhcp-server.rst:202
msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
@@ -6780,19 +6227,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named
msgid "IP address ``192.168.2.1/24``"
msgstr "IP address ``192.168.2.1/24``"
-#: ../../configuration/service/dhcp-server.rst:319
+#: ../../configuration/service/dhcp-server.rst:286
msgid "IP address for DHCP server identifier"
msgstr "IP address for DHCP server identifier"
-#: ../../configuration/service/dhcp-server.rst:309
+#: ../../configuration/service/dhcp-server.rst:276
msgid "IP address of NTP server"
msgstr "IP address of NTP server"
-#: ../../configuration/service/dhcp-server.rst:349
+#: ../../configuration/service/dhcp-server.rst:316
msgid "IP address of POP3 server"
msgstr "IP address of POP3 server"
-#: ../../configuration/service/dhcp-server.rst:344
+#: ../../configuration/service/dhcp-server.rst:311
msgid "IP address of SMTP server"
msgstr "IP address of SMTP server"
@@ -6808,7 +6255,7 @@ msgstr "IP address of route to match, based on prefix-list."
msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/dhcp-server.rst:379
+#: ../../configuration/service/dhcp-server.rst:346
msgid "IP address to exclude from DHCP lease range"
msgstr "IP address to exclude from DHCP lease range"
@@ -6884,19 +6331,23 @@ msgstr "IPsec"
msgid "IPsec policy matching GRE"
msgstr "IPsec policy matching GRE"
-#: ../../configuration/service/pppoe-server.rst:359
+#: ../../configuration/service/pppoe-server.rst:346
msgid "IPv4"
msgstr "IPv4"
-#: ../../configuration/interfaces/vxlan.rst:85
+#: ../../configuration/interfaces/vxlan.rst:106
msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
-#: ../../configuration/service/dhcp-server.rst:324
+#: ../../configuration/firewall/ipv4.rst:7
+msgid "IPv4 Firewall Configuration"
+msgstr "IPv4 Firewall Configuration"
+
+#: ../../configuration/service/dhcp-server.rst:291
msgid "IPv4 address of next bootstrap server"
msgstr "IPv4 address of next bootstrap server"
-#: ../../configuration/service/dhcp-server.rst:284
+#: ../../configuration/service/dhcp-server.rst:251
msgid "IPv4 address of router on the client's subnet"
msgstr "IPv4 address of router on the client's subnet"
@@ -6904,7 +6355,7 @@ msgstr "IPv4 address of router on the client's subnet"
msgid "IPv4 or IPv6 source address of NetFlow packets"
msgstr "IPv4 or IPv6 source address of NetFlow packets"
-#: ../../configuration/protocols/bgp.rst:1098
+#: ../../configuration/protocols/bgp.rst:1099
msgid "IPv4 peering"
msgstr "IPv4 peering"
@@ -6925,7 +6376,7 @@ msgid "IPv4 server"
msgstr "IPv4 server"
#: ../../configuration/interfaces/pppoe.rst:244
-#: ../../configuration/service/pppoe-server.rst:280
+#: ../../configuration/service/pppoe-server.rst:267
#: ../../configuration/system/ipv6.rst:3
msgid "IPv6"
msgstr "IPv6"
@@ -6942,11 +6393,15 @@ msgstr "IPv6 DHCPv6-PD Example"
msgid "IPv6 DNS addresses are optional."
msgstr "IPv6 DNS addresses are optional."
+#: ../../configuration/firewall/ipv6.rst:7
+msgid "IPv6 Firewall Configuration"
+msgstr "IPv6 Firewall Configuration"
+
#: ../../configuration/protocols/pim6.rst:5
msgid "IPv6 Multicast"
msgstr "IPv6 Multicast"
-#: ../../configuration/service/pppoe-server.rst:295
+#: ../../configuration/service/pppoe-server.rst:282
msgid "IPv6 Prefix Delegation"
msgstr "IPv6 Prefix Delegation"
@@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC and IA-PD"
msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
-#: ../../configuration/service/dhcp-server.rst:696
+#: ../../configuration/service/dhcp-server.rst:628
msgid "IPv6 address ``2001:db8::101`` shall be statically mapped"
msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped"
@@ -6978,11 +6433,11 @@ msgstr "IPv6 address of route to match, based on IPv6 prefix-list."
msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/pppoe-server.rst:283
+#: ../../configuration/service/pppoe-server.rst:270
msgid "IPv6 client's prefix assignment"
msgstr "IPv6 client's prefix assignment"
-#: ../../configuration/protocols/bgp.rst:1143
+#: ../../configuration/protocols/bgp.rst:1144
msgid "IPv6 peering"
msgstr "IPv6 peering"
@@ -6990,7 +6445,7 @@ msgstr "IPv6 peering"
msgid "IPv6 prefix."
msgstr "IPv6 prefix."
-#: ../../configuration/service/dhcp-server.rst:697
+#: ../../configuration/service/dhcp-server.rst:629
msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
@@ -7002,7 +6457,7 @@ msgstr "IPv6 relay"
msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
-#: ../../configuration/service/dhcp-server.rst:578
+#: ../../configuration/service/dhcp-server.rst:502
msgid "IPv6 server"
msgstr "IPv6 server"
@@ -7022,11 +6477,11 @@ msgstr "IS-IS Global Configuration"
msgid "IS-IS SR Configuration"
msgstr "IS-IS SR Configuration"
-#: ../../configuration/service/dhcp-server.rst:266
+#: ../../configuration/service/dhcp-server.rst:233
msgid "ISC-DHCP Option name"
msgstr "ISC-DHCP Option name"
-#: ../../configuration/vpn/openconnect.rst:226
+#: ../../configuration/vpn/openconnect.rst:233
msgid "Identity Based Configuration"
msgstr "Identity Based Configuration"
@@ -7043,10 +6498,17 @@ msgid "If CA is present, this certificate will be included in generated CRLs"
msgstr "If CA is present, this certificate will be included in generated CRLs"
#: ../../_include/interface-per-client-thread.txt:8
-#: ../../_include/interface-per-client-thread.txt:8
msgid "If CLI option is not specified, this feature is disabled."
msgstr "If CLI option is not specified, this feature is disabled."
+#: ../../configuration/protocols/pim.rst:35
+msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+
+#: ../../configuration/protocols/pim.rst:42
+msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+
#: ../../configuration/protocols/bgp.rst:225
msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
@@ -7072,7 +6534,9 @@ msgstr "If a response is heard, the lease is abandoned, and the server does not
msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
-#: ../../configuration/firewall/general.rst:329
+#: ../../configuration/firewall/bridge.rst:67
+#: ../../configuration/firewall/ipv4.rst:83
+#: ../../configuration/firewall/ipv6.rst:83
msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
@@ -7088,72 +6552,19 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918
msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
+#: ../../configuration/protocols/pim.rst:106
+msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
#: ../../_include/interface-ip.txt:72
msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
msgstr "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
msgid "If configured, reply only if the target IP address is local address configured on the incoming interface."
msgstr "If configured, reply only if the target IP address is local address configured on the incoming interface."
#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
msgstr "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
@@ -7161,7 +6572,7 @@ msgstr "If configured, try to avoid local addresses that are not in the target's
msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
-#: ../../configuration/nat/nat44.rst:542
+#: ../../configuration/nat/nat44.rst:564
msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
@@ -7169,7 +6580,15 @@ msgstr "If forwarding traffic to a different port than it is arriving on, you ma
msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
-#: ../../configuration/protocols/igmp.rst:221
+#: ../../configuration/firewall/index.rst:82
+msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:25
+msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+
+#: ../../configuration/protocols/igmp-proxy.rst:49
msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
@@ -7193,7 +6612,7 @@ msgstr "If multi-pathing is enabled, then check whether the routes not yet disti
msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
-#: ../../configuration/nat/nat44.rst:205
+#: ../../configuration/nat/nat44.rst:217
msgid "If no destination is specified the rule will match on any destination address and port."
msgstr "If no destination is specified the rule will match on any destination address and port."
@@ -7206,52 +6625,18 @@ msgid "If no option is specified, this defaults to `all`."
msgstr "If no option is specified, this defaults to `all`."
#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
msgstr "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
+#: ../../configuration/protocols/pim.rst:142
+msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+
#: ../../configuration/system/ip.rst:17
msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
@@ -7260,25 +6645,6 @@ msgid "If suffix is omitted, minutes are implied."
msgstr "If suffix is omitted, minutes are implied."
#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
msgstr "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
@@ -7318,6 +6684,14 @@ msgstr "If the average queue size is lower than the **min-threshold**, an arrivi
msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
+#: ../../configuration/firewall/index.rst:83
+msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:26
+msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+
#: ../../configuration/interfaces/bonding.rst:187
#: ../../configuration/interfaces/bonding.rst:216
msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash."
@@ -7339,7 +6713,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack
msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
-#: ../../configuration/vpn/site2site_ipsec.rst:237
+#: ../../configuration/vpn/site2site_ipsec.rst:241
msgid "If there is SNAT rules on eth1, need to add exclude rule"
msgstr "If there is SNAT rules on eth1, need to add exclude rule"
@@ -7348,7 +6722,7 @@ msgstr "If there is SNAT rules on eth1, need to add exclude rule"
msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
msgstr "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
-#: ../../configuration/service/dhcp-relay.rst:166
+#: ../../configuration/service/dhcp-relay.rst:168
msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
@@ -7356,53 +6730,15 @@ msgstr "If this is set the relay agent will insert the interface ID. This option
msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
-#: ../../configuration/vpn/sstp.rst:172
+#: ../../configuration/vpn/sstp.rst:183
msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
msgid "If this option is unset (default), reply for any local target IP address, configured on any interface."
msgstr "If this option is unset (default), reply for any local target IP address, configured on any interface."
@@ -7422,7 +6758,7 @@ msgstr "If unset, incoming connections to the RADIUS server will use the nearest
msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
-#: ../../configuration/nat/nat44.rst:788
+#: ../../configuration/nat/nat44.rst:810
msgid "If you've completed all the above steps you no doubt want to see if it's all working."
msgstr "If you've completed all the above steps you no doubt want to see if it's all working."
@@ -7473,6 +6809,10 @@ msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceilin
msgid "If you enable this, you will probably want to set diversity-factor and channel below."
msgstr "If you enable this, you will probably want to set diversity-factor and channel below."
+#: ../../configuration/protocols/pim.rst:54
+msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+
#: ../../configuration/interfaces/bonding.rst:312
msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
@@ -7493,6 +6833,10 @@ msgstr "If you have a lot of interfaces, and/or a lot of subnets, then enabling
msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
+#: ../../configuration/protocols/pim.rst:171
+msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+
#: ../../configuration/system/flow-accounting.rst:65
msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
@@ -7541,7 +6885,7 @@ msgstr "Ignore VRRP main interface faults"
msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
-#: ../../configuration/vpn/site2site_ipsec.rst:275
+#: ../../configuration/vpn/site2site_ipsec.rst:279
msgid "Imagine the following topology"
msgstr "Imagine the following topology"
@@ -7574,35 +6918,14 @@ msgid "In VyOS, a class is identified by a number you can choose when configurin
msgstr "In VyOS, a class is identified by a number you can choose when configuring it."
#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
msgid "In :rfc:`3069` it is called VLAN Aggregation"
msgstr "In :rfc:`3069` it is called VLAN Aggregation"
-#: ../../configuration/firewall/zone.rst:41
+#: ../../configuration/firewall/zone.rst:60
msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
@@ -7611,8 +6934,6 @@ msgid "In a minimal configuration, the following must be provided:"
msgstr "In a minimal configuration, the following must be provided:"
#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
@@ -7632,15 +6953,9 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service
msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
#: ../../configuration/pki/index.rst:144
#: ../../configuration/pki/index.rst:159
+#: ../../configuration/pki/pki_cli_import_help.txt:1
msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
@@ -7656,8 +6971,7 @@ msgstr "In addition you will specifiy the IP address or FQDN for the client wher
msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
-#: ../../configuration/firewall/general.rst:194
-#: ../../configuration/firewall/general-legacy.rst:170
+#: ../../configuration/firewall/groups.rst:21
msgid "In an **address group** a single IP address or IP address ranges are defined."
msgstr "In an **address group** a single IP address or IP address ranges are defined."
@@ -7681,6 +6995,10 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random
msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
+#: ../../configuration/firewall/bridge.rst:70
+msgid "In firewall bridge rules, the action can be:"
+msgstr "In firewall bridge rules, the action can be:"
+
#: ../../configuration/protocols/ospf.rst:339
msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
@@ -7693,7 +7011,7 @@ msgstr "In large deployments it is not reasonable to configure each user individ
msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
-#: ../../configuration/service/dhcp-server.rst:196
+#: ../../configuration/service/dhcp-server.rst:161
msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
msgstr "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
@@ -7721,42 +7039,35 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps
msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
-#: ../../configuration/service/dhcp-server.rst:691
+#: ../../configuration/service/dhcp-server.rst:623
msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
+#: ../../configuration/interfaces/vxlan.rst:82
+msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+
#: ../../configuration/trafficpolicy/index.rst:402
msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
+#: ../../configuration/protocols/pim.rst:87
+msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+
#: ../../configuration/interfaces/ethernet.rst:95
msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
-#: ../../configuration/nat/nat44.rst:382
+#: ../../configuration/firewall/flowtables.rst:59
+msgid "In order to use flowtables, the minimal configuration needed includes:"
+msgstr "In order to use flowtables, the minimal configuration needed includes:"
+
+#: ../../configuration/nat/nat44.rst:396
msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
msgstr "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
msgid "In other words it allows control of which cards (usually 1) will respond to an arp request."
msgstr "In other words it allows control of which cards (usually 1) will respond to an arp request."
@@ -7764,7 +7075,7 @@ msgstr "In other words it allows control of which cards (usually 1) will respond
msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
msgstr "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
-#: ../../configuration/nat/nat44.rst:507
+#: ../../configuration/nat/nat44.rst:527
msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
@@ -7812,15 +7123,15 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound
msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
-#: ../../configuration/service/pppoe-server.rst:272
+#: ../../configuration/service/pppoe-server.rst:259
msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
-#: ../../configuration/nat/nat44.rst:321
+#: ../../configuration/nat/nat44.rst:333
msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
-#: ../../configuration/system/login.rst:397
+#: ../../configuration/system/login.rst:399
msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
@@ -7832,7 +7143,7 @@ msgstr "In the following example, the IPs for the remote clients are defined in
msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
msgstr "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
-#: ../../configuration/protocols/igmp.rst:37
+#: ../../configuration/protocols/pim.rst:219
msgid "In the following example we can see a basic multicast setup:"
msgstr "In the following example we can see a basic multicast setup:"
@@ -7856,11 +7167,11 @@ msgstr "In this command tree, all hardware acceleration options will be handled.
msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
-#: ../../configuration/nat/nat44.rst:344
+#: ../../configuration/nat/nat44.rst:358
msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
-#: ../../configuration/nat/nat44.rst:498
+#: ../../configuration/nat/nat44.rst:518
msgid "In this example, we will be using the example Quick Start configuration above as a starting point."
msgstr "In this example, we will be using the example Quick Start configuration above as a starting point."
@@ -7880,10 +7191,38 @@ msgstr "In this example we will use the most complicated case: a setup where eac
msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
-#: ../../configuration/service/dns.rst:152
+#: ../../configuration/service/dns.rst:165
msgid "In this scenario:"
msgstr "In this scenario:"
+#: ../../configuration/firewall/ipv4.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/ipv6.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+
+#: ../../configuration/firewall/zone.rst:25
+msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:289
+msgid "In this section you can find all useful firewall op-mode commands."
+msgstr "In this section you can find all useful firewall op-mode commands."
+
#: ../../configuration/service/webproxy.rst:95
msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
msgstr "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
@@ -7896,7 +7235,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
-#: ../../configuration/firewall/zone.rst:24
+#: ../../configuration/firewall/zone.rst:43
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
@@ -7916,11 +7255,11 @@ msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octet
msgid "Indication"
msgstr "Indication"
-#: ../../configuration/service/dhcp-server.rst:84
+#: ../../configuration/service/dhcp-server.rst:64
msgid "Individual Client Subnet"
msgstr "Individual Client Subnet"
-#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:49
msgid "Inform client that the DNS server can be found at `<address>`."
msgstr "Inform client that the DNS server can be found at `<address>`."
@@ -7940,53 +7279,19 @@ msgstr "Informational messages"
msgid "Input from `eth0` network interface"
msgstr "Input from `eth0` network interface"
+#: ../../configuration/firewall/bridge.rst:390
+msgid "Inspect logs:"
+msgstr "Inspect logs:"
+
#: ../../configuration/vpn/pptp.rst:32
msgid "Install the client software via apt and execute pptpsetup to generate the configuration."
msgstr "Install the client software via apt and execute pptpsetup to generate the configuration."
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/pppoe.rst:218
#: ../../configuration/interfaces/pppoe.rst:264
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/sstp-client.rst:90
#: ../../_include/interface-ip.txt:15
#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
@@ -7995,21 +7300,6 @@ msgid "Instead of password only authentication, 2FA password authentication + OT
msgstr "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:"
#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
msgstr "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
@@ -8035,7 +7325,7 @@ msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 1
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../configuration/firewall/general.rst:239
+#: ../../configuration/firewall/groups.rst:66
msgid "Interface Groups"
msgstr "Interface Groups"
@@ -8043,7 +7333,7 @@ msgstr "Interface Groups"
msgid "Interface Routes"
msgstr "Interface Routes"
-#: ../../configuration/protocols/igmp.rst:235
+#: ../../configuration/protocols/igmp-proxy.rst:63
msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
msgstr "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
@@ -8059,11 +7349,16 @@ msgstr "Interface for DHCP Relay Agent to forward requests out."
msgid "Interface for DHCP Relay Agent to listen for requests."
msgstr "Interface for DHCP Relay Agent to listen for requests."
+#: ../../configuration/protocols/pim.rst:133
+#: ../../configuration/protocols/pim.rst:186
+msgid "Interface specific commands"
+msgstr "Interface specific commands"
+
#: ../../configuration/service/conntrack-sync.rst:71
msgid "Interface to use for syncing conntrack entries."
msgstr "Interface to use for syncing conntrack entries."
-#: ../../configuration/interfaces/vxlan.rst:93
+#: ../../configuration/interfaces/vxlan.rst:114
msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
msgstr "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
@@ -8133,6 +7428,10 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis
msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
+#: ../../configuration/firewall/flowtables.rst:167
+msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+
#: ../../configuration/system/option.rst:111
msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
@@ -8150,7 +7449,7 @@ msgstr "It generates the keypair, which includes the public and private parts. T
msgid "It helps to support as HELPER only for planned restarts."
msgstr "It helps to support as HELPER only for planned restarts."
-#: ../../configuration/firewall/zone.rst:87
+#: ../../configuration/firewall/zone.rst:106
msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
@@ -8158,7 +7457,7 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b
msgid "It is compatible with Cisco (R) AnyConnect (R) clients."
msgstr "It is compatible with Cisco (R) AnyConnect (R) clients."
-#: ../../configuration/service/dhcp-server.rst:660
+#: ../../configuration/service/dhcp-server.rst:590
msgid "It is connected to ``eth1``"
msgstr "It is connected to ``eth1``"
@@ -8170,11 +7469,15 @@ msgstr "It is highly recommended to use SSH key authentication. By default there
msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
msgstr "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
+#: ../../configuration/nat/nat44.rst:574
+msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+
#: ../../configuration/nat/nat44.rst:549
msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
-#: ../../configuration/vrf/index.rst:503
+#: ../../configuration/vrf/index.rst:505
msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
@@ -8190,7 +7493,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because
msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
-#: ../../configuration/vrf/index.rst:494
+#: ../../configuration/vrf/index.rst:496
msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
@@ -8211,22 +7514,6 @@ msgid "It uses a stochastic model to classify incoming packets into different fl
msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
@@ -8258,11 +7545,11 @@ msgstr "Key Generation"
msgid "Key Management"
msgstr "Key Management"
-#: ../../configuration/vpn/site2site_ipsec.rst:374
+#: ../../configuration/vpn/site2site_ipsec.rst:383
msgid "Key Parameters:"
msgstr "Key Parameters:"
-#: ../../configuration/firewall/zone.rst:31
+#: ../../configuration/firewall/zone.rst:50
msgid "Key Points:"
msgstr "Key Points:"
@@ -8319,7 +7606,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`."
msgid "L2TPv3 options"
msgstr "L2TPv3 options"
-#: ../../configuration/vrf/index.rst:397
+#: ../../configuration/vrf/index.rst:399
msgid "L3VPN VRFs"
msgstr "L3VPN VRFs"
@@ -8360,19 +7647,19 @@ msgstr "Label Distribution Protocol"
msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
-#: ../../configuration/service/dhcp-server.rst:663
+#: ../../configuration/service/dhcp-server.rst:593
msgid "Lease time will be left at the default value which is 24 hours"
msgstr "Lease time will be left at the default value which is 24 hours"
-#: ../../configuration/service/dhcp-server.rst:369
+#: ../../configuration/service/dhcp-server.rst:336
msgid "Lease timeout in seconds (default: 86400)"
msgstr "Lease timeout in seconds (default: 86400)"
-#: ../../configuration/firewall/index.rst:47
+#: ../../configuration/firewall/index.rst:167
msgid "Legacy Firewall"
msgstr "Legacy Firewall"
-#: ../../configuration/interfaces/vxlan.rst:112
+#: ../../configuration/interfaces/vxlan.rst:133
msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
@@ -8404,7 +7691,7 @@ msgstr "Level 4 balancing"
msgid "Lifetime associated with the default router in units of seconds"
msgstr "Lifetime associated with the default router in units of seconds"
-#: ../../configuration/service/https.rst:72
+#: ../../configuration/service/https.rst:63
msgid "Lifetime in days; default is 365"
msgstr "Lifetime in days; default is 365"
@@ -8436,7 +7723,7 @@ msgstr "Limiter"
msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
-#: ../../configuration/system/login.rst:379
+#: ../../configuration/system/login.rst:381
msgid "Limits"
msgstr "Limits"
@@ -8452,7 +7739,7 @@ msgstr "Link MTU value placed in RAs, exluded in RAs if unset"
msgid "Link aggregation"
msgstr "Link aggregation"
-#: ../../configuration/nat/nat44.rst:372
+#: ../../configuration/nat/nat44.rst:386
msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
@@ -8480,7 +7767,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h
msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
-#: ../../configuration/policy/route-map.rst:360
+#: ../../configuration/policy/route-map.rst:362
msgid "List of well-known communities"
msgstr "List of well-known communities"
@@ -8504,15 +7791,15 @@ msgstr "Load-balancing algorithms to be used for distributind requests among the
msgid "Load-balancing schedule algorithm:"
msgstr "Load-balancing schedule algorithm:"
-#: ../../configuration/nat/nat44.rst:632
+#: ../../configuration/nat/nat44.rst:656
msgid "Load Balance"
msgstr "Load Balance"
-#: ../../configuration/service/pppoe-server.rst:256
+#: ../../configuration/service/pppoe-server.rst:243
msgid "Load Balancing"
msgstr "Load Balancing"
-#: ../../configuration/system/login.rst:420
+#: ../../configuration/system/login.rst:422
msgid "Load the container image in op-mode."
msgstr "Load the container image in op-mode."
@@ -8529,7 +7816,7 @@ msgstr "Local Configuration:"
msgid "Local Configuration - Annotated:"
msgstr "Local Configuration - Annotated:"
-#: ../../configuration/service/dhcp-server.rst:178
+#: ../../configuration/service/dhcp-server.rst:143
msgid "Local IP `<address>` used when communicating to the failover peer."
msgstr "Local IP `<address>` used when communicating to the failover peer."
@@ -8609,7 +7896,7 @@ msgstr "Log syslog messages to file specified via `<filename>`, for an explanati
msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
-#: ../../configuration/system/conntrack.rst:187
+#: ../../configuration/system/conntrack.rst:224
msgid "Log the connection tracking events per protocol."
msgstr "Log the connection tracking events per protocol."
@@ -8617,7 +7904,9 @@ msgstr "Log the connection tracking events per protocol."
msgid "Logging"
msgstr "Logging"
-#: ../../configuration/firewall/general.rst:412
+#: ../../configuration/firewall/bridge.rst:151
+#: ../../configuration/firewall/ipv4.rst:198
+#: ../../configuration/firewall/ipv6.rst:198
msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
@@ -8629,14 +7918,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact,
msgid "Login/User Management"
msgstr "Login/User Management"
-#: ../../configuration/system/login.rst:361
+#: ../../configuration/system/login.rst:363
msgid "Login Banner"
msgstr "Login Banner"
-#: ../../configuration/system/login.rst:381
+#: ../../configuration/system/login.rst:383
msgid "Login limits"
msgstr "Login limits"
+#: ../../configuration/protocols/isis.rst:306
+msgid "Loop Free Alternate (LFA)"
+msgstr "Loop Free Alternate (LFA)"
+
#: ../../configuration/interfaces/loopback.rst:7
msgid "Loopback"
msgstr "Loopback"
@@ -8660,8 +7953,7 @@ msgstr "MAC/PHY information"
msgid "MACVLAN - Pseudo Ethernet"
msgstr "MACVLAN - Pseudo Ethernet"
-#: ../../configuration/firewall/general.rst:282
-#: ../../configuration/firewall/general-legacy.rst:240
+#: ../../configuration/firewall/groups.rst:109
msgid "MAC Groups"
msgstr "MAC Groups"
@@ -8701,52 +7993,14 @@ msgstr "MPLS"
msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
msgstr "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/pppoe.rst:215
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/sstp-client.rst:87
#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
#: ../../configuration/interfaces/pppoe.rst:261
#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
@@ -8758,11 +8012,19 @@ msgstr "MTU"
msgid "Mail system"
msgstr "Mail system"
+#: ../../configuration/firewall/index.rst:20
+msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+
+#: ../../configuration/firewall/index.rst:91
+msgid "Main structure VyOS firewall cli is shown next:"
+msgstr "Main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/firewall/general.rst:20
msgid "Main structure is shown next:"
msgstr "Main structure is shown next:"
-#: ../../configuration/service/pppoe-server.rst:308
+#: ../../configuration/service/pppoe-server.rst:295
msgid "Maintenance mode"
msgstr "Maintenance mode"
@@ -8786,11 +8048,15 @@ msgstr "Mandatory Settings"
msgid "Manual Neighbor Configuration"
msgstr "Manual Neighbor Configuration"
-#: ../../configuration/interfaces/vxlan.rst:150
+#: ../../configuration/pki/index.rst:336
+msgid "Manually trigger certificate renewal. This will be done twice a day."
+msgstr "Manually trigger certificate renewal. This will be done twice a day."
+
+#: ../../configuration/interfaces/vxlan.rst:171
msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
-#: ../../configuration/vpn/sstp.rst:212
+#: ../../configuration/vpn/sstp.rst:223
msgid "Mark RADIUS server as offline for this given `<time>` in seconds."
msgstr "Mark RADIUS server as offline for this given `<time>` in seconds."
@@ -8810,7 +8076,8 @@ msgstr "Match BGP large communities."
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
-#: ../../configuration/firewall/general.rst:710
+#: ../../configuration/firewall/ipv4.rst:440
+#: ../../configuration/firewall/ipv6.rst:447
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
@@ -8822,18 +8089,18 @@ msgstr "Match RPKI validation result."
msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
-#: ../../configuration/firewall/general.rst:1091
-#: ../../configuration/firewall/general-legacy.rst:671
+#: ../../configuration/firewall/ipv4.rst:773
+#: ../../configuration/firewall/ipv6.rst:783
msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
-#: ../../configuration/firewall/general.rst:1158
-#: ../../configuration/firewall/general-legacy.rst:709
+#: ../../configuration/firewall/ipv4.rst:831
+#: ../../configuration/firewall/ipv6.rst:840
msgid "Match against the state of a packet."
msgstr "Match against the state of a packet."
-#: ../../configuration/firewall/general.rst:924
-#: ../../configuration/firewall/general-legacy.rst:590
+#: ../../configuration/firewall/ipv4.rst:620
+#: ../../configuration/firewall/ipv6.rst:630
msgid "Match based on dscp value."
msgstr "Match based on dscp value."
@@ -8841,18 +8108,28 @@ msgstr "Match based on dscp value."
msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
-#: ../../configuration/firewall/general.rst:937
-#: ../../configuration/firewall/general-legacy.rst:597
+#: ../../configuration/firewall/ipv4.rst:631
+#: ../../configuration/firewall/ipv6.rst:641
msgid "Match based on fragment criteria."
msgstr "Match based on fragment criteria."
-#: ../../configuration/firewall/general.rst:956
-#: ../../configuration/firewall/general-legacy.rst:604
+#: ../../configuration/firewall/ipv4.rst:642
+msgid "Match based on icmp code and type."
+msgstr "Match based on icmp code and type."
+
+#: ../../configuration/firewall/ipv4.rst:653
+msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:663
+msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:652
#: ../../configuration/policy/route.rst:131
msgid "Match based on icmp|icmpv6 code and type."
msgstr "Match based on icmp|icmpv6 code and type."
-#: ../../configuration/firewall/general.rst:975
#: ../../configuration/firewall/general-legacy.rst:610
msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
@@ -8869,8 +8146,20 @@ msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. Fo
msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1013
-#: ../../configuration/firewall/general-legacy.rst:630
+#: ../../configuration/firewall/bridge.rst:239
+#: ../../configuration/firewall/ipv4.rst:663
+#: ../../configuration/firewall/ipv6.rst:673
+msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:248
+#: ../../configuration/firewall/ipv4.rst:674
+#: ../../configuration/firewall/ipv6.rst:684
+msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:707
+#: ../../configuration/firewall/ipv6.rst:717
msgid "Match based on ipsec criteria."
msgstr "Match based on ipsec criteria."
@@ -8878,53 +8167,77 @@ msgstr "Match based on ipsec criteria."
msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1064
-#: ../../configuration/firewall/general-legacy.rst:656
+#: ../../configuration/firewall/bridge.rst:256
+#: ../../configuration/firewall/ipv4.rst:684
+#: ../../configuration/firewall/ipv6.rst:694
+msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:265
+#: ../../configuration/firewall/ipv4.rst:695
+#: ../../configuration/firewall/ipv6.rst:705
+msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:750
+#: ../../configuration/firewall/ipv6.rst:760
#: ../../configuration/policy/route.rst:176
msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
-#: ../../configuration/firewall/general.rst:1078
-#: ../../configuration/firewall/general-legacy.rst:664
+#: ../../configuration/firewall/ipv4.rst:762
+#: ../../configuration/firewall/ipv6.rst:772
#: ../../configuration/policy/route.rst:184
msgid "Match based on packet type criteria."
msgstr "Match based on packet type criteria."
-#: ../../configuration/firewall/general.rst:1039
-#: ../../configuration/firewall/general-legacy.rst:644
+#: ../../configuration/firewall/ipv4.rst:729
+#: ../../configuration/firewall/ipv6.rst:739
msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
-#: ../../configuration/firewall/general.rst:1026
-#: ../../configuration/firewall/general-legacy.rst:637
+#: ../../configuration/firewall/ipv4.rst:718
+#: ../../configuration/firewall/ipv6.rst:728
msgid "Match based on the maximum number of packets to allow in excess of rate."
msgstr "Match based on the maximum number of packets to allow in excess of rate."
-#: ../../configuration/firewall/general.rst:1124
-#: ../../configuration/firewall/general-legacy.rst:689
+#: ../../configuration/firewall/bridge.rst:273
+msgid "Match based on vlan ID. Range is also supported."
+msgstr "Match based on vlan ID. Range is also supported."
+
+#: ../../configuration/firewall/bridge.rst:280
+msgid "Match based on vlan priority(pcp). Range is also supported."
+msgstr "Match based on vlan priority(pcp). Range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:801
+#: ../../configuration/firewall/ipv6.rst:810
msgid "Match bases on recently seen sources."
msgstr "Match bases on recently seen sources."
-#: ../../configuration/firewall/general.rst:562
-#: ../../configuration/firewall/general-legacy.rst:394
+#: ../../configuration/firewall/ipv4.rst:325
+#: ../../configuration/firewall/ipv6.rst:325
msgid "Match criteria based on connection mark."
msgstr "Match criteria based on connection mark."
-#: ../../configuration/firewall/general.rst:549
-#: ../../configuration/firewall/general-legacy.rst:387
+#: ../../configuration/firewall/ipv4.rst:314
+#: ../../configuration/firewall/ipv6.rst:314
msgid "Match criteria based on nat connection status."
msgstr "Match criteria based on nat connection status."
-#: ../../configuration/firewall/general.rst:586
+#: ../../configuration/firewall/ipv4.rst:345
+#: ../../configuration/firewall/ipv6.rst:345
msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
+#: ../../configuration/firewall/bridge.rst:232
+msgid "Match criteria based on source and/or destination mac-address."
+msgstr "Match criteria based on source and/or destination mac-address."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:58
msgid "Match domain name"
msgstr "Match domain name"
-#: ../../configuration/firewall/general.rst:1234
-#: ../../configuration/firewall/general-legacy.rst:732
+#: ../../configuration/firewall/ipv6.rst:894
#: ../../configuration/policy/route.rst:234
msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
@@ -8937,19 +8250,19 @@ msgstr "Match local preference."
msgid "Match route metric."
msgstr "Match route metric."
-#: ../../configuration/firewall/general.rst:1222
-#: ../../configuration/firewall/general-legacy.rst:726
+#: ../../configuration/firewall/ipv4.rst:885
#: ../../configuration/policy/route.rst:229
msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
-#: ../../configuration/firewall/general.rst:1259
-#: ../../configuration/firewall/general-legacy.rst:742
+#: ../../configuration/firewall/ipv4.rst:906
+#: ../../configuration/firewall/ipv6.rst:915
msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
-#: ../../configuration/firewall/general.rst:534
-#: ../../configuration/firewall/general-legacy.rst:378
+#: ../../configuration/firewall/bridge.rst:219
+#: ../../configuration/firewall/ipv4.rst:301
+#: ../../configuration/firewall/ipv6.rst:301
#: ../../configuration/policy/route.rst:38
msgid "Matching criteria"
msgstr "Matching criteria"
@@ -8966,7 +8279,7 @@ msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets"
msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
-#: ../../configuration/vpn/sstp.rst:148
+#: ../../configuration/vpn/sstp.rst:159
msgid "Maximum number of IPv4 nameservers"
msgstr "Maximum number of IPv4 nameservers"
@@ -8978,7 +8291,11 @@ msgstr "Maximum number of authenticator processes to spawn. If you start too few
msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
-#: ../../configuration/vpn/sstp.rst:239
+#: ../../configuration/service/dns.rst:148
+msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+
+#: ../../configuration/vpn/sstp.rst:250
msgid "Maximum number of tries to send Access-Request/Accounting-Request queries"
msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries"
@@ -9010,6 +8327,26 @@ msgstr "Metris version, the default is ``2``"
msgid "Min and max intervals between unsolicited multicast RAs"
msgstr "Min and max intervals between unsolicited multicast RAs"
+#: ../../configuration/firewall/flowtables.rst:106
+msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+
+#: ../../configuration/protocols/pim.rst:49
+msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+
+#: ../../configuration/protocols/pim.rst:59
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
+#: ../../configuration/protocols/pim.rst:98
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+
+#: ../../configuration/protocols/pim.rst:82
+msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+
#: ../../configuration/interfaces/wireless.rst:22
msgid "Monitor, the system passively monitors any kind of wireless traffic"
msgstr "Monitor, the system passively monitors any kind of wireless traffic"
@@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN
msgid "Mount a volume into the container"
msgstr "Mount a volume into the container"
-#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:235
msgid "Multi"
msgstr "Multi"
@@ -9046,16 +8383,15 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa
msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
-#: ../../configuration/service/dhcp-server.rst:392
+#: ../../configuration/service/dhcp-server.rst:359
msgid "Multi: can be specified multiple times."
msgstr "Multi: can be specified multiple times."
-#: ../../configuration/interfaces/vxlan.rst:89
-#: ../../configuration/protocols/igmp.rst:7
+#: ../../configuration/interfaces/vxlan.rst:110
msgid "Multicast"
msgstr "Multicast"
-#: ../../configuration/interfaces/vxlan.rst:209
+#: ../../configuration/interfaces/vxlan.rst:230
msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
msgstr "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
@@ -9063,11 +8399,15 @@ msgstr "Multicast-routing is required for the leaves to forward traffic between
msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
msgstr "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
-#: ../../configuration/interfaces/vxlan.rst:105
+#: ../../configuration/service/mdns.rst:8
+msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+
+#: ../../configuration/interfaces/vxlan.rst:126
msgid "Multicast VXLAN"
msgstr "Multicast VXLAN"
-#: ../../configuration/interfaces/vxlan.rst:99
+#: ../../configuration/interfaces/vxlan.rst:120
msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
@@ -9075,7 +8415,7 @@ msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built
msgid "Multicast group to use for syncing conntrack entries."
msgstr "Multicast group to use for syncing conntrack entries."
-#: ../../configuration/protocols/igmp.rst:26
+#: ../../configuration/protocols/pim.rst:22
msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
@@ -9083,8 +8423,8 @@ msgstr "Multicast receivers will talk IGMP to their local router, so, besides ha
msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
-#: ../../configuration/service/dhcp-server.rst:59
-#: ../../configuration/service/dhcp-server.rst:106
+#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:92
msgid "Multiple DNS servers can be defined."
msgstr "Multiple DNS servers can be defined."
@@ -9096,7 +8436,7 @@ msgstr "Multiple RPKI caching instances can be supplied and they need a preferen
msgid "Multiple Uplinks"
msgstr "Multiple Uplinks"
-#: ../../configuration/interfaces/vxlan.rst:144
+#: ../../configuration/interfaces/vxlan.rst:165
msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
@@ -9108,7 +8448,7 @@ msgstr "Multiple aliases can pe specified per host-name."
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
-#: ../../configuration/system/conntrack.rst:122
+#: ../../configuration/system/conntrack.rst:150
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
@@ -9125,12 +8465,12 @@ msgstr "Multiple networks/client IP addresses can be configured."
msgid "Multiple servers can be specified."
msgstr "Multiple servers can be specified."
-#: ../../configuration/service/dns.rst:361
+#: ../../configuration/service/dns.rst:374
msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"
msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!"
-#: ../../configuration/firewall/general.rst:770
-#: ../../configuration/firewall/general-legacy.rst:515
+#: ../../configuration/firewall/ipv4.rst:494
+#: ../../configuration/firewall/ipv6.rst:500
msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
@@ -9147,18 +8487,18 @@ msgstr "Multiple users can connect to the same serial device but only one is all
msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
-#: ../../configuration/service/dhcp-server.rst:274
-#: ../../configuration/service/dhcp-server.rst:280
-#: ../../configuration/service/dhcp-server.rst:285
-#: ../../configuration/service/dhcp-server.rst:305
-#: ../../configuration/service/dhcp-server.rst:320
-#: ../../configuration/service/dhcp-server.rst:325
-#: ../../configuration/service/dhcp-server.rst:330
-#: ../../configuration/service/dhcp-server.rst:335
-#: ../../configuration/service/dhcp-server.rst:340
-#: ../../configuration/service/dhcp-server.rst:360
-#: ../../configuration/service/dhcp-server.rst:365
-#: ../../configuration/service/dhcp-server.rst:370
+#: ../../configuration/service/dhcp-server.rst:241
+#: ../../configuration/service/dhcp-server.rst:247
+#: ../../configuration/service/dhcp-server.rst:252
+#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:337
msgid "N"
msgstr "N"
@@ -9175,19 +8515,31 @@ msgstr "NAT, Routing, Firewall Interaction"
msgid "NAT44"
msgstr "NAT44"
+#: ../../configuration/nat/nat64.rst:5
+msgid "NAT64"
+msgstr "NAT64"
+
+#: ../../configuration/nat/nat64.rst:62
+msgid "NAT64 client configuration:"
+msgstr "NAT64 client configuration:"
+
+#: ../../configuration/nat/nat64.rst:44
+msgid "NAT64 server configuration:"
+msgstr "NAT64 server configuration:"
+
#: ../../configuration/nat/nat66.rst:5
msgid "NAT66(NPTv6)"
msgstr "NAT66(NPTv6)"
-#: ../../configuration/nat/nat44.rst:706
+#: ../../configuration/nat/nat44.rst:730
msgid "NAT Configuration"
msgstr "NAT Configuration"
-#: ../../configuration/nat/nat44.rst:287
+#: ../../configuration/nat/nat44.rst:299
msgid "NAT Load Balance"
msgstr "NAT Load Balance"
-#: ../../configuration/nat/nat44.rst:293
+#: ../../configuration/nat/nat44.rst:305
msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
@@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it
msgid "NAT Ruleset"
msgstr "NAT Ruleset"
-#: ../../configuration/nat/nat44.rst:686
+#: ../../configuration/nat/nat44.rst:710
msgid "NAT (specifically, Source NAT);"
msgstr "NAT (specifically, Source NAT);"
-#: ../../configuration/nat/nat44.rst:624
+#: ../../configuration/nat/nat44.rst:648
msgid "NAT before VPN"
msgstr "NAT before VPN"
-#: ../../configuration/nat/nat44.rst:677
-#: ../../configuration/nat/nat44.rst:677
+#: ../../configuration/nat/nat44.rst:701
msgid "NAT before VPN Topology"
msgstr "NAT before VPN Topology"
@@ -9236,7 +8587,7 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i
msgid "Name Server"
msgstr "Name Server"
-#: ../../configuration/service/dhcp-server.rst:389
+#: ../../configuration/service/dhcp-server.rst:356
msgid "Name of static mapping"
msgstr "Name of static mapping"
@@ -9244,11 +8595,11 @@ msgstr "Name of static mapping"
msgid "Name of the single table Only if set group-metrics single-table."
msgstr "Name of the single table Only if set group-metrics single-table."
-#: ../../configuration/service/dhcp-server.rst:329
+#: ../../configuration/service/dhcp-server.rst:296
msgid "Name or IPv4 address of TFTP server"
msgstr "Name or IPv4 address of TFTP server"
-#: ../../configuration/service/dhcp-server.rst:314
+#: ../../configuration/service/dhcp-server.rst:281
msgid "NetBIOS over TCP/IP name server"
msgstr "NetBIOS over TCP/IP name server"
@@ -9276,7 +8627,7 @@ msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the
msgid "NetFlow v5 example:"
msgstr "NetFlow v5 example:"
-#: ../../configuration/firewall/index.rst:16
+#: ../../configuration/firewall/index.rst:13
msgid "Netfilter based"
msgstr "Netfilter based"
@@ -9302,8 +8653,7 @@ msgstr "Network Control"
msgid "Network Emulator"
msgstr "Network Emulator"
-#: ../../configuration/firewall/general.rst:215
-#: ../../configuration/firewall/general-legacy.rst:191
+#: ../../configuration/firewall/groups.rst:42
msgid "Network Groups"
msgstr "Network Groups"
@@ -9315,7 +8665,7 @@ msgstr "Network ID (SSID) ``Enterprise-TEST``"
msgid "Network ID (SSID) ``TEST``"
msgstr "Network ID (SSID) ``TEST``"
-#: ../../configuration/protocols/igmp.rst:None
+#: ../../configuration/protocols/pim.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -9339,7 +8689,7 @@ msgstr "New user will use SHA/AES for authentication and privacy"
msgid "Next-hop interface for the route"
msgstr "Next-hop interface for the route"
-#: ../../configuration/vpn/openconnect.rst:205
+#: ../../configuration/vpn/openconnect.rst:212
msgid "Next it is necessary to configure 2FA for OpenConnect:"
msgstr "Next it is necessary to configure 2FA for OpenConnect:"
@@ -9428,7 +8778,7 @@ msgstr "Now we add the option to the scope, adapt to your setup"
msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
-#: ../../configuration/vpn/openconnect.rst:212
+#: ../../configuration/vpn/openconnect.rst:219
msgid "Now when connecting the user will first be asked for the password and then the OTP key."
msgstr "Now when connecting the user will first be asked for the password and then the OTP key."
@@ -9480,7 +8830,7 @@ msgstr "OTP-key generation"
msgid "Offloading"
msgstr "Offloading"
-#: ../../configuration/service/dhcp-server.rst:278
+#: ../../configuration/service/dhcp-server.rst:245
msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
@@ -9555,6 +8905,10 @@ msgstr "On the initiator, we need to set the remote-id option so that it can ide
msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
msgstr "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
+#: ../../configuration/protocols/pim.rst:120
+msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+
#: ../../configuration/vpn/rsa-keys.rst:57
msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
@@ -9564,25 +8918,6 @@ msgid "Once a class has a filter configured, you will also have to define what y
msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring."
#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
@@ -9606,6 +8941,10 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil
msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
+#: ../../configuration/firewall/flowtables.rst:38
+msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+
#: ../../configuration/service/pppoe-server.rst:63
msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
@@ -9614,11 +8953,11 @@ msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-addres
msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
-#: ../../configuration/service/pppoe-server.rst:224
+#: ../../configuration/service/pppoe-server.rst:211
msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
-#: ../../configuration/vpn/openconnect.rst:250
+#: ../../configuration/vpn/openconnect.rst:257
msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
@@ -9626,7 +8965,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c
msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
-#: ../../configuration/vpn/sstp.rst:295
+#: ../../configuration/vpn/sstp.rst:307
msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
@@ -9651,11 +8990,6 @@ msgid "One of the uses of Fair Queue might be the mitigation of Denial of Servic
msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks."
#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
@@ -9663,8 +8997,12 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgid "Only VRRP is supported. Required option."
msgstr "Only VRRP is supported. Required option."
-#: ../../configuration/firewall/general.rst:731
-#: ../../configuration/firewall/general-legacy.rst:490
+#: ../../configuration/service/https.rst:18
+msgid "Only allow certain IP addresses or prefixes to access the https webserver."
+msgstr "Only allow certain IP addresses or prefixes to access the https webserver."
+
+#: ../../configuration/firewall/ipv4.rst:459
+#: ../../configuration/firewall/ipv6.rst:466
msgid "Only in the source criteria, you can specify a mac-address."
msgstr "Only in the source criteria, you can specify a mac-address."
@@ -9672,22 +9010,7 @@ msgstr "Only in the source criteria, you can specify a mac-address."
msgid "Only one SRGB and default SPF Algorithm is supported"
msgstr "Only one SRGB and default SPF Algorithm is supported"
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
+#: ../../_include/interface-dhcp-options.txt:48
msgid "Only request an address from the DHCP server but do not request a default gateway."
msgstr "Only request an address from the DHCP server but do not request a default gateway."
@@ -9703,6 +9026,10 @@ msgstr "Only request an address from the SSTP server but do not install any defa
msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
+#: ../../configuration/interfaces/vxlan.rst:96
+msgid "Only works with a VXLAN device with external flag set."
+msgstr "Only works with a VXLAN device with external flag set."
+
#: ../../configuration/highavailability/index.rst:457
msgid "Op-mode check virtual-server status"
msgstr "Op-mode check virtual-server status"
@@ -9715,15 +9042,15 @@ msgstr "OpenConnect"
msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
-#: ../../configuration/vpn/openconnect.rst:274
+#: ../../configuration/vpn/openconnect.rst:281
msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
msgstr "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
-#: ../../configuration/vpn/openconnect.rst:267
+#: ../../configuration/vpn/openconnect.rst:274
msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
msgstr "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
-#: ../../configuration/vpn/openconnect.rst:228
+#: ../../configuration/vpn/openconnect.rst:235
msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
@@ -9778,27 +9105,34 @@ msgstr "Operating Modes"
#: ../../configuration/interfaces/virtual-ethernet.rst:55
#: ../../configuration/interfaces/wireless.rst:416
#: ../../configuration/interfaces/wwan.rst:79
-#: ../../configuration/pki/index.rst:252
-#: ../../configuration/protocols/igmp.rst:245
+#: ../../configuration/pki/index.rst:290
+#: ../../configuration/protocols/igmp-proxy.rst:73
#: ../../configuration/protocols/static.rst:183
#: ../../configuration/service/conntrack-sync.rst:103
#: ../../configuration/service/console-server.rst:76
#: ../../configuration/service/dhcp-relay.rst:124
-#: ../../configuration/service/dhcp-relay.rst:199
-#: ../../configuration/service/dns.rst:182
+#: ../../configuration/service/dhcp-relay.rst:201
+#: ../../configuration/service/dns.rst:195
#: ../../configuration/service/lldp.rst:71
+#: ../../configuration/service/mdns.rst:79
#: ../../configuration/service/ssh.rst:145
#: ../../configuration/service/webproxy.rst:330
#: ../../configuration/system/default-route.rst:25
#: ../../configuration/system/flow-accounting.rst:175
#: ../../configuration/vrf/index.rst:111
-#: ../../configuration/vrf/index.rst:321
-#: ../../configuration/vrf/index.rst:501
+#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:503
msgid "Operation"
msgstr "Operation"
-#: ../../configuration/firewall/general.rst:1307
-#: ../../configuration/firewall/general-legacy.rst:778
+#: ../../configuration/firewall/groups.rst:186
+#: ../../configuration/firewall/zone.rst:128
+msgid "Operation-mode"
+msgstr "Operation-mode"
+
+#: ../../configuration/firewall/bridge.rst:284
+#: ../../configuration/firewall/ipv4.rst:954
+#: ../../configuration/firewall/ipv6.rst:962
msgid "Operation-mode Firewall"
msgstr "Operation-mode Firewall"
@@ -9806,8 +9140,8 @@ msgstr "Operation-mode Firewall"
msgid "Operation Commands"
msgstr "Operation Commands"
-#: ../../configuration/service/dhcp-server.rst:512
-#: ../../configuration/service/dhcp-server.rst:732
+#: ../../configuration/service/dhcp-server.rst:412
+#: ../../configuration/service/dhcp-server.rst:664
#: ../../configuration/system/acceleration.rst:42
msgid "Operation Mode"
msgstr "Operation Mode"
@@ -9825,7 +9159,7 @@ msgstr "Operational Commands"
#: ../../configuration/protocols/bgp.rst:950
#: ../../configuration/protocols/mpls.rst:218
#: ../../configuration/protocols/ospf.rst:609
-#: ../../configuration/protocols/ospf.rst:1266
+#: ../../configuration/protocols/ospf.rst:1268
#: ../../configuration/protocols/rip.rst:193
msgid "Operational Mode Commands"
msgstr "Operational Mode Commands"
@@ -9843,11 +9177,11 @@ msgstr "Option"
msgid "Option 43 for UniFI"
msgstr "Option 43 for UniFI"
-#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:234
msgid "Option description"
msgstr "Option description"
-#: ../../configuration/service/dhcp-server.rst:265
+#: ../../configuration/service/dhcp-server.rst:232
msgid "Option number"
msgstr "Option number"
@@ -9886,15 +9220,19 @@ msgstr "Optional/default settings"
msgid "Optional Configuration"
msgstr "Optional Configuration"
+#: ../../configuration/protocols/pim.rst:123
+msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+
#: ../../configuration/container/index.rst:47
msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
#: ../../configuration/interfaces/openvpn.rst:631
#: ../../configuration/service/dhcp-relay.rst:53
-#: ../../configuration/service/dhcp-relay.rst:158
-#: ../../configuration/service/dhcp-server.rst:257
-#: ../../configuration/vpn/sstp.rst:219
+#: ../../configuration/service/dhcp-relay.rst:160
+#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/vpn/sstp.rst:230
msgid "Options"
msgstr "Options"
@@ -9918,11 +9256,11 @@ msgstr "Or **binary** prefixes."
msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
-#: ../../configuration/service/pppoe-server.rst:251
+#: ../../configuration/service/pppoe-server.rst:238
msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
-#: ../../configuration/nat/nat44.rst:512
+#: ../../configuration/nat/nat44.rst:532
msgid "Our configuration commands would be:"
msgstr "Our configuration commands would be:"
@@ -9962,9 +9300,14 @@ msgstr "Over UDP"
msgid "Override static-mapping's name-server with a custom one that will be sent only to this host."
msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host."
-#: ../../configuration/firewall/general.rst:11
-#: ../../configuration/firewall/general-legacy.rst:15
+#: ../../configuration/firewall/bridge.rst:13
+#: ../../configuration/firewall/flowtables.rst:13
+#: ../../configuration/firewall/global-options.rst:11
+#: ../../configuration/firewall/ipv4.rst:11
+#: ../../configuration/firewall/ipv6.rst:11
+#: ../../configuration/firewall/zone.rst:11
#: ../../configuration/nat/nat44.rst:68
+#: ../../configuration/nat/nat64.rst:18
#: ../../configuration/nat/nat66.rst:15
msgid "Overview"
msgstr "Overview"
@@ -9973,8 +9316,8 @@ msgstr "Overview"
msgid "Overview and basic concepts"
msgstr "Overview and basic concepts"
-#: ../../configuration/firewall/general.rst:1461
-#: ../../configuration/firewall/general-legacy.rst:908
+#: ../../configuration/firewall/groups.rst:190
+#: ../../configuration/firewall/ipv6.rst:1117
msgid "Overview of defined groups. You see the type, the members, and where the group is used."
msgstr "Overview of defined groups. You see the type, the members, and where the group is used."
@@ -9994,14 +9337,22 @@ msgstr "PC2 is in VRF ``blue`` which is the development department"
msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
-#: ../../configuration/interfaces/vxlan.rst:109
+#: ../../configuration/interfaces/vxlan.rst:130
msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
msgstr "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
-#: ../../configuration/interfaces/vxlan.rst:120
+#: ../../configuration/interfaces/vxlan.rst:141
msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
msgstr "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
+#: ../../configuration/protocols/pim.rst:31
+msgid "PIM-SM - PIM Sparse Mode"
+msgstr "PIM-SM - PIM Sparse Mode"
+
+#: ../../configuration/protocols/pim6.rst:5
+msgid "PIM6 - Protocol Independent Multicast for IPv6"
+msgstr "PIM6 - Protocol Independent Multicast for IPv6"
+
#: ../../configuration/protocols/igmp.rst:16
msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) must be configured in every interfa
msgid "PIM and IGMP"
msgstr "PIM and IGMP"
+#: ../../configuration/protocols/pim.rst:7
+msgid "PIM – Protocol Independent Multicast"
+msgstr "PIM – Protocol Independent Multicast"
+
#: ../../configuration/protocols/pim6.rst:9
msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10022,7 +9377,7 @@ msgstr "PKI"
msgid "PPDU"
msgstr "PPDU"
-#: ../../configuration/vpn/sstp.rst:163
+#: ../../configuration/vpn/sstp.rst:174
msgid "PPP Settings"
msgstr "PPP Settings"
@@ -10054,11 +9409,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a
msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
msgstr "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
-#: ../../configuration/vpn/sstp.rst:155
+#: ../../configuration/vpn/sstp.rst:166
msgid "Path to `<file>` pointing to the certificate authority certificate."
msgstr "Path to `<file>` pointing to the certificate authority certificate."
-#: ../../configuration/vpn/sstp.rst:159
+#: ../../configuration/vpn/sstp.rst:170
msgid "Path to `<file>` pointing to the servers certificate (public portion)."
msgstr "Path to `<file>` pointing to the servers certificate (public portion)."
@@ -10102,7 +9457,7 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and
msgid "Per default every packet is sampled (that is, the sampling rate is 1)."
msgstr "Per default every packet is sampled (that is, the sampling rate is 1)."
-#: ../../configuration/service/pppoe-server.rst:336
+#: ../../configuration/service/pppoe-server.rst:323
msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
@@ -10127,29 +9482,6 @@ msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` wi
msgstr "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted."
#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
msgid "Place interface in given VRF instance."
msgstr "Place interface in given VRF instance."
@@ -10157,6 +9489,14 @@ msgstr "Place interface in given VRF instance."
msgid "Play an audible beep to the system speaker when system is ready."
msgstr "Play an audible beep to the system speaker when system is ready."
+#: ../../configuration/firewall/index.rst:137
+msgid "Please, refer to appropiate section for more information about firewall configuration:"
+msgstr "Please, refer to appropiate section for more information about firewall configuration:"
+
+#: ../../configuration/firewall/index.rst:138
+msgid "Please, refer to appropriate section for more information about firewall configuration:"
+msgstr "Please, refer to appropriate section for more information about firewall configuration:"
+
#: ../../configuration/service/ipoe-server.rst:23
msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
@@ -10173,24 +9513,11 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec
msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
-#: ../../configuration/service/dhcp-server.rst:423
+#: ../../configuration/service/dhcp-server.rst:364
msgid "Please see the :ref:`dhcp-dns-quick-start` configuration."
msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration."
#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
msgid "Please take a look at the Contributing Guide for our :ref:`documentation`."
msgstr "Please take a look at the Contributing Guide for our :ref:`documentation`."
@@ -10230,12 +9557,11 @@ msgstr "Policy Sections"
msgid "Policy for checking targets"
msgstr "Policy for checking targets"
-#: ../../configuration/system/conntrack.rst:152
+#: ../../configuration/system/conntrack.rst:57
msgid "Policy to track previously established connections."
msgstr "Policy to track previously established connections."
-#: ../../configuration/firewall/general.rst:257
-#: ../../configuration/firewall/general-legacy.rst:215
+#: ../../configuration/firewall/groups.rst:84
msgid "Port Groups"
msgstr "Port Groups"
@@ -10245,7 +9571,7 @@ msgstr "Port Groups"
msgid "Port Mirror (SPAN)"
msgstr "Port Mirror (SPAN)"
-#: ../../configuration/vpn/sstp.rst:231
+#: ../../configuration/vpn/sstp.rst:242
msgid "Port for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Port for Dynamic Authorization Extension server (DM/CoA)"
@@ -10261,16 +9587,11 @@ msgstr "Port number used by connection, default is ``9273``"
msgid "Port number used by connection."
msgstr "Port number used by connection."
-#: ../../configuration/service/https.rst:46
+#: ../../configuration/service/https.rst:37
msgid "Port to listen for HTTPS requests; default 443"
msgstr "Port to listen for HTTPS requests; default 443"
#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
@@ -10335,7 +9656,7 @@ msgstr "Preference associated with the default router"
msgid "Prefix Conversion"
msgstr "Prefix Conversion"
-#: ../../configuration/service/dhcp-server.rst:634
+#: ../../configuration/service/dhcp-server.rst:564
msgid "Prefix Delegation"
msgstr "Prefix Delegation"
@@ -10387,11 +9708,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's
msgid "Principle of SNMP Communication"
msgstr "Principle of SNMP Communication"
-#: ../../configuration/vrf/index.rst:530
+#: ../../configuration/vrf/index.rst:532
msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination."
msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination."
-#: ../../configuration/vrf/index.rst:509
+#: ../../configuration/vrf/index.rst:511
msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
@@ -10409,25 +9730,6 @@ msgid "Priority Queue, as other non-shaping policies, is only useful if your out
msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP."
#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
@@ -10455,8 +9757,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp."
msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
-#: ../../configuration/firewall/general.rst:212
-#: ../../configuration/firewall/general-legacy.rst:188
+#: ../../configuration/firewall/groups.rst:39
msgid "Provide a IPv4 or IPv6 address group description"
msgstr "Provide a IPv4 or IPv6 address group description"
@@ -10464,39 +9765,43 @@ msgstr "Provide a IPv4 or IPv6 address group description"
msgid "Provide a IPv4 or IPv6 network group description."
msgstr "Provide a IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:515
-#: ../../configuration/firewall/general-legacy.rst:334
+#: ../../configuration/firewall/ipv4.rst:285
+#: ../../configuration/firewall/ipv6.rst:285
#: ../../configuration/policy/route.rst:30
msgid "Provide a description for each rule."
msgstr "Provide a description for each rule."
-#: ../../configuration/firewall/general.rst:314
+#: ../../configuration/firewall/flowtables.rst:75
+msgid "Provide a description to the flow table."
+msgstr "Provide a description to the flow table."
+
+#: ../../configuration/firewall/groups.rst:141
msgid "Provide a domain group description."
msgstr "Provide a domain group description."
-#: ../../configuration/firewall/general.rst:297
+#: ../../configuration/firewall/groups.rst:124
msgid "Provide a mac group description."
msgstr "Provide a mac group description."
-#: ../../configuration/firewall/general.rst:279
-#: ../../configuration/firewall/general-legacy.rst:237
+#: ../../configuration/firewall/groups.rst:106
msgid "Provide a port group description."
msgstr "Provide a port group description."
-#: ../../configuration/firewall/general-legacy.rst:281
#: ../../configuration/policy/route.rst:20
msgid "Provide a rule-set description."
msgstr "Provide a rule-set description."
-#: ../../configuration/firewall/general.rst:503
+#: ../../configuration/firewall/bridge.rst:205
+#: ../../configuration/firewall/ipv4.rst:275
+#: ../../configuration/firewall/ipv6.rst:275
msgid "Provide a rule-set description to a custom firewall chain."
msgstr "Provide a rule-set description to a custom firewall chain."
-#: ../../configuration/firewall/general.rst:236
+#: ../../configuration/firewall/groups.rst:63
msgid "Provide an IPv4 or IPv6 network group description."
msgstr "Provide an IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:254
+#: ../../configuration/firewall/groups.rst:81
msgid "Provide an interface group description"
msgstr "Provide an interface group description"
@@ -10509,7 +9814,6 @@ msgid "Provides a backbone area coherence by virtual link establishment."
msgstr "Provides a backbone area coherence by virtual link establishment."
#: ../../_include/interface-per-client-thread.txt:4
-#: ../../_include/interface-per-client-thread.txt:4
msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
@@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64"
msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64"
#: ../../configuration/system/login.rst:234
-#: ../../configuration/vpn/sstp.rst:196
+#: ../../configuration/vpn/sstp.rst:207
msgid "RADIUS"
msgstr "RADIUS"
@@ -10604,7 +9908,7 @@ msgstr "RADIUS authentication"
msgid "RADIUS bandwidth shaping attribute"
msgstr "RADIUS bandwidth shaping attribute"
-#: ../../configuration/service/pppoe-server.rst:125
+#: ../../configuration/service/pppoe-server.rst:112
msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
@@ -10624,7 +9928,7 @@ msgstr "RADIUS source address"
msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
-#: ../../configuration/service/dhcp-server.rst:289
+#: ../../configuration/service/dhcp-server.rst:256
msgid "RFC 868 time server IPv4 address"
msgstr "RFC 868 time server IPv4 address"
@@ -10740,11 +10044,11 @@ msgstr "Recommended for larger installations."
msgid "Redirect HTTP to HTTPS"
msgstr "Redirect HTTP to HTTPS"
-#: ../../configuration/nat/nat44.rst:417
+#: ../../configuration/nat/nat44.rst:431
msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
-#: ../../configuration/nat/nat44.rst:413
+#: ../../configuration/nat/nat44.rst:427
msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
@@ -10755,7 +10059,7 @@ msgstr "Redirect URL to a new location"
#: ../../configuration/protocols/babel.rst:154
#: ../../configuration/protocols/bgp.rst:557
#: ../../configuration/protocols/ospf.rst:564
-#: ../../configuration/protocols/ospf.rst:1249
+#: ../../configuration/protocols/ospf.rst:1251
#: ../../configuration/protocols/rip.rst:136
msgid "Redistribution Configuration"
msgstr "Redistribution Configuration"
@@ -10764,7 +10068,7 @@ msgstr "Redistribution Configuration"
msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
-#: ../../configuration/service/dns.rst:265
+#: ../../configuration/service/dns.rst:278
msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
@@ -10790,22 +10094,7 @@ msgstr "Regular expression to match against an AS path. For example \"64501 6450
msgid "Regular expression to match against an extended community list, where text could be:"
msgstr "Regular expression to match against an extended community list, where text could be:"
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
+#: ../../_include/interface-dhcp-options.txt:71
msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
@@ -10858,7 +10147,7 @@ msgstr "Remote ``InfluxDB`` bucket name"
msgid "Remote database name."
msgstr "Remote database name."
-#: ../../configuration/service/dhcp-server.rst:182
+#: ../../configuration/service/dhcp-server.rst:147
msgid "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
msgstr "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
@@ -10883,25 +10172,10 @@ msgid "Replay protection"
msgstr "Replay protection"
#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
msgstr "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
-#: ../../configuration/service/dhcp-relay.rst:175
+#: ../../configuration/service/dhcp-relay.rst:177
msgid "Requests are forwarded through ``eth2`` as the `upstream interface`"
msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`"
@@ -10917,11 +10191,12 @@ msgstr "Requirements"
msgid "Requirements:"
msgstr "Requirements:"
-#: ../../configuration/firewall/general.rst:1279
+#: ../../configuration/firewall/ipv4.rst:926
+#: ../../configuration/firewall/ipv6.rst:935
msgid "Requirements to enable synproxy:"
msgstr "Requirements to enable synproxy:"
-#: ../../configuration/protocols/bgp.rst:1063
+#: ../../configuration/protocols/bgp.rst:1064
#: ../../configuration/protocols/mpls.rst:248
msgid "Reset"
msgstr "Reset"
@@ -10930,11 +10205,11 @@ msgstr "Reset"
msgid "Reset OpenVPN"
msgstr "Reset OpenVPN"
-#: ../../configuration/system/ipv6.rst:176
+#: ../../configuration/system/ipv6.rst:150
msgid "Reset commands"
msgstr "Reset commands"
-#: ../../configuration/service/dns.rst:186
+#: ../../configuration/service/dns.rst:199
msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
@@ -10946,7 +10221,7 @@ msgstr "Restart"
msgid "Restart DHCP relay service"
msgstr "Restart DHCP relay service"
-#: ../../configuration/service/dhcp-relay.rst:203
+#: ../../configuration/service/dhcp-relay.rst:205
msgid "Restart DHCPv6 relay agent immediately."
msgstr "Restart DHCPv6 relay agent immediately."
@@ -10954,11 +10229,15 @@ msgstr "Restart DHCPv6 relay agent immediately."
msgid "Restart a given container"
msgstr "Restart a given container"
-#: ../../configuration/service/dhcp-server.rst:528
+#: ../../configuration/service/mdns.rst:83
+msgid "Restart mDNS repeater service."
+msgstr "Restart mDNS repeater service."
+
+#: ../../configuration/service/dhcp-server.rst:428
msgid "Restart the DHCP server"
msgstr "Restart the DHCP server"
-#: ../../configuration/protocols/igmp.rst:249
+#: ../../configuration/protocols/igmp-proxy.rst:77
msgid "Restart the IGMP proxy process."
msgstr "Restart the IGMP proxy process."
@@ -10966,7 +10245,7 @@ msgstr "Restart the IGMP proxy process."
msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
-#: ../../configuration/service/dns.rst:191
+#: ../../configuration/service/dns.rst:204
msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
@@ -11012,7 +10291,7 @@ msgstr "Route Aggregation Configuration"
msgid "Route Dampening"
msgstr "Route Dampening"
-#: ../../configuration/protocols/bgp.rst:1188
+#: ../../configuration/protocols/bgp.rst:1189
msgid "Route Filtering"
msgstr "Route Filtering"
@@ -11052,7 +10331,7 @@ msgstr "Route and Route6 Policy"
msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
-#: ../../configuration/protocols/bgp.rst:1190
+#: ../../configuration/protocols/bgp.rst:1191
msgid "Route filter can be applied using a route-map:"
msgstr "Route filter can be applied using a route-map:"
@@ -11084,11 +10363,11 @@ msgstr "Router Lifetime"
msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
-#: ../../configuration/vrf/index.rst:423
+#: ../../configuration/vrf/index.rst:425
msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
-#: ../../configuration/protocols/isis.rst:413
+#: ../../configuration/protocols/isis.rst:441
msgid "Routes on Node 2:"
msgstr "Routes on Node 2:"
@@ -11120,13 +10399,13 @@ msgstr "Routing"
msgid "Routing tables that will be used in this example are:"
msgstr "Routing tables that will be used in this example are:"
-#: ../../configuration/firewall/general-legacy.rst:270
#: ../../configuration/policy/route.rst:10
msgid "Rule-Sets"
msgstr "Rule-Sets"
-#: ../../configuration/firewall/general.rst:1310
-#: ../../configuration/firewall/general-legacy.rst:781
+#: ../../configuration/firewall/bridge.rst:287
+#: ../../configuration/firewall/ipv4.rst:957
+#: ../../configuration/firewall/ipv6.rst:965
msgid "Rule-set overview"
msgstr "Rule-set overview"
@@ -11138,6 +10417,10 @@ msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forw
msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
+#: ../../configuration/firewall/flowtables.rst:151
+msgid "Rule 110 is hit, so connection is accepted."
+msgstr "Rule 110 is hit, so connection is accepted."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:257
msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
@@ -11146,7 +10429,9 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat
msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
-#: ../../configuration/firewall/general.rst:519
+#: ../../configuration/firewall/bridge.rst:208
+#: ../../configuration/firewall/ipv4.rst:288
+#: ../../configuration/firewall/ipv6.rst:288
msgid "Rule Status"
msgstr "Rule Status"
@@ -11162,7 +10447,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba
msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
-#: ../../configuration/service/dns.rst:378
+#: ../../configuration/service/dns.rst:391
msgid "Running Behind NAT"
msgstr "Running Behind NAT"
@@ -11170,6 +10455,10 @@ msgstr "Running Behind NAT"
msgid "SNAT"
msgstr "SNAT"
+#: ../../configuration/nat/nat64.rst:26
+msgid "SNAT64"
+msgstr "SNAT64"
+
#: ../../configuration/nat/nat66.rst:23
msgid "SNAT66"
msgstr "SNAT66"
@@ -11219,8 +10508,6 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se
msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used."
#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
@@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames"
msgstr "SSID to be used in IEEE 802.11 management frames"
#: ../../configuration/vpn/openconnect.rst:24
-#: ../../configuration/vpn/sstp.rst:151
+#: ../../configuration/vpn/sstp.rst:162
msgid "SSL Certificates"
msgstr "SSL Certificates"
@@ -11306,7 +10593,7 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut
msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
-#: ../../configuration/interfaces/vxlan.rst:153
+#: ../../configuration/interfaces/vxlan.rst:174
msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below."
msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below."
@@ -11326,11 +10613,11 @@ msgstr "Script execution"
msgid "Scripting"
msgstr "Scripting"
-#: ../../configuration/nat/nat44.rst:652
+#: ../../configuration/nat/nat44.rst:676
msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
-#: ../../configuration/vpn/sstp.rst:235
+#: ../../configuration/vpn/sstp.rst:246
msgid "Secret for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)"
@@ -11343,6 +10630,10 @@ msgstr "Security"
msgid "Security/authentication messages"
msgstr "Security/authentication messages"
+#: ../../configuration/protocols/pim.rst:109
+msgid "See :rfc:`7761#section-4.1` for details."
+msgstr "See :rfc:`7761#section-4.1` for details."
+
#: ../../configuration/system/ip.rst:52
msgid "See below the different parameters available for the IPv4 **show** command:"
msgstr "See below the different parameters available for the IPv4 **show** command:"
@@ -11371,11 +10662,15 @@ msgstr "Segment routing (SR) is used by the IGP protocols to interconnect networ
msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
msgstr "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
+#: ../../configuration/service/https.rst:50
+msgid "Select TLS version used."
+msgstr "Select TLS version used."
+
#: ../../configuration/interfaces/macsec.rst:34
msgid "Select cipher suite used for cryptographic operations. This setting is mandatory."
msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory."
-#: ../../configuration/vrf/index.rst:466
+#: ../../configuration/vrf/index.rst:468
msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
@@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the
msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)."
#: ../../configuration/interfaces/openvpn.rst:325
-#: ../../configuration/vpn/sstp.rst:199
+#: ../../configuration/vpn/sstp.rst:210
msgid "Server"
msgstr "Server"
@@ -11432,7 +10727,7 @@ msgstr "Server Side"
msgid "Server configuration"
msgstr "Server configuration"
-#: ../../configuration/service/https.rst:50
+#: ../../configuration/service/https.rst:41
msgid "Server names for virtual hosts it can be exact, wildcard or regex."
msgstr "Server names for virtual hosts it can be exact, wildcard or regex."
@@ -11457,19 +10752,19 @@ msgstr "Set BGP community-list to exactly match."
msgid "Set BGP local preference attribute."
msgstr "Set BGP local preference attribute."
-#: ../../configuration/policy/route-map.rst:334
+#: ../../configuration/policy/route-map.rst:336
msgid "Set BGP origin code."
msgstr "Set BGP origin code."
-#: ../../configuration/policy/route-map.rst:339
+#: ../../configuration/policy/route-map.rst:341
msgid "Set BGP originator ID attribute."
msgstr "Set BGP originator ID attribute."
-#: ../../configuration/policy/route-map.rst:357
+#: ../../configuration/policy/route-map.rst:359
msgid "Set BGP weight attribute"
msgstr "Set BGP weight attribute"
-#: ../../configuration/nat/nat44.rst:176
+#: ../../configuration/nat/nat44.rst:188
msgid "Set DNAT rule 20 to only NAT UDP packets"
msgstr "Set DNAT rule 20 to only NAT UDP packets"
@@ -11481,19 +10776,19 @@ msgstr "Set IPSec inbound match criterias, where:"
msgid "Set IP fragment match, where:"
msgstr "Set IP fragment match, where:"
-#: ../../configuration/policy/route-map.rst:329
+#: ../../configuration/policy/route-map.rst:331
msgid "Set OSPF external metric-type."
msgstr "Set OSPF external metric-type."
-#: ../../configuration/nat/nat44.rst:175
+#: ../../configuration/nat/nat44.rst:187
msgid "Set SNAT rule 20 to only NAT TCP and UDP packets"
msgstr "Set SNAT rule 20 to only NAT TCP and UDP packets"
-#: ../../configuration/nat/nat44.rst:189
+#: ../../configuration/nat/nat44.rst:201
msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
msgstr "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
-#: ../../configuration/nat/nat44.rst:191
+#: ../../configuration/nat/nat44.rst:203
msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
@@ -11501,11 +10796,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne
msgid "Set SSL certeficate <name> for service <name>"
msgstr "Set SSL certeficate <name> for service <name>"
-#: ../../configuration/firewall/general.rst:1271
+#: ../../configuration/firewall/ipv4.rst:918
+#: ../../configuration/firewall/ipv6.rst:927
msgid "Set TCP-MSS (maximum segment size) for the connection"
msgstr "Set TCP-MSS (maximum segment size) for the connection"
-#: ../../configuration/service/dns.rst:267
+#: ../../configuration/service/dns.rst:280
msgid "Set TTL to 300 seconds"
msgstr "Set TTL to 300 seconds"
@@ -11517,51 +10813,31 @@ msgstr "Set Virtual Tunnel Interface"
msgid "Set a container description"
msgstr "Set a container description"
-#: ../../configuration/system/conntrack.rst:114
+#: ../../configuration/system/conntrack.rst:113
+msgid "Set a destination and/or source address. Accepted input for ipv4:"
+msgstr "Set a destination and/or source address. Accepted input for ipv4:"
+
+#: ../../configuration/system/conntrack.rst:142
msgid "Set a destination and/or source port. Accepted input:"
msgstr "Set a destination and/or source port. Accepted input:"
#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
-#: ../../configuration/system/login.rst:385
+#: ../../configuration/system/login.rst:387
msgid "Set a limit on the maximum number of concurrent logged-in users on the system."
msgstr "Set a limit on the maximum number of concurrent logged-in users on the system."
-#: ../../configuration/firewall/zone.rst:79
+#: ../../configuration/firewall/zone.rst:98
msgid "Set a meaningful description."
msgstr "Set a meaningful description."
-#: ../../configuration/service/https.rst:18
+#: ../../configuration/service/https.rst:63
msgid "Set a named api key. Every key has the same, full permissions on the system."
msgstr "Set a named api key. Every key has the same, full permissions on the system."
-#: ../../configuration/system/conntrack.rst:92
+#: ../../configuration/system/conntrack.rst:106
msgid "Set a rule description."
msgstr "Set a rule description."
@@ -11693,7 +10969,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa
msgid "Set inbound interface to match."
msgstr "Set inbound interface to match."
-#: ../../configuration/firewall/zone.rst:65
+#: ../../configuration/firewall/zone.rst:84
msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
@@ -11737,7 +11013,7 @@ msgstr "Set maximum `<size>` of DHCP packets including relay agent information.
msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
msgstr "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
-#: ../../configuration/service/dhcp-relay.rst:162
+#: ../../configuration/service/dhcp-relay.rst:164
msgid "Set maximum hop count before packets are discarded, default: 10"
msgstr "Set maximum hop count before packets are discarded, default: 10"
@@ -11779,7 +11055,7 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP
msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
-#: ../../configuration/policy/route-map.rst:348
+#: ../../configuration/policy/route-map.rst:350
msgid "Set prefixes to table."
msgstr "Set prefixes to table."
@@ -11820,7 +11096,7 @@ msgstr "Set some metric to routes learned from a particular neighbor."
msgid "Set source-address to your local IP (LAN)."
msgstr "Set source-address to your local IP (LAN)."
-#: ../../configuration/policy/route-map.rst:344
+#: ../../configuration/policy/route-map.rst:346
msgid "Set source IP/IPv6 address for route."
msgstr "Set source IP/IPv6 address for route."
@@ -11829,7 +11105,7 @@ msgstr "Set source IP/IPv6 address for route."
msgid "Set source address or prefix to match."
msgstr "Set source address or prefix to match."
-#: ../../configuration/policy/route-map.rst:352
+#: ../../configuration/policy/route-map.rst:354
msgid "Set tag value for routing protocol."
msgstr "Set tag value for routing protocol."
@@ -11850,8 +11126,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel."
msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
-#: ../../configuration/firewall/general.rst:162
-#: ../../configuration/firewall/general-legacy.rst:112
+#: ../../configuration/firewall/global-options.rst:99
msgid "Set the IPv4 source validation mode. The following system parameter will be altered:"
msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:"
@@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2."
msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
msgstr "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
+#: ../../configuration/protocols/pim.rst:153
+msgid "Set the PIM hello and hold interval for a interface."
+msgstr "Set the PIM hello and hold interval for a interface."
+
#: ../../configuration/protocols/segment-routing.rst:56
#: ../../configuration/protocols/segment-routing.rst:134
msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535."
@@ -11896,6 +11175,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to
msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
+#: ../../configuration/protocols/pim.rst:147
+msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+
#: ../../configuration/interfaces/pppoe.rst:148
msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
@@ -11920,22 +11203,7 @@ msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instan
msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
+#: ../../_include/interface-dhcp-options.txt:60
msgid "Set the distance for the default gateway sent by the DHCP server."
msgstr "Set the distance for the default gateway sent by the DHCP server."
@@ -11951,15 +11219,15 @@ msgstr "Set the distance for the default gateway sent by the SSTP server."
msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
-#: ../../configuration/firewall/general-legacy.rst:136
+#: ../../configuration/firewall/global-options.rst:127
msgid "Set the global setting for an established connection."
msgstr "Set the global setting for an established connection."
-#: ../../configuration/firewall/general-legacy.rst:142
+#: ../../configuration/firewall/global-options.rst:137
msgid "Set the global setting for invalid packets."
msgstr "Set the global setting for invalid packets."
-#: ../../configuration/firewall/general-legacy.rst:148
+#: ../../configuration/firewall/global-options.rst:147
msgid "Set the global setting for related connections."
msgstr "Set the global setting for related connections."
@@ -11975,7 +11243,7 @@ msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...25
msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
-#: ../../configuration/system/conntrack.rst:147
+#: ../../configuration/system/conntrack.rst:52
msgid "Set the maximum number of TCP half-open connections."
msgstr "Set the maximum number of TCP half-open connections."
@@ -11995,7 +11263,7 @@ msgstr "Set the native VLAN ID flag of the interface. When a data packet without
msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value"
msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value"
-#: ../../configuration/system/conntrack.rst:157
+#: ../../configuration/system/conntrack.rst:62
msgid "Set the number of TCP maximum retransmit attempts."
msgstr "Set the number of TCP maximum retransmit attempts."
@@ -12027,6 +11295,10 @@ msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the
msgid "Set the restart behavior of the container."
msgstr "Set the restart behavior of the container."
+#: ../../configuration/policy/route-map.rst:323
+msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+
#: ../../configuration/policy/route.rst:269
msgid "Set the routing table to forward packet with."
msgstr "Set the routing table to forward packet with."
@@ -12043,11 +11315,11 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes
msgid "Set the source IP of forwarded packets, otherwise original senders address is used."
msgstr "Set the source IP of forwarded packets, otherwise original senders address is used."
-#: ../../configuration/system/conntrack.rst:83
+#: ../../configuration/system/conntrack.rst:97
msgid "Set the timeout in secounds for a protocol or state."
msgstr "Set the timeout in secounds for a protocol or state."
-#: ../../configuration/system/conntrack.rst:141
+#: ../../configuration/system/conntrack.rst:175
msgid "Set the timeout in secounds for a protocol or state in a custom rule."
msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
@@ -12056,7 +11328,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
-#: ../../configuration/firewall/general.rst:1275
+#: ../../configuration/firewall/ipv4.rst:922
+#: ../../configuration/firewall/ipv6.rst:931
msgid "Set the window scale factor for TCP window scaling"
msgstr "Set the window scale factor for TCP window scaling"
@@ -12068,7 +11341,7 @@ msgstr "Set window of concurrently valid codes."
msgid "Sets the image name in the hub registry"
msgstr "Sets the image name in the hub registry"
-#: ../../configuration/interfaces/vxlan.rst:299
+#: ../../configuration/interfaces/vxlan.rst:320
msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
msgstr "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
@@ -12076,7 +11349,7 @@ msgstr "Sets the interface to listen for multicast packets on. Could be a loopba
msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
msgstr "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
-#: ../../configuration/interfaces/vxlan.rst:306
+#: ../../configuration/interfaces/vxlan.rst:327
msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
@@ -12084,7 +11357,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates
msgid "Setting VRRP group priority"
msgstr "Setting VRRP group priority"
-#: ../../configuration/service/dhcp-server.rst:264
+#: ../../configuration/service/dhcp-server.rst:231
msgid "Setting name"
msgstr "Setting name"
@@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:"
msgid "Setting up tunnel:"
msgstr "Setting up tunnel:"
-#: ../../configuration/service/dhcp-server.rst:432
+#: ../../configuration/service/dhcp-server.rst:373
msgid "Setup DHCP failover for network 192.0.2.0/24"
msgstr "Setup DHCP failover for network 192.0.2.0/24"
@@ -12132,7 +11405,7 @@ msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server."
msgid "Setup the `<timeout>` in seconds when querying the TACACS server."
msgstr "Setup the `<timeout>` in seconds when querying the TACACS server."
-#: ../../configuration/service/dns.rst:314
+#: ../../configuration/service/dns.rst:327
msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
@@ -12172,7 +11445,7 @@ msgstr "Short GI capabilities for 20 and 40 MHz"
msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
-#: ../../configuration/vrf/index.rst:486
+#: ../../configuration/vrf/index.rst:488
msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
@@ -12181,16 +11454,17 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the
msgid "Show"
msgstr "Show"
-#: ../../configuration/service/dhcp-server.rst:516
+#: ../../configuration/service/dhcp-server.rst:416
msgid "Show DHCP server daemon log file"
msgstr "Show DHCP server daemon log file"
-#: ../../configuration/service/dhcp-server.rst:736
+#: ../../configuration/service/dhcp-server.rst:668
msgid "Show DHCPv6 server daemon log file"
msgstr "Show DHCPv6 server daemon log file"
-#: ../../configuration/firewall/general.rst:1482
-#: ../../configuration/firewall/general-legacy.rst:965
+#: ../../configuration/firewall/bridge.rst:306
+#: ../../configuration/firewall/ipv4.rst:1115
+#: ../../configuration/firewall/ipv6.rst:1138
msgid "Show Firewall log"
msgstr "Show Firewall log"
@@ -12198,6 +11472,22 @@ msgstr "Show Firewall log"
msgid "Show LLDP neighbors connected via interface `<interface>`."
msgstr "Show LLDP neighbors connected via interface `<interface>`."
+#: ../../configuration/service/ssh.rst:232
+msgid "Show SSH dynamic-protection log."
+msgstr "Show SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:224
+msgid "Show SSH server log."
+msgstr "Show SSH server log."
+
+#: ../../configuration/service/ssh.rst:248
+msgid "Show SSH server public key fingerprints, including a visual ASCII art representation."
+msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation."
+
+#: ../../configuration/service/ssh.rst:244
+msgid "Show SSH server public key fingerprints."
+msgstr "Show SSH server public key fingerprints."
+
#: ../../configuration/loadbalancing/wan.rst:271
msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
msgstr "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
@@ -12242,15 +11532,15 @@ msgstr "Show WWAN module signal strength."
msgid "Show a list available container networks"
msgstr "Show a list available container networks"
-#: ../../configuration/pki/index.rst:259
+#: ../../configuration/pki/index.rst:297
msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
-#: ../../configuration/pki/index.rst:294
+#: ../../configuration/pki/index.rst:332
msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
-#: ../../configuration/pki/index.rst:277
+#: ../../configuration/pki/index.rst:315
msgid "Show a list of installed certificates"
msgstr "Show a list of installed certificates"
@@ -12356,44 +11646,52 @@ msgstr "Show info about the Wireguard service. It also shows the latest handshak
msgid "Show information about physical `<interface>`"
msgstr "Show information about physical `<interface>`"
+#: ../../configuration/service/ssh.rst:240
+msgid "Show list of IPs currently blocked by SSH dynamic-protection."
+msgstr "Show list of IPs currently blocked by SSH dynamic-protection."
+
+#: ../../configuration/service/mdns.rst:87
+msgid "Show logs for mDNS repeater service."
+msgstr "Show logs for mDNS repeater service."
+
#: ../../configuration/container/index.rst:159
msgid "Show logs from a given container"
msgstr "Show logs from a given container"
-#: ../../configuration/service/dhcp-server.rst:520
+#: ../../configuration/service/dhcp-server.rst:420
msgid "Show logs from all DHCP client processes."
msgstr "Show logs from all DHCP client processes."
-#: ../../configuration/service/dhcp-server.rst:740
+#: ../../configuration/service/dhcp-server.rst:672
msgid "Show logs from all DHCPv6 client processes."
msgstr "Show logs from all DHCPv6 client processes."
-#: ../../configuration/service/dhcp-server.rst:524
+#: ../../configuration/service/dhcp-server.rst:424
msgid "Show logs from specific `interface` DHCP client process."
msgstr "Show logs from specific `interface` DHCP client process."
-#: ../../configuration/service/dhcp-server.rst:744
+#: ../../configuration/service/dhcp-server.rst:676
msgid "Show logs from specific `interface` DHCPv6 client process."
msgstr "Show logs from specific `interface` DHCPv6 client process."
-#: ../../configuration/pki/index.rst:273
+#: ../../configuration/pki/index.rst:311
msgid "Show only information for specified Certificate Authority."
msgstr "Show only information for specified Certificate Authority."
-#: ../../configuration/pki/index.rst:290
+#: ../../configuration/pki/index.rst:328
msgid "Show only information for specified certificate."
msgstr "Show only information for specified certificate."
-#: ../../configuration/service/dhcp-server.rst:562
-#: ../../configuration/service/dhcp-server.rst:767
+#: ../../configuration/service/dhcp-server.rst:478
+#: ../../configuration/service/dhcp-server.rst:699
msgid "Show only leases in the specified pool."
msgstr "Show only leases in the specified pool."
-#: ../../configuration/service/dhcp-server.rst:776
+#: ../../configuration/service/dhcp-server.rst:708
msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
-#: ../../configuration/service/dhcp-server.rst:571
+#: ../../configuration/service/dhcp-server.rst:496
msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
@@ -12405,19 +11703,23 @@ msgstr "Show routing table entry for the default route."
msgid "Show specific MACsec interface information"
msgstr "Show specific MACsec interface information"
-#: ../../configuration/vpn/site2site_ipsec.rst:217
+#: ../../configuration/vpn/site2site_ipsec.rst:221
msgid "Show status of new setup:"
msgstr "Show status of new setup:"
-#: ../../configuration/service/dhcp-server.rst:547
+#: ../../configuration/service/dhcp-server.rst:447
msgid "Show statuses of all active leases:"
msgstr "Show statuses of all active leases:"
-#: ../../configuration/service/dhcp-server.rst:532
+#: ../../configuration/service/dhcp-server.rst:465
+msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+
+#: ../../configuration/service/dhcp-server.rst:432
msgid "Show the DHCP server statistics:"
msgstr "Show the DHCP server statistics:"
-#: ../../configuration/service/dhcp-server.rst:543
+#: ../../configuration/service/dhcp-server.rst:443
msgid "Show the DHCP server statistics for the specified pool."
msgstr "Show the DHCP server statistics for the specified pool."
@@ -12437,11 +11739,22 @@ msgstr "Show the list of all active containers."
msgid "Show the local container images."
msgstr "Show the local container images."
-#: ../../configuration/firewall/general.rst:1486
#: ../../configuration/firewall/general-legacy.rst:969
msgid "Show the logs of a specific Rule-Set."
msgstr "Show the logs of a specific Rule-Set."
+#: ../../configuration/firewall/bridge.rst:316
+msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv4.rst:1125
+msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv6.rst:1148
+msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
#: ../../configuration/protocols/failover.rst:75
#: ../../configuration/protocols/failover.rst:101
msgid "Show the route"
@@ -12455,7 +11768,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP"
msgid "Showing BFD monitored static routes"
msgstr "Showing BFD monitored static routes"
-#: ../../configuration/service/dhcp-server.rst:752
+#: ../../configuration/service/dhcp-server.rst:684
msgid "Shows status of all assigned leases:"
msgstr "Shows status of all assigned leases:"
@@ -12483,7 +11796,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)"
msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
-#: ../../configuration/vpn/site2site_ipsec.rst:418
+#: ../../configuration/vpn/site2site_ipsec.rst:427
msgid "Similar combinations are applicable for the dead-peer-detection."
msgstr "Similar combinations are applicable for the dead-peer-detection."
@@ -12519,7 +11832,11 @@ msgstr "Since the RADIUS server would be a single point of failure, multiple RAD
msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
-#: ../../configuration/interfaces/vxlan.rst:136
+#: ../../configuration/service/mdns.rst:14
+msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+
+#: ../../configuration/interfaces/vxlan.rst:157
msgid "Single VXLAN device (SVD)"
msgstr "Single VXLAN device (SVD)"
@@ -12540,6 +11857,10 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor
msgid "Site to Site VPN"
msgstr "Site to Site VPN"
+#: ../../configuration/pki/index.rst:275
+msgid "Size of the RSA key."
+msgstr "Size of the RSA key."
+
#: ../../configuration/interfaces/bonding.rst:47
msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
@@ -12548,27 +11869,15 @@ msgstr "Slave selection for outgoing traffic is done according to the transmit h
msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
+#: ../../configuration/nat/nat44.rst:579
+msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+
#: ../../configuration/service/snmp.rst:245
msgid "SolarWinds"
msgstr "SolarWinds"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
@@ -12580,15 +11889,18 @@ msgstr "Some IT environments require the use of a proxy to connect to the Intern
msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
-#: ../../configuration/nat/nat44.rst:626
+#: ../../configuration/nat/nat44.rst:650
msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
-#: ../../configuration/firewall/general.rst:86
#: ../../configuration/firewall/general-legacy.rst:38
msgid "Some firewall settings are global and have an affect on the whole system."
msgstr "Some firewall settings are global and have an affect on the whole system."
+#: ../../configuration/firewall/global-options.rst:13
+msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+
#: ../../configuration/trafficpolicy/index.rst:327
msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
@@ -12621,15 +11933,15 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their
msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
-#: ../../configuration/service/dhcp-server.rst:771
+#: ../../configuration/service/dhcp-server.rst:703
msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
-#: ../../configuration/service/dhcp-server.rst:566
+#: ../../configuration/service/dhcp-server.rst:491
msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
-#: ../../configuration/nat/nat44.rst:226
+#: ../../configuration/nat/nat44.rst:238
msgid "Source Address"
msgstr "Source Address"
@@ -12637,7 +11949,7 @@ msgstr "Source Address"
msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
-#: ../../configuration/vpn/sstp.rst:257
+#: ../../configuration/vpn/sstp.rst:268
msgid "Source IPv4 address used in all RADIUS server queires."
msgstr "Source IPv4 address used in all RADIUS server queires."
@@ -12662,6 +11974,10 @@ msgid "Source protocol to match."
msgstr "Source protocol to match."
#: ../../configuration/vpn/ipsec.rst:225
+msgid "Source tunnel from dummy interface"
+msgstr "Source tunnel from dummy interface"
+
+#: ../../configuration/vpn/ipsec.rst:225
msgid "Source tunnel from loopbacks"
msgstr "Source tunnel from loopbacks"
@@ -12685,15 +12001,15 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings"
msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
-#: ../../configuration/vpn/sstp.rst:227
+#: ../../configuration/vpn/sstp.rst:238
msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
-#: ../../configuration/vpn/sstp.rst:183
+#: ../../configuration/vpn/sstp.rst:194
msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
-#: ../../configuration/vrf/index.rst:475
+#: ../../configuration/vrf/index.rst:477
msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
@@ -12705,6 +12021,10 @@ msgstr "Specifies an upstream network `<interface>` from which replies from `<se
msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
+#: ../../configuration/interfaces/vxlan.rst:89
+msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+
#: ../../configuration/interfaces/bonding.rst:40
msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
@@ -12737,7 +12057,7 @@ msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algori
msgid "Specifies the base DN under which the users are located."
msgstr "Specifies the base DN under which the users are located."
-#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:239
msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
@@ -12774,31 +12094,35 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4
msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
-#: ../../configuration/vrf/index.rst:450
+#: ../../configuration/vrf/index.rst:452
msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
-#: ../../configuration/vrf/index.rst:443
+#: ../../configuration/vrf/index.rst:445
msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
-#: ../../configuration/vpn/sstp.rst:270
+#: ../../configuration/vpn/sstp.rst:281
msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
-#: ../../configuration/vpn/sstp.rst:177
+#: ../../configuration/vpn/sstp.rst:188
msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
-#: ../../configuration/interfaces/vxlan.rst:72
+#: ../../configuration/interfaces/vxlan.rst:77
msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
+#: ../../configuration/interfaces/vxlan.rst:94
+msgid "Specifies whether the VXLAN device is capable of vni filtering."
+msgstr "Specifies whether the VXLAN device is capable of vni filtering."
+
#: ../../configuration/protocols/ospf.rst:268
msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
-#: ../../configuration/vpn/sstp.rst:261
+#: ../../configuration/vpn/sstp.rst:272
msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
@@ -12806,23 +12130,27 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat
msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
-#: ../../configuration/firewall/general.rst:663
-#: ../../configuration/firewall/general-legacy.rst:455
+#: ../../configuration/firewall/ipv4.rst:401
+#: ../../configuration/firewall/ipv6.rst:408
msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
-#: ../../configuration/service/dhcp-server.rst:620
+#: ../../configuration/service/dhcp-server.rst:550
msgid "Specify a NIS+ server address for DHCPv6 clients."
msgstr "Specify a NIS+ server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:615
+#: ../../configuration/service/dhcp-server.rst:545
msgid "Specify a NIS server address for DHCPv6 clients."
msgstr "Specify a NIS server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:625
+#: ../../configuration/service/dhcp-server.rst:555
msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
+#: ../../configuration/protocols/pim.rst:129
+msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+
#: ../../configuration/system/task-scheduler.rst:33
msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed."
msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed."
@@ -12870,42 +12198,10 @@ msgid "Specify the LDAP server to connect to."
msgstr "Specify the LDAP server to connect to."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
@@ -12929,7 +12225,7 @@ msgstr "Specify the systems `<timezone>` as the Region/Location that best define
msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
msgstr "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
-#: ../../configuration/service/dns.rst:256
+#: ../../configuration/service/dns.rst:269
msgid "Specify timeout / update interval to check if IP address changed."
msgstr "Specify timeout / update interval to check if IP address changed."
@@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed."
msgid "Specify timeout interval for keepalive message in seconds."
msgstr "Specify timeout interval for keepalive message in seconds."
-#: ../../configuration/interfaces/vxlan.rst:170
+#: ../../configuration/interfaces/vxlan.rst:191
msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
@@ -12953,7 +12249,11 @@ msgstr "Spoke"
msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
-#: ../../configuration/nat/nat44.rst:791
+#: ../../configuration/service/https.rst:56
+msgid "Start Webserver in given VRF."
+msgstr "Start Webserver in given VRF."
+
+#: ../../configuration/nat/nat44.rst:813
msgid "Start by checking for IPSec SAs (Security Associations) with:"
msgstr "Start by checking for IPSec SAs (Security Associations) with:"
@@ -12961,6 +12261,10 @@ msgstr "Start by checking for IPSec SAs (Security Associations) with:"
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
+#: ../../configuration/firewall/zone.rst:13
+msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+
#: ../../configuration/firewall/index.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
@@ -12981,7 +12285,7 @@ msgstr "Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functiona
msgid "Static"
msgstr "Static"
-#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/service/dhcp-server.rst:189
msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
msgstr "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
@@ -13009,13 +12313,13 @@ msgstr "Static Routing or other dynamic routing protocols can be used over the v
msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
-#: ../../configuration/service/dhcp-server.rst:209
-#: ../../configuration/service/dhcp-server.rst:689
+#: ../../configuration/service/dhcp-server.rst:174
+#: ../../configuration/service/dhcp-server.rst:621
msgid "Static mappings"
msgstr "Static mappings"
-#: ../../configuration/service/dhcp-server.rst:557
-#: ../../configuration/service/dhcp-server.rst:762
+#: ../../configuration/service/dhcp-server.rst:460
+#: ../../configuration/service/dhcp-server.rst:694
msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
@@ -13059,6 +12363,10 @@ msgstr "Supported Modules"
msgid "Supported channel width set."
msgstr "Supported channel width set."
+#: ../../configuration/system/frr.rst:30
+msgid "Supported daemons:"
+msgstr "Supported daemons:"
+
#: ../../configuration/service/router-advert.rst:11
msgid "Supported interface types:"
msgstr "Supported interface types:"
@@ -13096,15 +12404,18 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect
msgid "Sync groups"
msgstr "Sync groups"
-#: ../../configuration/firewall/general.rst:1264
+#: ../../configuration/firewall/ipv4.rst:911
+#: ../../configuration/firewall/ipv6.rst:920
msgid "Synproxy"
msgstr "Synproxy"
-#: ../../configuration/firewall/general.rst:1265
+#: ../../configuration/firewall/ipv4.rst:912
+#: ../../configuration/firewall/ipv6.rst:921
msgid "Synproxy connections"
msgstr "Synproxy connections"
-#: ../../configuration/firewall/general.rst:1282
+#: ../../configuration/firewall/ipv4.rst:929
+#: ../../configuration/firewall/ipv6.rst:938
msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
@@ -13177,7 +12488,7 @@ msgstr "System is unusable - a panic condition"
msgid "TACACS+"
msgstr "TACACS+"
-#: ../../configuration/system/login.rst:416
+#: ../../configuration/system/login.rst:418
msgid "TACACS Example"
msgstr "TACACS Example"
@@ -13226,6 +12537,14 @@ msgstr "Telegraf output plugin prometheus-client_"
msgid "Telegraf output plugin splunk_. HTTP Event Collector."
msgstr "Telegraf output plugin splunk_. HTTP Event Collector."
+#: ../../configuration/protocols/pim.rst:157
+msgid "Tell PIM that we would not like to use this interface to process bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process bootstrap messages."
+
+#: ../../configuration/protocols/pim.rst:162
+msgid "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+
#: ../../configuration/service/router-advert.rst:1
msgid "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
@@ -13234,7 +12553,7 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a
msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
-#: ../../configuration/vpn/sstp.rst:216
+#: ../../configuration/vpn/sstp.rst:227
msgid "Temporary disable this RADIUS server."
msgstr "Temporary disable this RADIUS server."
@@ -13266,15 +12585,19 @@ msgstr "Test disconnecting given connection-oriented interface. `<interface>` ca
msgid "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
msgstr "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
-#: ../../configuration/vpn/sstp.rst:293
+#: ../../configuration/nat/nat64.rst:70
+msgid "Test from the IPv6 only client:"
+msgstr "Test from the IPv6 only client:"
+
+#: ../../configuration/vpn/sstp.rst:305
msgid "Testing SSTP"
msgstr "Testing SSTP"
-#: ../../configuration/nat/nat44.rst:786
+#: ../../configuration/nat/nat44.rst:808
msgid "Testing and Validation"
msgstr "Testing and Validation"
-#: ../../configuration/interfaces/vxlan.rst:125
+#: ../../configuration/interfaces/vxlan.rst:146
msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
@@ -13282,7 +12605,7 @@ msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 wil
msgid "That is how it is possible to do the so-called \"ingress shaping\"."
msgstr "That is how it is possible to do the so-called \"ingress shaping\"."
-#: ../../configuration/nat/nat44.rst:806
+#: ../../configuration/nat/nat44.rst:828
msgid "That looks good - we defined 2 tunnels and they're both up and running."
msgstr "That looks good - we defined 2 tunnels and they're both up and running."
@@ -13290,7 +12613,7 @@ msgstr "That looks good - we defined 2 tunnels and they're both up and running."
msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
-#: ../../configuration/nat/nat44.rst:724
+#: ../../configuration/nat/nat44.rst:746
msgid "The ASP has documented their IPSec requirements:"
msgstr "The ASP has documented their IPSec requirements:"
@@ -13307,21 +12630,6 @@ msgid "The CLNS address consists of the following parts:"
msgstr "The CLNS address consists of the following parts:"
#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
@@ -13341,7 +12649,7 @@ msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tr
msgid "The HTTP service listen on TCP port 80."
msgstr "The HTTP service listen on TCP port 80."
-#: ../../configuration/nat/nat44.rst:505
+#: ../../configuration/nat/nat44.rst:525
msgid "The IP address of the internal system we wish to forward traffic to."
msgstr "The IP address of the internal system we wish to forward traffic to."
@@ -13365,7 +12673,7 @@ msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which
msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
-#: ../../configuration/vpn/openconnect.rst:287
+#: ../../configuration/vpn/openconnect.rst:294
msgid "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
msgstr "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
@@ -13393,18 +12701,22 @@ msgstr "The VXLAN specification was originally created by VMware, Arista Network
msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
-#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:173
msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
-#: ../../configuration/service/dns.rst:158
+#: ../../configuration/service/dns.rst:171
msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
-#: ../../configuration/service/dns.rst:162
+#: ../../configuration/service/dns.rst:175
msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
+#: ../../configuration/pki/index.rst:254
+msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+
#: ../../configuration/container/index.rst:7
msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
@@ -13466,14 +12778,19 @@ msgstr "The ``source-address`` must be configured on one of VyOS interface. Best
msgid "The `show bridge` operational command can be used to display configured bridges:"
msgstr "The `show bridge` operational command can be used to display configured bridges:"
-#: ../../configuration/vpn/openconnect.rst:246
+#: ../../configuration/vpn/openconnect.rst:253
msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
-#: ../../configuration/firewall/general.rst:332
+#: ../../configuration/firewall/ipv4.rst:86
+#: ../../configuration/firewall/ipv6.rst:86
msgid "The action can be :"
msgstr "The action can be :"
+#: ../../configuration/pki/index.rst:271
+msgid "The address the server listens to during http-01 challenge"
+msgstr "The address the server listens to during http-01 challenge"
+
#: ../../configuration/protocols/bgp.rst:775
msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
msgstr "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
@@ -13483,25 +12800,6 @@ msgid "The allocated address block is 100.64.0.0/10."
msgstr "The allocated address block is 100.64.0.0/10."
#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
msgid "The amount of Duplicate Address Detection probes to send."
msgstr "The amount of Duplicate Address Detection probes to send."
@@ -13525,7 +12823,7 @@ msgstr "The bonding interface provides a method for aggregating multiple network
msgid "The case of ingress shaping"
msgstr "The case of ingress shaping"
-#: ../../configuration/service/pppoe-server.rst:398
+#: ../../configuration/service/pppoe-server.rst:385
msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
@@ -13541,7 +12839,7 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then
msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
-#: ../../configuration/service/pppoe-server.rst:244
+#: ../../configuration/service/pppoe-server.rst:231
msgid "The command below enables it, assuming the RADIUS connection has been setup and is working."
msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working."
@@ -13557,9 +12855,9 @@ msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote syst
msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
-#: ../../configuration/service/dhcp-server.rst:244
-#: ../../configuration/service/dhcp-server.rst:670
-#: ../../configuration/service/dhcp-server.rst:712
+#: ../../configuration/service/dhcp-server.rst:210
+#: ../../configuration/service/dhcp-server.rst:601
+#: ../../configuration/service/dhcp-server.rst:644
msgid "The configuration will look as follows:"
msgstr "The configuration will look as follows:"
@@ -13579,7 +12877,7 @@ msgstr "The connection tracking expect table contains one entry for each expecte
msgid "The connection tracking table contains one entry for each connection being tracked by the system."
msgstr "The connection tracking table contains one entry for each connection being tracked by the system."
-#: ../../configuration/service/pppoe-server.rst:238
+#: ../../configuration/service/pppoe-server.rst:225
msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
@@ -13607,30 +12905,18 @@ msgstr "The default hostname used is `vyos`."
msgid "The default is 1492."
msgstr "The default is 1492."
-#: ../../configuration/service/dhcp-server.rst:596
+#: ../../configuration/service/dhcp-server.rst:526
msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
msgstr "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
-#: ../../configuration/interfaces/vxlan.rst:336
+#: ../../configuration/interfaces/vxlan.rst:357
msgid "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
msgstr "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
+#: ../../configuration/protocols/pim.rst:52
+msgid "The default time is 60 seconds."
+msgstr "The default time is 60 seconds."
+
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
msgid "The default value corresponds to 64."
msgstr "The default value corresponds to 64."
@@ -13643,7 +12929,15 @@ msgstr "The default value is 0. This will cause the carrier to be asserted (for
msgid "The default value is 300 seconds."
msgstr "The default value is 300 seconds."
-#: ../../configuration/service/dhcp-server.rst:113
+#: ../../configuration/protocols/pim.rst:214
+msgid "The default value is 3."
+msgstr "The default value is 3."
+
+#: ../../configuration/protocols/pim.rst:68
+msgid "The default value is 3 packets."
+msgstr "The default value is 3 packets."
+
+#: ../../configuration/service/dhcp-server.rst:99
msgid "The default value is 86400 seconds which corresponds to one day."
msgstr "The default value is 86400 seconds which corresponds to one day."
@@ -13655,25 +12949,29 @@ msgstr "The default value is slow."
msgid "The default values for the minimum-threshold depend on IP precedence:"
msgstr "The default values for the minimum-threshold depend on IP precedence:"
-#: ../../configuration/interfaces/vxlan.rst:313
+#: ../../configuration/interfaces/vxlan.rst:334
msgid "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
msgstr "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
-#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/interfaces/vxlan.rst:98
+msgid "The device can only receive packets with VNIs configured in the VNI filtering table."
+msgstr "The device can only receive packets with VNIs configured in the VNI filtering table."
+
+#: ../../configuration/service/dhcp-server.rst:165
msgid "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
msgstr "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
-#: ../../configuration/service/dhcp-server.rst:36
-#: ../../configuration/service/dhcp-server.rst:138
+#: ../../configuration/service/dhcp-server.rst:31
+#: ../../configuration/service/dhcp-server.rst:124
msgid "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
msgstr "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
-#: ../../configuration/service/dhcp-server.rst:45
-#: ../../configuration/service/dhcp-server.rst:145
+#: ../../configuration/service/dhcp-server.rst:40
+#: ../../configuration/service/dhcp-server.rst:131
msgid "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
msgstr "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
-#: ../../configuration/nat/nat44.rst:694
+#: ../../configuration/nat/nat44.rst:718
msgid "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
msgstr "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
@@ -13689,11 +12987,11 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co
msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
-#: ../../configuration/service/pppoe-server.rst:382
+#: ../../configuration/service/pppoe-server.rst:369
msgid "The example below covers a dual-stack configuration via pppoe-server."
msgstr "The example below covers a dual-stack configuration via pppoe-server."
-#: ../../configuration/service/pppoe-server.rst:361
+#: ../../configuration/service/pppoe-server.rst:348
msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
@@ -13705,7 +13003,7 @@ msgstr "The example configuration below will assign an IP to the client on the i
msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
-#: ../../configuration/nat/nat44.rst:319
+#: ../../configuration/nat/nat44.rst:331
msgid "The external IP address to translate to"
msgstr "The external IP address to translate to"
@@ -13730,23 +13028,18 @@ msgid "The first and arguably cleaner option is to make your IPsec policy match
msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses."
#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
msgid "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
msgstr "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
+#: ../../configuration/protocols/pim.rst:93
+msgid "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+msgstr "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+
#: ../../configuration/vpn/dmvpn.rst:63
msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
-#: ../../configuration/vpn/sstp.rst:299
+#: ../../configuration/vpn/sstp.rst:311
msgid "The following PPP configuration tests MSCHAP-v2:"
msgstr "The following PPP configuration tests MSCHAP-v2:"
@@ -13810,6 +13103,10 @@ msgstr "The following example topology was built using EVE-NG."
msgid "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
msgstr "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
+#: ../../configuration/nat/nat64.rst:40
+msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+
#: ../../configuration/interfaces/wwan.rst:309
msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
@@ -13839,7 +13136,7 @@ msgid "The forwarding delay time is the time spent in each of the listening and
msgstr "The forwarding delay time is the time spent in each of the listening and learning states before the Forwarding state is entered. This delay is so that when a new bridge comes onto a busy network it looks at some traffic before participating."
#: ../../configuration/service/dhcp-relay.rst:98
-#: ../../configuration/service/dhcp-relay.rst:184
+#: ../../configuration/service/dhcp-relay.rst:186
msgid "The generated configuration will look like:"
msgstr "The generated configuration will look like:"
@@ -13871,7 +13168,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w
msgid "The hostname or IP address of the master"
msgstr "The hostname or IP address of the master"
-#: ../../configuration/service/dhcp-server.rst:700
+#: ../../configuration/service/dhcp-server.rst:632
msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
@@ -13880,12 +13177,10 @@ msgid "The individual spoke configurations only differ in the local IP address o
msgstr "The individual spoke configurations only differ in the local IP address on the ``tun10`` interface. See the above diagram for the individual IP addresses."
#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
-#: ../../configuration/nat/nat44.rst:503
+#: ../../configuration/nat/nat44.rst:523
msgid "The interface traffic will be coming in on;"
msgstr "The interface traffic will be coming in on;"
@@ -13893,7 +13188,7 @@ msgstr "The interface traffic will be coming in on;"
msgid "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
msgstr "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
-#: ../../configuration/nat/nat44.rst:317
+#: ../../configuration/nat/nat44.rst:329
msgid "The internal IP addresses we want to translate"
msgstr "The internal IP addresses we want to translate"
@@ -13937,6 +13232,14 @@ msgstr "The local site will have a subnet of 10.0.0.0/16."
msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
+#: ../../configuration/firewall/index.rst:20
+msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+
+#: ../../configuration/firewall/index.rst:92
+msgid "The main structure VyOS firewall cli is shown next:"
+msgstr "The main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/interfaces/bonding.rst:271
msgid "The maximum number of targets that can be specified is 16. The default value is no IP address."
msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address."
@@ -13961,7 +13264,7 @@ msgstr "The minimal echo receive transmission interval that this system is capab
msgid "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
msgstr "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
-#: ../../configuration/interfaces/vxlan.rst:292
+#: ../../configuration/interfaces/vxlan.rst:313
msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
@@ -14010,12 +13313,10 @@ msgid "The optional parameter register specifies that Registration Request shoul
msgstr "The optional parameter register specifies that Registration Request should be sent to this peer on startup."
#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
msgid "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
msgstr "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
-#: ../../configuration/nat/nat44.rst:318
+#: ../../configuration/nat/nat44.rst:330
msgid "The outgoing interface to perform the translation on"
msgstr "The outgoing interface to perform the translation on"
@@ -14051,11 +13352,11 @@ msgstr "The prefix and ASN that originated it match a signed ROA. These are prob
msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
-#: ../../configuration/service/dhcp-server.rst:434
+#: ../../configuration/service/dhcp-server.rst:375
msgid "The primary DHCP server uses address `192.168.189.252`"
msgstr "The primary DHCP server uses address `192.168.189.252`"
-#: ../../configuration/service/dhcp-server.rst:193
+#: ../../configuration/service/dhcp-server.rst:158
msgid "The primary and secondary statements determines whether the server is primary or secondary."
msgstr "The primary and secondary statements determines whether the server is primary or secondary."
@@ -14067,7 +13368,7 @@ msgstr "The primary option is only valid for active-backup, transmit-load-balanc
msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
msgstr "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
-#: ../../configuration/service/dhcp-server.rst:609
+#: ../../configuration/service/dhcp-server.rst:539
msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
@@ -14075,7 +13376,7 @@ msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus
msgid "The prompt is adjusted to reflect this change in both config and op-mode."
msgstr "The prompt is adjusted to reflect this change in both config and op-mode."
-#: ../../configuration/nat/nat44.rst:504
+#: ../../configuration/nat/nat44.rst:524
msgid "The protocol and port we wish to forward;"
msgstr "The protocol and port we wish to forward;"
@@ -14124,7 +13425,7 @@ msgstr "The remote user will use the openconnect client to connect to the router
msgid "The required config file may look like this:"
msgstr "The required config file may look like this:"
-#: ../../configuration/nat/nat44.rst:683
+#: ../../configuration/nat/nat44.rst:707
msgid "The required configuration can be broken down into 4 major pieces:"
msgstr "The required configuration can be broken down into 4 major pieces:"
@@ -14160,7 +13461,7 @@ msgstr "The router should discard DHCP packages already containing relay agent i
msgid "The sFlow accounting based on hsflowd https://sflow.net/"
msgstr "The sFlow accounting based on hsflowd https://sflow.net/"
-#: ../../configuration/vpn/openconnect.rst:263
+#: ../../configuration/vpn/openconnect.rst:270
msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
@@ -14172,7 +13473,7 @@ msgstr "The scheme above doesn't work when one of the routers has a dynamic exte
msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
msgstr "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
-#: ../../configuration/service/dhcp-server.rst:435
+#: ../../configuration/service/dhcp-server.rst:376
msgid "The secondary DHCP server uses address `192.168.189.253`"
msgstr "The secondary DHCP server uses address `192.168.189.253`"
@@ -14184,7 +13485,7 @@ msgstr "The security approach in SNMPv3 targets:"
msgid "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
msgstr "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
-#: ../../configuration/interfaces/vxlan.rst:168
+#: ../../configuration/interfaces/vxlan.rst:189
msgid "The setup is this: Leaf2 - Spine1 - Leaf3"
msgstr "The setup is this: Leaf2 - Spine1 - Leaf3"
@@ -14197,11 +13498,6 @@ msgid "The speed (baudrate) of the console device. Supported values are:"
msgstr "The speed (baudrate) of the console device. Supported values are:"
#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
@@ -14221,7 +13517,7 @@ msgstr "The table consists of following data:"
msgid "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
msgstr "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
-#: ../../configuration/nat/nat44.rst:233
+#: ../../configuration/nat/nat44.rst:245
msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
@@ -14245,22 +13541,7 @@ msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for mult
msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
+#: ../../_include/interface-dhcp-options.txt:36
msgid "The vendor-class-id option can be used to request a specific class of vendor options from the server."
msgstr "The vendor-class-id option can be used to request a specific class of vendor options from the server."
@@ -14276,7 +13557,7 @@ msgstr "The window size must be between 1 and 21."
msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
-#: ../../configuration/nat/nat44.rst:597
+#: ../../configuration/nat/nat44.rst:621
msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
@@ -14300,16 +13581,22 @@ msgstr "There's a variety of client GUI frontends for any platform"
msgid "There are 3 default NTP server set. You are able to change them."
msgstr "There are 3 default NTP server set. You are able to change them."
-#: ../../configuration/firewall/general.rst:536
-#: ../../configuration/firewall/general-legacy.rst:380
+#: ../../configuration/firewall/ipv4.rst:269
+#: ../../configuration/firewall/ipv6.rst:269
msgid "There are a lot of matching criteria against which the package can be tested."
msgstr "There are a lot of matching criteria against which the package can be tested."
+#: ../../configuration/firewall/bridge.rst:221
+#: ../../configuration/firewall/ipv4.rst:303
+#: ../../configuration/firewall/ipv6.rst:303
+msgid "There are a lot of matching criteria against which the packet can be tested."
+msgstr "There are a lot of matching criteria against which the packet can be tested."
+
#: ../../configuration/policy/route.rst:40
msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
-#: ../../configuration/system/ipv6.rst:91
+#: ../../configuration/system/ipv6.rst:92
msgid "There are different parameters for getting prefix-list information:"
msgstr "There are different parameters for getting prefix-list information:"
@@ -14362,33 +13649,9 @@ msgid "There is also a GRE over IPv6 encapsulation available, it is called: ``ip
msgstr "There is also a GRE over IPv6 encapsulation available, it is called: ``ip6gre``."
#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
msgid "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
msgstr "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
-#: ../../configuration/protocols/igmp.rst:93
#: ../../configuration/protocols/pim6.rst:27
msgid "These are the commands for a basic setup."
msgstr "These are the commands for a basic setup."
@@ -14413,6 +13676,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u
msgid "They can be **decimal** prefixes."
msgstr "They can be **decimal** prefixes."
+#: ../../configuration/firewall/flowtables.rst:102
+msgid "Things to be considred in this setup:"
+msgstr "Things to be considred in this setup:"
+
#: ../../configuration/interfaces/l2tpv3.rst:54
msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
@@ -14438,6 +13705,10 @@ msgstr "This algorithm will place all traffic to a particular network peer on th
msgid "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
msgstr "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
+#: ../../configuration/system/frr.rst:17
+msgid "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+msgstr "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+
#: ../../configuration/service/dns.rst:41
msgid "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
msgstr "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
@@ -14503,7 +13774,7 @@ msgstr "This command allows to specify the distribution type for the network con
msgid "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
msgstr "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
-#: ../../configuration/protocols/ospf.rst:1259
+#: ../../configuration/protocols/ospf.rst:1261
msgid "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -14734,23 +14005,27 @@ msgstr "This command disables route reflection between route reflector clients.
msgid "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
msgstr "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
-#: ../../configuration/protocols/bgp.rst:1008
+#: ../../configuration/protocols/isis.rst:318
+msgid "This command disables the load sharing across multiple LFA backups."
+msgstr "This command disables the load sharing across multiple LFA backups."
+
+#: ../../configuration/protocols/bgp.rst:1009
msgid "This command displays BGP dampened routes."
msgstr "This command displays BGP dampened routes."
-#: ../../configuration/protocols/bgp.rst:1031
+#: ../../configuration/protocols/bgp.rst:1032
msgid "This command displays BGP received-routes that are accepted after filtering."
msgstr "This command displays BGP received-routes that are accepted after filtering."
-#: ../../configuration/protocols/bgp.rst:1021
+#: ../../configuration/protocols/bgp.rst:1022
msgid "This command displays BGP routes advertised to a neighbor."
msgstr "This command displays BGP routes advertised to a neighbor."
-#: ../../configuration/protocols/bgp.rst:1016
+#: ../../configuration/protocols/bgp.rst:1017
msgid "This command displays BGP routes allowed by the specified AS Path access list."
msgstr "This command displays BGP routes allowed by the specified AS Path access list."
-#: ../../configuration/protocols/bgp.rst:1025
+#: ../../configuration/protocols/bgp.rst:1026
msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
msgstr "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
@@ -14763,17 +14038,17 @@ msgid "This command displays RIP routes."
msgstr "This command displays RIP routes."
#: ../../configuration/protocols/ospf.rst:785
-#: ../../configuration/protocols/ospf.rst:1304
+#: ../../configuration/protocols/ospf.rst:1306
msgid "This command displays a database contents for a specific link advertisement type."
msgstr "This command displays a database contents for a specific link advertisement type."
#: ../../configuration/protocols/ospf.rst:752
-#: ../../configuration/protocols/ospf.rst:1299
+#: ../../configuration/protocols/ospf.rst:1301
msgid "This command displays a summary table with a database contents (LSA)."
msgstr "This command displays a summary table with a database contents (LSA)."
#: ../../configuration/protocols/ospf.rst:747
-#: ../../configuration/protocols/ospf.rst:1294
+#: ../../configuration/protocols/ospf.rst:1296
msgid "This command displays a table of paths to area boundary and autonomous system boundary routers."
msgstr "This command displays a table of paths to area boundary and autonomous system boundary routers."
@@ -14781,35 +14056,35 @@ msgstr "This command displays a table of paths to area boundary and autonomous s
msgid "This command displays all entries in BGP routing table."
msgstr "This command displays all entries in BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1035
+#: ../../configuration/protocols/bgp.rst:1036
msgid "This command displays dampened routes received from BGP neighbor."
msgstr "This command displays dampened routes received from BGP neighbor."
-#: ../../configuration/protocols/ospf.rst:1309
+#: ../../configuration/protocols/ospf.rst:1311
msgid "This command displays external information redistributed into OSPFv3"
msgstr "This command displays external information redistributed into OSPFv3"
-#: ../../configuration/protocols/bgp.rst:1039
+#: ../../configuration/protocols/bgp.rst:1040
msgid "This command displays information about BGP routes whose AS path matches the specified regular expression."
msgstr "This command displays information about BGP routes whose AS path matches the specified regular expression."
-#: ../../configuration/protocols/bgp.rst:1012
+#: ../../configuration/protocols/bgp.rst:1013
msgid "This command displays information about flapping BGP routes."
msgstr "This command displays information about flapping BGP routes."
-#: ../../configuration/protocols/bgp.rst:976
+#: ../../configuration/protocols/bgp.rst:977
msgid "This command displays information about the particular entry in the BGP routing table."
msgstr "This command displays information about the particular entry in the BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1003
+#: ../../configuration/protocols/bgp.rst:1004
msgid "This command displays routes that are permitted by the BGP community list."
msgstr "This command displays routes that are permitted by the BGP community list."
-#: ../../configuration/protocols/bgp.rst:996
+#: ../../configuration/protocols/bgp.rst:997
msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
msgstr "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
-#: ../../configuration/protocols/bgp.rst:992
+#: ../../configuration/protocols/bgp.rst:993
msgid "This command displays routes with classless interdomain routing (CIDR)."
msgstr "This command displays routes with classless interdomain routing (CIDR)."
@@ -14817,11 +14092,11 @@ msgstr "This command displays routes with classless interdomain routing (CIDR)."
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
-#: ../../configuration/protocols/ospf.rst:1283
+#: ../../configuration/protocols/ospf.rst:1285
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
-#: ../../configuration/protocols/ospf.rst:1289
+#: ../../configuration/protocols/ospf.rst:1291
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
@@ -14829,12 +14104,12 @@ msgstr "This command displays the OSPF routing table, as determined by the most
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
-#: ../../configuration/protocols/ospf.rst:1279
+#: ../../configuration/protocols/ospf.rst:1281
msgid "This command displays the neighbor DR choice information."
msgstr "This command displays the neighbor DR choice information."
#: ../../configuration/protocols/ospf.rst:623
-#: ../../configuration/protocols/ospf.rst:1274
+#: ../../configuration/protocols/ospf.rst:1276
msgid "This command displays the neighbors information in a detailed form, not just a summary table."
msgstr "This command displays the neighbors information in a detailed form, not just a summary table."
@@ -14843,7 +14118,7 @@ msgid "This command displays the neighbors information in a detailed form for a
msgstr "This command displays the neighbors information in a detailed form for a neighbor whose IP address is specified."
#: ../../configuration/protocols/ospf.rst:613
-#: ../../configuration/protocols/ospf.rst:1270
+#: ../../configuration/protocols/ospf.rst:1272
msgid "This command displays the neighbors status."
msgstr "This command displays the neighbors status."
@@ -14851,7 +14126,7 @@ msgstr "This command displays the neighbors status."
msgid "This command displays the neighbors status for a neighbor on the specified interface."
msgstr "This command displays the neighbors status for a neighbor on the specified interface."
-#: ../../configuration/protocols/bgp.rst:1044
+#: ../../configuration/protocols/bgp.rst:1045
msgid "This command displays the status of all BGP connections."
msgstr "This command displays the status of all BGP connections."
@@ -14863,6 +14138,10 @@ msgstr "This command enable/disables summarisation for the configured address ra
msgid "This command enable logging neighbor up/down changes and reset reason."
msgstr "This command enable logging neighbor up/down changes and reset reason."
+#: ../../configuration/protocols/isis.rst:311
+msgid "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+
#: ../../configuration/protocols/isis.rst:70
msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
@@ -14946,6 +14225,10 @@ msgstr "This command is only allowed for eBGP peers."
msgid "This command is only allowed for eBGP peers. It is not applicable for peer groups."
msgstr "This command is only allowed for eBGP peers. It is not applicable for peer groups."
+#: ../../configuration/protocols/pim.rst:70
+msgid "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+msgstr "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+
#: ../../configuration/protocols/rip.rst:106
msgid "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
msgstr "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
@@ -15006,7 +14289,7 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
msgstr "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
-#: ../../configuration/protocols/ospf.rst:1253
+#: ../../configuration/protocols/ospf.rst:1255
msgid "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -15014,19 +14297,19 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
msgstr "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
-#: ../../configuration/protocols/bgp.rst:1067
+#: ../../configuration/protocols/bgp.rst:1068
msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1087
+#: ../../configuration/protocols/bgp.rst:1088
msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1074
+#: ../../configuration/protocols/bgp.rst:1075
msgid "This command resets all BGP connections of given router."
msgstr "This command resets all BGP connections of given router."
-#: ../../configuration/protocols/bgp.rst:1083
+#: ../../configuration/protocols/bgp.rst:1084
msgid "This command resets all external BGP peers of given router."
msgstr "This command resets all external BGP peers of given router."
@@ -15431,56 +14714,18 @@ msgstr "This command summarizes intra area paths from specified area into one su
msgid "This command to ensure not advertise the summary lsa for the matched external LSAs."
msgstr "This command to ensure not advertise the summary lsa for the matched external LSAs."
-#: ../../configuration/protocols/bgp.rst:1078
+#: ../../configuration/protocols/bgp.rst:1079
msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
msgstr "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/pppoe.rst:212
#: ../../configuration/interfaces/pppoe.rst:258
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/sstp-client.rst:84
#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
@@ -15494,6 +14739,10 @@ msgstr "This command will change the hold down value for IGP-LDP synchronization
msgid "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
msgstr "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
+#: ../../configuration/protocols/isis.rst:324
+msgid "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+msgstr "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+
#: ../../configuration/protocols/isis.rst:134
msgid "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
msgstr "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
@@ -15510,25 +14759,32 @@ msgstr "This command will generate a default-route in L1 database."
msgid "This command will generate a default-route in L2 database."
msgstr "This command will generate a default-route in L2 database."
-#: ../../configuration/firewall/general.rst:1457
-#: ../../configuration/firewall/general-legacy.rst:904
+#: ../../configuration/firewall/ipv6.rst:1113
msgid "This command will give an overview of a rule in a single rule-set"
msgstr "This command will give an overview of a rule in a single rule-set"
+#: ../../configuration/firewall/ipv4.rst:1091
+msgid "This command will give an overview of a rule in a single rule-set, plus information for default action."
+msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action."
+
#: ../../configuration/firewall/general-legacy.rst:940
msgid "This command will give an overview of a rule in a single rule-set."
msgstr "This command will give an overview of a rule in a single rule-set."
-#: ../../configuration/firewall/general.rst:1435
-#: ../../configuration/firewall/general-legacy.rst:932
+#: ../../configuration/firewall/ipv4.rst:1072
+#: ../../configuration/firewall/ipv6.rst:1088
msgid "This command will give an overview of a single rule-set."
msgstr "This command will give an overview of a single rule-set."
+#: ../../configuration/protocols/isis.rst:330
+msgid "This command will limit LFA backup computation up to the specified prefix priority."
+msgstr "This command will limit LFA backup computation up to the specified prefix priority."
+
#: ../../configuration/protocols/bgp.rst:268
msgid "This command would allow the dynamic update of capabilities over an established BGP session."
msgstr "This command would allow the dynamic update of capabilities over an established BGP session."
-#: ../../configuration/interfaces/vxlan.rst:272
+#: ../../configuration/interfaces/vxlan.rst:293
msgid "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
@@ -15548,7 +14804,12 @@ msgstr "This configuration listen on port 80 and redirect incoming requests to H
msgid "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
msgstr "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
-#: ../../configuration/service/dhcp-server.rst:78
+#: ../../configuration/service/dhcp-server.rst:76
+#: ../../configuration/service/dhcp-server.rst:520
+msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+
+#: ../../configuration/service/dhcp-server.rst:58
msgid "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
msgstr "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
@@ -15572,30 +14833,11 @@ msgstr "This defaults to 1812."
msgid "This defaults to 2007."
msgstr "This defaults to 2007."
-#: ../../configuration/service/dns.rst:258
+#: ../../configuration/service/dns.rst:271
msgid "This defaults to 300 seconds."
msgstr "This defaults to 300 seconds."
#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
msgid "This defaults to 30 seconds."
msgstr "This defaults to 30 seconds."
@@ -15611,6 +14853,14 @@ msgstr "This defaults to 5."
msgid "This defaults to UDP"
msgstr "This defaults to UDP"
+#: ../../configuration/service/https.rst:52
+msgid "This defaults to both 1.2 and 1.3."
+msgstr "This defaults to both 1.2 and 1.3."
+
+#: ../../configuration/pki/index.rst:283
+msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/interfaces/wireless.rst:101
msgid "This defaults to phy0."
msgstr "This defaults to phy0."
@@ -15635,7 +14885,7 @@ msgstr "This enables :rfc:`3137` support, where the OSPF process describes its t
msgid "This enables the greenfield option which sets the ``[GF]`` option"
msgstr "This enables the greenfield option which sets the ``[GF]`` option"
-#: ../../configuration/nat/nat44.rst:546
+#: ../../configuration/nat/nat44.rst:568
msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
@@ -15647,28 +14897,28 @@ msgstr "This example shows how to target an MSS clamp (in our example to 1360 by
msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
-#: ../../configuration/service/dns.rst:391
+#: ../../configuration/service/dns.rst:404
msgid "This functionality is controlled by adding the following configuration:"
msgstr "This functionality is controlled by adding the following configuration:"
-#: ../../configuration/firewall/general.rst:626
-#: ../../configuration/firewall/general-legacy.rst:431
+#: ../../configuration/firewall/ipv4.rst:376
+#: ../../configuration/firewall/ipv6.rst:378
msgid "This functions for both individual addresses and address groups."
msgstr "This functions for both individual addresses and address groups."
-#: ../../configuration/protocols/isis.rst:449
+#: ../../configuration/protocols/isis.rst:477
#: ../../configuration/protocols/ospf.rst:968
msgid "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
msgstr "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
-#: ../../configuration/protocols/isis.rst:501
+#: ../../configuration/protocols/isis.rst:529
#: ../../configuration/protocols/ospf.rst:1018
#: ../../configuration/protocols/segment-routing.rst:229
#: ../../configuration/protocols/segment-routing.rst:312
msgid "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
msgstr "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
-#: ../../configuration/protocols/isis.rst:339
+#: ../../configuration/protocols/isis.rst:367
msgid "This gives us the following neighborships, Level 1 and Level 2:"
msgstr "This gives us the following neighborships, Level 1 and Level 2:"
@@ -15680,11 +14930,11 @@ msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolu
msgid "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
msgstr "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
-#: ../../configuration/service/dhcp-server.rst:96
+#: ../../configuration/service/dhcp-server.rst:82
msgid "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
msgstr "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
-#: ../../configuration/service/dhcp-server.rst:103
+#: ../../configuration/service/dhcp-server.rst:89
msgid "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
msgstr "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
@@ -15696,6 +14946,11 @@ msgstr "This is a mandatory command. Sets regular expression to match against lo
msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable."
msgstr "This is a mandatory command. Sets the full path to the script. The script file must be executable."
+#: ../../configuration/pki/index.rst:261
+#: ../../configuration/pki/index.rst:267
+msgid "This is a mandatory option"
+msgstr "This is a mandatory option"
+
#: ../../configuration/protocols/rpki.rst:117
#: ../../configuration/protocols/rpki.rst:124
msgid "This is a mandatory setting."
@@ -15726,29 +14981,10 @@ msgid "This is an optional command because the event handler will be automatical
msgstr "This is an optional command because the event handler will be automatically created after any of the next commands."
#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
msgid "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
msgstr "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
-#: ../../configuration/protocols/igmp.rst:208
+#: ../../configuration/protocols/igmp-proxy.rst:36
msgid "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
msgstr "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
@@ -15777,13 +15013,13 @@ msgstr "This is the LAN extension use case. The eth0 port of the distant VPN pee
msgid "This is the LCD model used in your system."
msgstr "This is the LCD model used in your system."
-#: ../../configuration/service/dhcp-server.rst:40
-#: ../../configuration/service/dhcp-server.rst:49
-#: ../../configuration/service/dhcp-server.rst:56
+#: ../../configuration/service/dhcp-server.rst:35
+#: ../../configuration/service/dhcp-server.rst:44
+#: ../../configuration/service/dhcp-server.rst:51
msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
msgstr "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
-#: ../../configuration/service/dhcp-server.rst:232
+#: ../../configuration/service/dhcp-server.rst:197
msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
msgstr "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
@@ -15795,7 +15031,7 @@ msgstr "This is the name of the physical interface used to connect to your LCD d
msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
-#: ../../configuration/service/dhcp-server.rst:230
+#: ../../configuration/service/dhcp-server.rst:195
msgid "This is useful, for example, in combination with hostfile update."
msgstr "This is useful, for example, in combination with hostfile update."
@@ -15808,25 +15044,6 @@ msgid "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.
msgstr "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones."
#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
msgid "This method automatically disables IPv6 traffic forwarding on the interface in question."
msgstr "This method automatically disables IPv6 traffic forwarding on the interface in question."
@@ -15847,11 +15064,11 @@ msgstr "This mode provides load balancing and fault tolerance."
msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
-#: ../../configuration/service/dhcp-server.rst:133
+#: ../../configuration/service/dhcp-server.rst:119
msgid "This option can be specified multiple times."
msgstr "This option can be specified multiple times."
-#: ../../configuration/protocols/igmp.rst:211
+#: ../../configuration/protocols/igmp-proxy.rst:39
msgid "This option can be supplied multiple times."
msgstr "This option can be supplied multiple times."
@@ -15863,7 +15080,15 @@ msgstr "This option is mandatory in Access-Point mode."
msgid "This option is required when running a DMVPN spoke."
msgstr "This option is required when running a DMVPN spoke."
-#: ../../configuration/system/login.rst:388
+#: ../../_include/interface-dhcp-options.txt:86
+msgid "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+msgstr "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+
+#: ../../_include/interface-dhcp-options.txt:31
+msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+
+#: ../../configuration/system/login.rst:390
msgid "This option must be used with ``timeout`` option."
msgstr "This option must be used with ``timeout`` option."
@@ -15876,6 +15101,10 @@ msgstr "This option only affects 802.3ad mode."
msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
+#: ../../configuration/pki/index.rst:277
+msgid "This options defaults to 2048"
+msgstr "This options defaults to 2048"
+
#: ../../configuration/protocols/ospf.rst:326
msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
@@ -15892,7 +15121,9 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer
msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:360
+#: ../../configuration/firewall/bridge.rst:90
+#: ../../configuration/firewall/ipv4.rst:114
+#: ../../configuration/firewall/ipv6.rst:114
msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
@@ -15905,7 +15136,7 @@ msgstr "This requires two files, one to create the device (XXX.netdev) and one t
msgid "This results in the active configuration:"
msgstr "This results in the active configuration:"
-#: ../../configuration/service/dhcp-server.rst:88
+#: ../../configuration/service/dhcp-server.rst:68
msgid "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
msgstr "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
@@ -15918,19 +15149,6 @@ msgid "This section describes the system's host information and how to configure
msgstr "This section describes the system's host information and how to configure them, it covers the following topics:"
#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
msgid "This section needs improvements, examples and explanations."
msgstr "This section needs improvements, examples and explanations."
@@ -15938,10 +15156,17 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:392
+#: ../../configuration/firewall/ipv4.rst:142
+#: ../../configuration/firewall/ipv6.rst:142
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+#: ../../configuration/firewall/bridge.rst:132
+#: ../../configuration/firewall/ipv4.rst:179
+#: ../../configuration/firewall/ipv6.rst:179
+msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+
#: ../../configuration/interfaces/openvpn.rst:278
msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
@@ -15958,13 +15183,11 @@ msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amou
msgid "This setting defaults to 1500 and is valid between 10 and 60000."
msgstr "This setting defaults to 1500 and is valid between 10 and 60000."
-#: ../../configuration/firewall/general.rst:121
-#: ../../configuration/firewall/general-legacy.rst:73
+#: ../../configuration/firewall/global-options.rst:58
msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:129
-#: ../../configuration/firewall/general-legacy.rst:81
+#: ../../configuration/firewall/global-options.rst:66
msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
@@ -15973,21 +15196,6 @@ msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-
msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:"
#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
@@ -15995,30 +15203,11 @@ msgstr "This statement specifies dhcp6c to only exchange informational configura
msgid "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
msgstr "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
-#: ../../configuration/nat/nat44.rst:409
+#: ../../configuration/nat/nat44.rst:423
msgid "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
msgid "This technology is known by different names:"
msgstr "This technology is known by different names:"
@@ -16026,7 +15215,7 @@ msgstr "This technology is known by different names:"
msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
-#: ../../configuration/interfaces/vxlan.rst:173
+#: ../../configuration/interfaces/vxlan.rst:194
msgid "This topology was built using GNS3."
msgstr "This topology was built using GNS3."
@@ -16042,26 +15231,37 @@ msgstr "This will configure a static ARP entry always resolving `<address>` to `
msgid "This will match TCP traffic with source port 80."
msgstr "This will match TCP traffic with source port 80."
-#: ../../configuration/service/dns.rst:282
+#: ../../configuration/service/dns.rst:295
msgid "This will render the following ddclient_ configuration entry:"
msgstr "This will render the following ddclient_ configuration entry:"
-#: ../../configuration/firewall/general.rst:1314
-#: ../../configuration/firewall/general-legacy.rst:785
+#: ../../configuration/firewall/ipv6.rst:969
msgid "This will show you a basic firewall overview"
msgstr "This will show you a basic firewall overview"
+#: ../../configuration/firewall/ipv4.rst:961
+msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+
+#: ../../configuration/firewall/zone.rst:149
+msgid "This will show you a basic summary of a particular zone."
+msgstr "This will show you a basic summary of a particular zone."
+
+#: ../../configuration/firewall/zone.rst:132
+msgid "This will show you a basic summary of zones configuration."
+msgstr "This will show you a basic summary of zones configuration."
+
#: ../../configuration/firewall/general-legacy.rst:936
msgid "This will show you a rule-set statistic since the last boot."
msgstr "This will show you a rule-set statistic since the last boot."
-#: ../../configuration/firewall/general.rst:1479
-#: ../../configuration/firewall/general-legacy.rst:900
+#: ../../configuration/firewall/ipv4.rst:1112
+#: ../../configuration/firewall/ipv6.rst:1135
msgid "This will show you a statistic of all rule-sets since the last boot."
msgstr "This will show you a statistic of all rule-sets since the last boot."
-#: ../../configuration/firewall/general.rst:1377
-#: ../../configuration/firewall/general-legacy.rst:851
+#: ../../configuration/firewall/ipv4.rst:1016
+#: ../../configuration/firewall/ipv6.rst:1032
msgid "This will show you a summary of rule-sets and groups"
msgstr "This will show you a summary of rule-sets and groups"
@@ -16069,7 +15269,7 @@ msgstr "This will show you a summary of rule-sets and groups"
msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
-#: ../../configuration/nat/nat44.rst:566
+#: ../../configuration/nat/nat44.rst:590
msgid "This would generate the following configuration:"
msgstr "This would generate the following configuration:"
@@ -16105,8 +15305,8 @@ msgstr "Time in seconds that the prefix will remain valid (default: 30 days)"
msgid "Time is in minutes and defaults to 60."
msgstr "Time is in minutes and defaults to 60."
-#: ../../configuration/firewall/general.rst:1211
-#: ../../configuration/firewall/general-legacy.rst:722
+#: ../../configuration/firewall/ipv4.rst:874
+#: ../../configuration/firewall/ipv6.rst:883
#: ../../configuration/policy/route.rst:225
msgid "Time to match the defined rule."
msgstr "Time to match the defined rule."
@@ -16115,11 +15315,11 @@ msgstr "Time to match the defined rule."
msgid "Timeout in seconds between health target checks."
msgstr "Timeout in seconds between health target checks."
-#: ../../configuration/vpn/sstp.rst:223
+#: ../../configuration/vpn/sstp.rst:234
msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
-#: ../../configuration/vpn/sstp.rst:243
+#: ../../configuration/vpn/sstp.rst:254
msgid "Timeout to wait response from server (seconds)"
msgstr "Timeout to wait response from server (seconds)"
@@ -16136,7 +15336,15 @@ msgstr "To activate the VLAN aware bridge, you must activate this setting to use
msgid "To allow VPN-clients access via your external address, a NAT rule is required:"
msgstr "To allow VPN-clients access via your external address, a NAT rule is required:"
-#: ../../configuration/vpn/site2site_ipsec.rst:253
+#: ../../configuration/service/mdns.rst:68
+msgid "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+msgstr "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+
+#: ../../configuration/service/mdns.rst:60
+msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+
+#: ../../configuration/vpn/site2site_ipsec.rst:257
msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
msgstr "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
@@ -16152,16 +15360,45 @@ msgstr "To auto update the blacklist files"
msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
+#: ../../configuration/service/pppoe-server.rst:59
+msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+
#: ../../configuration/firewall/general-legacy.rst:314
msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
-#: ../../configuration/firewall/general.rst:401
-#: ../../configuration/firewall/general-legacy.rst:295
+#: ../../configuration/firewall/bridge.rst:140
+#: ../../configuration/firewall/ipv4.rst:187
+#: ../../configuration/firewall/ipv6.rst:187
msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
-#: ../../configuration/firewall/general.rst:374
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
+msgid "To be used only when action is set to ``jump``. Use this command to specify jump target."
+msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target."
+
+#: ../../configuration/firewall/bridge.rst:120
+#: ../../configuration/firewall/ipv4.rst:163
+#: ../../configuration/firewall/ipv6.rst:163
+msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+
+#: ../../configuration/firewall/bridge.rst:111
+#: ../../configuration/firewall/ipv4.rst:150
+#: ../../configuration/firewall/ipv6.rst:150
+msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+
+#: ../../configuration/firewall/bridge.rst:103
+#: ../../configuration/firewall/ipv4.rst:138
+#: ../../configuration/firewall/ipv6.rst:138
+msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
msgid "To be used only when action is set to jump. Use this command to specify jump target."
msgstr "To be used only when action is set to jump. Use this command to specify jump target."
@@ -16177,11 +15414,11 @@ msgstr "To bypass the proxy for every request that is directed to a specific des
msgid "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
msgstr "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
-#: ../../configuration/firewall/index.rst:58
+#: ../../configuration/firewall/index.rst:179
msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
-#: ../../configuration/firewall/index.rst:79
+#: ../../configuration/firewall/index.rst:173
msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
@@ -16209,7 +15446,7 @@ msgstr "To configure your LCD display you must first identify the used hardware,
msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
-#: ../../configuration/system/login.rst:375
+#: ../../configuration/system/login.rst:377
msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
@@ -16221,7 +15458,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports."
msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
-#: ../../configuration/firewall/zone.rst:61
+#: ../../configuration/firewall/zone.rst:80
msgid "To define a zone setup either one with interfaces or a local zone."
msgstr "To define a zone setup either one with interfaces or a local zone."
@@ -16233,7 +15470,7 @@ msgstr "To disable advertisements without deleting the configuration:"
msgid "To display the configured OTP user key, use the command:"
msgstr "To display the configured OTP user key, use the command:"
-#: ../../configuration/vpn/openconnect.rst:219
+#: ../../configuration/vpn/openconnect.rst:226
msgid "To display the configured OTP user settings, use the command:"
msgstr "To display the configured OTP user settings, use the command:"
@@ -16254,7 +15491,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to
msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
-#: ../../configuration/service/https.rst:23
+#: ../../configuration/service/https.rst:68
msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
@@ -16262,6 +15499,14 @@ msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`mon
msgid "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
msgstr "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
+#: ../../configuration/service/mdns.rst:23
+msgid "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+msgstr "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+
+#: ../../configuration/vpn/openconnect.rst:168
+msgid "To enable the HTTP security headers in the configuration file, use the command:"
+msgstr "To enable the HTTP security headers in the configuration file, use the command:"
+
#: ../../configuration/loadbalancing/wan.rst:115
msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
@@ -16282,7 +15527,7 @@ msgstr "To generate the CA, the server private key and certificates the followin
msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
-#: ../../configuration/service/dhcp-server.rst:636
+#: ../../configuration/service/dhcp-server.rst:566
msgid "To hand out individual prefixes to your clients the following configuration is used:"
msgstr "To hand out individual prefixes to your clients the following configuration is used:"
@@ -16290,7 +15535,7 @@ msgstr "To hand out individual prefixes to your clients the following configurat
msgid "To know more about scripting, check the :ref:`command-scripting` section."
msgstr "To know more about scripting, check the :ref:`command-scripting` section."
-#: ../../configuration/service/mdns.rst:36
+#: ../../configuration/service/mdns.rst:52
msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
msgstr "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
@@ -16304,34 +15549,18 @@ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip osp
msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
msgid "To request a /56 prefix from your ISP use:"
msgstr "To request a /56 prefix from your ISP use:"
-#: ../../configuration/service/dhcp-server.rst:748
+#: ../../configuration/service/dhcp-server.rst:680
msgid "To restart the DHCPv6 server"
msgstr "To restart the DHCPv6 server"
-#: ../../configuration/nat/nat44.rst:315
+#: ../../configuration/nat/nat44.rst:327
msgid "To setup SNAT, we need to know:"
msgstr "To setup SNAT, we need to know:"
-#: ../../configuration/nat/nat44.rst:501
+#: ../../configuration/nat/nat44.rst:521
msgid "To setup a destination NAT rule we need to gather:"
msgstr "To setup a destination NAT rule we need to gather:"
@@ -16343,11 +15572,11 @@ msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary
msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
-#: ../../configuration/service/pppoe-server.rst:106
+#: ../../configuration/service/pppoe-server.rst:93
msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
msgstr "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
-#: ../../configuration/service/dns.rst:308
+#: ../../configuration/service/dns.rst:321
msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
msgstr "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
@@ -16355,15 +15584,15 @@ msgstr "To use such a service, one must define a login, password, one or multipl
msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
-#: ../../configuration/service/https.rst:86
+#: ../../configuration/service/https.rst:77
msgid "To use this full configuration we asume a public accessible hostname."
msgstr "To use this full configuration we asume a public accessible hostname."
-#: ../../configuration/interfaces/vxlan.rst:175
+#: ../../configuration/interfaces/vxlan.rst:196
msgid "Topology:"
msgstr "Topology:"
-#: ../../configuration/interfaces/vxlan.rst:107
+#: ../../configuration/interfaces/vxlan.rst:128
msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
@@ -16379,7 +15608,7 @@ msgstr "Track option to track non VRRP interface states. VRRP changes status to
msgid "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
msgstr "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
-#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:175
msgid "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
msgstr "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
@@ -16399,7 +15628,7 @@ msgstr "Traffic Filters are used to control which packets will have the defined
msgid "Traffic Policy"
msgstr "Traffic Policy"
-#: ../../configuration/firewall/zone.rst:37
+#: ../../configuration/firewall/zone.rst:56
msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member."
msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member."
@@ -16411,10 +15640,19 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece
msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
-#: ../../configuration/firewall/general.rst:1281
+#: ../../configuration/protocols/pim.rst:18
+msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+
+#: ../../configuration/firewall/ipv4.rst:928
+#: ../../configuration/firewall/ipv6.rst:937
msgid "Traffic must be symmetric"
msgstr "Traffic must be symmetric"
+#: ../../configuration/firewall/bridge.rst:34
+msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+
#: ../../configuration/highavailability/index.rst:322
msgid "Transition scripts"
msgstr "Transition scripts"
@@ -16427,11 +15665,11 @@ msgstr "Transition scripts can help you implement various fixups, such as starti
msgid "Transparent Proxy"
msgstr "Transparent Proxy"
+#: ../../configuration/interfaces/openvpn.rst:701
#: ../../configuration/interfaces/tunnel.rst:227
msgid "Troubleshooting"
msgstr "Troubleshooting"
-#: ../../configuration/protocols/igmp.rst:119
#: ../../configuration/protocols/pim6.rst:41
msgid "Tuning commands"
msgstr "Tuning commands"
@@ -16448,6 +15686,10 @@ msgstr "Tunnel keys"
msgid "Two environment variables are available:"
msgstr "Two environment variables are available:"
+#: ../../configuration/firewall/flowtables.rst:104
+msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+
#: ../../configuration/service/ssh.rst:188
msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
@@ -16460,7 +15702,7 @@ msgstr "Two routers connected both via eth1 through an untrusted switch"
msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
-#: ../../configuration/nat/nat44.rst:594
+#: ../../configuration/nat/nat44.rst:618
msgid "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
msgstr "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
@@ -16504,7 +15746,7 @@ msgstr "USB to serial converters will handle most of their work in software so y
msgid "UUCP subsystem"
msgstr "UUCP subsystem"
-#: ../../configuration/interfaces/vxlan.rst:81
+#: ../../configuration/interfaces/vxlan.rst:102
msgid "Unicast"
msgstr "Unicast"
@@ -16512,7 +15754,7 @@ msgstr "Unicast"
msgid "Unicast VRRP"
msgstr "Unicast VRRP"
-#: ../../configuration/interfaces/vxlan.rst:319
+#: ../../configuration/interfaces/vxlan.rst:340
msgid "Unicast VXLAN"
msgstr "Unicast VXLAN"
@@ -16540,11 +15782,15 @@ msgstr "Update"
msgid "Update container image"
msgstr "Update container image"
-#: ../../configuration/firewall/general.rst:1540
-#: ../../configuration/firewall/general-legacy.rst:1050
+#: ../../configuration/firewall/ipv4.rst:1175
+#: ../../configuration/firewall/ipv6.rst:1191
msgid "Update geoip database"
msgstr "Update geoip database"
+#: ../../configuration/system/updates.rst:3
+msgid "Updates"
+msgstr "Updates"
+
#: ../../configuration/protocols/rpki.rst:99
msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
@@ -16566,7 +15812,11 @@ msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in
msgid "Use 802.11n protocol"
msgstr "Use 802.11n protocol"
-#: ../../configuration/service/dns.rst:352
+#: ../../configuration/service/https.rst:23
+msgid "Use CA certificate from PKI subsystem"
+msgstr "Use CA certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:365
msgid "Use DynDNS as your preferred provider:"
msgstr "Use DynDNS as your preferred provider:"
@@ -16578,6 +15828,10 @@ msgstr "Use TLS but skip host validation"
msgid "Use TLS encryption."
msgstr "Use TLS encryption."
+#: ../../configuration/service/https.rst:31
+msgid "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+
#: ../../configuration/vpn/sstp.rst:121
msgid "Use `<subnet>` as the IP pool for all connecting clients."
msgstr "Use `<subnet>` as the IP pool for all connecting clients."
@@ -16594,67 +15848,52 @@ msgstr "Use `delete system conntrack modules` to deactive all modules."
msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
-#: ../../configuration/firewall/general.rst:799
-#: ../../configuration/firewall/general-legacy.rst:531
+#: ../../configuration/firewall/ipv4.rst:515
+#: ../../configuration/firewall/ipv6.rst:525
msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:874
-#: ../../configuration/firewall/general-legacy.rst:567
+#: ../../configuration/firewall/ipv4.rst:578
+#: ../../configuration/firewall/ipv6.rst:588
msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:899
-#: ../../configuration/firewall/general-legacy.rst:579
+#: ../../configuration/firewall/ipv4.rst:599
+#: ../../configuration/firewall/ipv6.rst:609
msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:824
-#: ../../configuration/firewall/general-legacy.rst:543
+#: ../../configuration/firewall/ipv4.rst:536
+#: ../../configuration/firewall/ipv6.rst:546
msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:849
-#: ../../configuration/firewall/general-legacy.rst:555
+#: ../../configuration/firewall/ipv4.rst:557
+#: ../../configuration/firewall/ipv6.rst:567
msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/nat/nat44.rst:247
+#: ../../configuration/nat/nat44.rst:259
msgid "Use address `masquerade` (the interfaces primary address) on rule 30"
msgstr "Use address `masquerade` (the interfaces primary address) on rule 30"
-#: ../../configuration/service/https.rst:67
+#: ../../configuration/service/https.rst:58
msgid "Use an automatically generated self-signed certificate"
msgstr "Use an automatically generated self-signed certificate"
#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
msgid "Use any local address, configured on any interface if this is not set."
msgstr "Use any local address, configured on any interface if this is not set."
-#: ../../configuration/service/dns.rst:266
+#: ../../configuration/service/dns.rst:279
msgid "Use auth key file at ``/config/auth/my.key``"
msgstr "Use auth key file at ``/config/auth/my.key``"
-#: ../../configuration/service/dns.rst:395
+#: ../../configuration/service/https.rst:27
+msgid "Use certificate from PKI subsystem"
+msgstr "Use certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:408
msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
@@ -16666,7 +15905,7 @@ msgstr "Use inverse-match to match anything except the given country-codes."
msgid "Use local socket for API"
msgstr "Use local socket for API"
-#: ../../configuration/vpn/sstp.rst:277
+#: ../../configuration/vpn/sstp.rst:288
msgid "Use local user `foo` with password `bar`"
msgstr "Use local user `foo` with password `bar`"
@@ -16682,6 +15921,10 @@ msgstr "Use the address of the specified interface on the local machine as the s
msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
+#: ../../configuration/nat/nat66.rst:142
+msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+
#: ../../configuration/system/option.rst:48
msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
@@ -16710,11 +15953,11 @@ msgstr "Use this PIM command in the selected interface to set the priority (1-42
msgid "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
-#: ../../configuration/service/pppoe-server.rst:288
+#: ../../configuration/service/pppoe-server.rst:275
msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
-#: ../../configuration/vpn/sstp.rst:126
+#: ../../configuration/vpn/sstp.rst:137
msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
@@ -16742,7 +15985,7 @@ msgstr "Use this command if you would like to set the TCP session hold time inte
msgid "Use this command to allow the selected interface to join a multicast group."
msgstr "Use this command to allow the selected interface to join a multicast group."
-#: ../../configuration/protocols/igmp.rst:149
+#: ../../configuration/protocols/pim.rst:191
msgid "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
msgstr "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
@@ -16762,19 +16005,19 @@ msgstr "Use this command to check the tunnel status for OpenVPN server interface
msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
-#: ../../configuration/system/ipv6.rst:180
+#: ../../configuration/system/ipv6.rst:154
msgid "Use this command to clear Border Gateway Protocol statistics or status."
msgstr "Use this command to clear Border Gateway Protocol statistics or status."
-#: ../../configuration/service/pppoe-server.rst:300
+#: ../../configuration/service/pppoe-server.rst:287
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/vpn/sstp.rst:135
+#: ../../configuration/vpn/sstp.rst:146
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/service/pppoe-server.rst:133
+#: ../../configuration/service/pppoe-server.rst:120
msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
@@ -16855,7 +16098,7 @@ msgstr "Use this command to configure a Shaper policy, set its name, define a cl
msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
-#: ../../configuration/service/pppoe-server.rst:206
+#: ../../configuration/service/pppoe-server.rst:193
msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
@@ -16919,10 +16162,18 @@ msgstr "Use this command to configure an interface with IGMP so that PIM can rec
msgid "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
msgstr "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
-#: ../../configuration/protocols/igmp.rst:156
+#: ../../configuration/protocols/pim.rst:198
msgid "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
msgstr "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
+#: ../../configuration/protocols/pim.rst:202
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+
+#: ../../configuration/protocols/pim.rst:204
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+
#: ../../configuration/protocols/igmp.rst:163
msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
@@ -16931,7 +16182,7 @@ msgstr "Use this command to configure in the selected interface the IGMP query r
msgid "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
msgstr "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
-#: ../../configuration/service/pppoe-server.rst:112
+#: ../../configuration/service/pppoe-server.rst:99
msgid "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
msgstr "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
@@ -16983,18 +16234,35 @@ msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic
msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
+#: ../../configuration/service/pppoe-server.rst:81
+#: ../../configuration/vpn/sstp.rst:132
+msgid "Use this command to define default address pool name."
+msgstr "Use this command to define default address pool name."
+
#: ../../configuration/system/name-server.rst:53
msgid "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
msgstr "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
+#: ../../configuration/protocols/pim.rst:211
+msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+
#: ../../configuration/protocols/igmp.rst:172
msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
+#: ../../configuration/service/pppoe-server.rst:70
+msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:73
msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
+#: ../../configuration/vpn/sstp.rst:121
+msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:42
msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
msgstr "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
@@ -17015,30 +16283,16 @@ msgstr "Use this command to define the maximum number of entries to keep in the
msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
+#: ../../configuration/service/pppoe-server.rst:77
+#: ../../configuration/vpn/sstp.rst:128
+msgid "Use this command to define the next address pool name."
+msgstr "Use this command to define the next address pool name."
+
#: ../../configuration/service/pppoe-server.rst:31
msgid "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
msgstr "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
msgid "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
msgstr "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
@@ -17059,15 +16313,6 @@ msgid "Use this command to disable IPv6 operation on interface when Duplicate Ad
msgstr "Use this command to disable IPv6 operation on interface when Duplicate Address Detection fails on Link-Local address."
#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
msgid "Use this command to disable the generation of Ethernet flow control (pause frames)."
msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)."
@@ -17107,30 +16352,11 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca
msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
-#: ../../configuration/service/pppoe-server.rst:249
+#: ../../configuration/service/pppoe-server.rst:236
msgid "Use this command to enable bandwidth shaping via RADIUS."
msgstr "Use this command to enable bandwidth shaping via RADIUS."
#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
msgid "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
@@ -17138,7 +16364,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th
msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
-#: ../../configuration/service/pppoe-server.rst:262
+#: ../../configuration/service/pppoe-server.rst:249
msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
@@ -17154,7 +16380,13 @@ msgstr "Use this command to enable the logging of the default action."
msgid "Use this command to enable the logging of the default action on custom chains."
msgstr "Use this command to enable the logging of the default action on custom chains."
-#: ../../configuration/system/ipv6.rst:191
+#: ../../configuration/firewall/bridge.rst:163
+#: ../../configuration/firewall/ipv4.rst:214
+#: ../../configuration/firewall/ipv6.rst:214
+msgid "Use this command to enable the logging of the default action on the specified chain."
+msgstr "Use this command to enable the logging of the default action on the specified chain."
+
+#: ../../configuration/system/ipv6.rst:165
msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
msgstr "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
@@ -17162,11 +16394,11 @@ msgstr "Use this command to flush the kernel IPv6 route cache. An address can be
msgid "Use this command to get an overview of a zone."
msgstr "Use this command to get an overview of a zone."
-#: ../../configuration/system/ipv6.rst:146
+#: ../../configuration/system/ipv6.rst:120
msgid "Use this command to get information about OSPFv3."
msgstr "Use this command to get information about OSPFv3."
-#: ../../configuration/system/ipv6.rst:168
+#: ../../configuration/system/ipv6.rst:142
msgid "Use this command to get information about the RIPNG protocol"
msgstr "Use this command to get information about the RIPNG protocol"
@@ -17178,7 +16410,7 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection
msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
-#: ../../configuration/service/pppoe-server.rst:324
+#: ../../configuration/service/pppoe-server.rst:311
msgid "Use this command to locally check the active sessions in the PPPoE server."
msgstr "Use this command to locally check the active sessions in the PPPoE server."
@@ -17195,7 +16427,7 @@ msgstr "Use this command to not install advertised DNS nameservers into the loca
msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
msgstr "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
-#: ../../configuration/system/ipv6.rst:186
+#: ../../configuration/system/ipv6.rst:160
msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
@@ -17295,15 +16527,15 @@ msgstr "Use this command to show IPv6 multicast group membership."
msgid "Use this command to show IPv6 routes."
msgstr "Use this command to show IPv6 routes."
-#: ../../configuration/system/ipv6.rst:104
+#: ../../configuration/system/ipv6.rst:105
msgid "Use this command to show all IPv6 access lists"
msgstr "Use this command to show all IPv6 access lists"
-#: ../../configuration/system/ipv6.rst:89
+#: ../../configuration/system/ipv6.rst:90
msgid "Use this command to show all IPv6 prefix lists"
msgstr "Use this command to show all IPv6 prefix lists"
-#: ../../configuration/system/ipv6.rst:172
+#: ../../configuration/system/ipv6.rst:146
msgid "Use this command to show the status of the RIPNG protocol"
msgstr "Use this command to show the status of the RIPNG protocol"
@@ -17420,7 +16652,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the
msgid "VLAN"
msgstr "VLAN"
-#: ../../configuration/service/pppoe-server.rst:176
+#: ../../configuration/service/pppoe-server.rst:163
msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
@@ -17456,7 +16688,7 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN
msgid "VRF"
msgstr "VRF"
-#: ../../configuration/vrf/index.rst:409
+#: ../../configuration/vrf/index.rst:411
msgid "VRF Route Leaking"
msgstr "VRF Route Leaking"
@@ -17464,15 +16696,15 @@ msgstr "VRF Route Leaking"
msgid "VRF and NAT"
msgstr "VRF and NAT"
-#: ../../configuration/vrf/index.rst:378
+#: ../../configuration/vrf/index.rst:380
msgid "VRF blue routing table"
msgstr "VRF blue routing table"
-#: ../../configuration/vrf/index.rst:345
+#: ../../configuration/vrf/index.rst:347
msgid "VRF default routing table"
msgstr "VRF default routing table"
-#: ../../configuration/vrf/index.rst:361
+#: ../../configuration/vrf/index.rst:363
msgid "VRF red routing table"
msgstr "VRF red routing table"
@@ -17537,11 +16769,11 @@ msgstr "Valid values are 0..255."
msgid "Value"
msgstr "Value"
-#: ../../configuration/vpn/sstp.rst:252
+#: ../../configuration/vpn/sstp.rst:263
msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
-#: ../../configuration/vpn/sstp.rst:247
+#: ../../configuration/vpn/sstp.rst:258
msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
msgstr "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
@@ -17555,6 +16787,10 @@ msgstr "Verification"
msgid "Verification:"
msgstr "Verification:"
+#: ../../configuration/nat/nat66.rst:226
+msgid "Verify that connections are hitting the rule on both sides:"
+msgstr "Verify that connections are hitting the rule on both sides:"
+
#: ../../configuration/highavailability/index.rst:291
msgid "Version"
msgstr "Version"
@@ -17584,22 +16820,6 @@ msgid "VyOS 1.1 supported login as user ``root``. This has been removed due to t
msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
@@ -17615,7 +16835,7 @@ msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are store
msgid "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
-#: ../../configuration/interfaces/bonding.rst:None
+#: ../../configuration/interfaces/bonding.rst:-1
msgid "VyOS Arista EOS setup"
msgstr "VyOS Arista EOS setup"
@@ -17635,7 +16855,11 @@ msgstr "VyOS IKE group has the next options:"
msgid "VyOS MIBs"
msgstr "VyOS MIBs"
-#: ../../configuration/nat/nat66.rst:None
+#: ../../configuration/nat/nat66.rst:-1
+msgid "VyOS NAT66 DHCPv6 using a dummy interface"
+msgstr "VyOS NAT66 DHCPv6 using a dummy interface"
+
+#: ../../configuration/nat/nat66.rst:-1
msgid "VyOS NAT66 Simple Configure"
msgstr "VyOS NAT66 Simple Configure"
@@ -17659,7 +16883,7 @@ msgstr "VyOS SNMP supports both IPv4 and IPv6."
msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
-#: ../../configuration/service/dhcp-server.rst:580
+#: ../../configuration/service/dhcp-server.rst:504
msgid "VyOS also provides DHCPv6 server functionality which is described in this section."
msgstr "VyOS also provides DHCPv6 server functionality which is described in this section."
@@ -17704,11 +16928,11 @@ msgstr "VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP*
msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
-#: ../../configuration/service/dns.rst:201
+#: ../../configuration/service/dns.rst:214
msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
-#: ../../configuration/service/dns.rst:306
+#: ../../configuration/service/dns.rst:319
msgid "VyOS is also able to use any service relying on protocols supported by ddclient."
msgstr "VyOS is also able to use any service relying on protocols supported by ddclient."
@@ -17720,7 +16944,6 @@ msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where t
msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
-#: ../../configuration/firewall/general.rst:13
#: ../../configuration/firewall/general-legacy.rst:17
msgid "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
msgstr "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
@@ -17737,7 +16960,7 @@ msgstr "VyOS not only can now manage certificates issued by 3rd party Certificat
msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
msgstr "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
-#: ../../configuration/pki/index.rst:254
+#: ../../configuration/pki/index.rst:292
msgid "VyOS operational mode commands are not only available for generating keys but also to display them."
msgstr "VyOS operational mode commands are not only available for generating keys but also to display them."
@@ -17773,7 +16996,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an
msgid "VyOS provides some operational commands on OpenVPN."
msgstr "VyOS provides some operational commands on OpenVPN."
-#: ../../configuration/service/dhcp-server.rst:173
+#: ../../configuration/service/dhcp-server.rst:138
msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
msgstr "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
@@ -17781,7 +17004,11 @@ msgstr "VyOS provides support for DHCP failover. DHCP failover must be configure
msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
msgstr "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
-#: ../../configuration/protocols/igmp.rst:30
+#: ../../configuration/protocols/pim.rst:9
+msgid "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+msgstr "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+
+#: ../../configuration/protocols/pim.rst:26
msgid "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
msgstr "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
@@ -17793,11 +17020,15 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec
msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
+#: ../../configuration/system/updates.rst:5
+msgid "VyOS supports online checking for updates"
+msgstr "VyOS supports online checking for updates"
+
#: ../../configuration/system/sflow.rst:5
msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
-#: ../../configuration/system/conntrack.rst:53
+#: ../../configuration/system/conntrack.rst:67
msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
@@ -17809,13 +17040,19 @@ msgstr "VyOS supports setting up PPPoE in two different ways to a PPPoE internet
msgid "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
msgstr "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
+#: ../../configuration/service/dhcp-server.rst:7
+msgid "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+msgstr "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+
+#: ../../configuration/system/frr.rst:7
+msgid "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+msgstr "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+
#: ../../configuration/interfaces/wwan.rst:12
msgid "VyOS uses the `interfaces wwan` subsystem for configuration."
msgstr "VyOS uses the `interfaces wwan` subsystem for configuration."
#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
msgid "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
msgstr "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
@@ -17839,7 +17076,7 @@ msgstr "VyOS utilizes accel-ppp_ to provide SSTP server functionality. We suppor
msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
msgstr "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
-#: ../../configuration/vpn/site2site_ipsec.rst:160
+#: ../../configuration/vpn/site2site_ipsec.rst:164
msgid "WAN interface on `eth1`"
msgstr "WAN interface on `eth1`"
@@ -17876,7 +17113,7 @@ msgstr "Warning conditions"
msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
-#: ../../configuration/nat/nat44.rst:760
+#: ../../configuration/nat/nat44.rst:782
msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
@@ -17896,7 +17133,7 @@ msgstr "We can also create the certificates using Cerbort which is an easy-to-us
msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
-#: ../../configuration/protocols/bgp.rst:1248
+#: ../../configuration/protocols/bgp.rst:1249
msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny."
msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny."
@@ -17924,7 +17161,7 @@ msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles.
msgid "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
msgstr "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
-#: ../../configuration/nat/nat44.rst:699
+#: ../../configuration/nat/nat44.rst:723
msgid "We only need a single step for this interface:"
msgstr "We only need a single step for this interface:"
@@ -17932,11 +17169,15 @@ msgstr "We only need a single step for this interface:"
msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
-#: ../../configuration/system/login.rst:418
+#: ../../configuration/system/login.rst:420
msgid "We use a vontainer providing the TACACS serve rin this example."
msgstr "We use a vontainer providing the TACACS serve rin this example."
-#: ../../configuration/service/dhcp-server.rst:364
+#: ../../configuration/firewall/flowtables.rst:114
+msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+
+#: ../../configuration/service/dhcp-server.rst:331
msgid "Web Proxy Autodiscovery (WPAD) URL"
msgstr "Web Proxy Autodiscovery (WPAD) URL"
@@ -17944,19 +17185,31 @@ msgstr "Web Proxy Autodiscovery (WPAD) URL"
msgid "Webproxy"
msgstr "Webproxy"
+#: ../../configuration/service/https.rst:40
+msgid "Webserver should listen on specified port."
+msgstr "Webserver should listen on specified port."
+
+#: ../../configuration/service/https.rst:36
+msgid "Webserver should only listen on specified IP address"
+msgstr "Webserver should only listen on specified IP address"
+
#: ../../configuration/protocols/mpls.rst:220
msgid "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
msgstr "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
+#: ../../configuration/protocols/pim.rst:75
+msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+
#: ../../configuration/vrf/index.rst:73
msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
-#: ../../configuration/service/dns.rst:341
+#: ../../configuration/service/dns.rst:354
msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
-#: ../../configuration/service/dns.rst:334
+#: ../../configuration/service/dns.rst:347
msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
msgstr "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
@@ -17980,7 +17233,11 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from
msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
-#: ../../configuration/service/pppoe-server.rst:182
+#: ../../configuration/service/dns.rst:155
+msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+
+#: ../../configuration/service/pppoe-server.rst:169
msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
@@ -17996,11 +17253,13 @@ msgstr "When configuring your filter, you can use the ``Tab`` key to see the man
msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
-#: ../../configuration/firewall/general.rst:521
+#: ../../configuration/firewall/bridge.rst:210
+#: ../../configuration/firewall/ipv4.rst:290
+#: ../../configuration/firewall/ipv6.rst:290
msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
-#: ../../configuration/nat/nat44.rst:299
+#: ../../configuration/nat/nat44.rst:311
msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
@@ -18031,21 +17290,6 @@ msgid "When mathcing all patterns defined in a rule, then different actions can
msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table."
#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
@@ -18053,21 +17297,10 @@ msgstr "When no-release is specified, dhcp6c will send a release message on clie
msgid "When no options/parameters are used, the contents of the main syslog file are displayed."
msgstr "When no options/parameters are used, the contents of the main syslog file are displayed."
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
+#: ../../configuration/protocols/pim.rst:65
+msgid "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+msgstr "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+
#: ../../_include/interface-dhcpv6-options.txt:40
msgid "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
@@ -18080,6 +17313,10 @@ msgstr "When remote peer does not have capability negotiation feature, remote pe
msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
+#: ../../configuration/protocols/pim.rst:113
+msgid "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+msgstr "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+
#: ../../configuration/interfaces/pppoe.rst:108
msgid "When set the interface is enabled for \"dial-on-demand\"."
msgstr "When set the interface is enabled for \"dial-on-demand\"."
@@ -18097,37 +17334,19 @@ msgstr "When starting a VyOS live system (the installation CD) the configured ke
msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
msgstr "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
-#: ../../configuration/vpn/site2site_ipsec.rst:407
+#: ../../configuration/vpn/site2site_ipsec.rst:416
msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
msgstr "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
-#: ../../configuration/firewall/general.rst:106
-#: ../../configuration/firewall/general-legacy.rst:58
+#: ../../configuration/firewall/global-options.rst:43
msgid "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
msgstr "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
-#: ../../configuration/firewall/general.rst:115
-#: ../../configuration/firewall/general-legacy.rst:67
+#: ../../configuration/firewall/global-options.rst:52
msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
@@ -18135,11 +17354,11 @@ msgstr "When using DHCP to retrieve IPv4 address and if local customizations are
msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
-#: ../../configuration/nat/nat44.rst:351
+#: ../../configuration/nat/nat44.rst:365
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
-#: ../../configuration/nat/nat44.rst:238
+#: ../../configuration/nat/nat44.rst:250
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
@@ -18147,7 +17366,7 @@ msgstr "When using NAT for a large number of host systems it recommended that a
msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
-#: ../../configuration/vpn/openconnect.rst:215
+#: ../../configuration/vpn/openconnect.rst:222
msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
msgstr "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
@@ -18171,47 +17390,35 @@ msgstr "Where, main key words and configuration paths that needs to be understoo
msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
+#: ../../configuration/firewall/ipv4.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+
+#: ../../configuration/firewall/ipv6.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+
#: ../../configuration/protocols/bgp.rst:86
msgid "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
msgstr "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
msgid "Whether to accept DAD (Duplicate Address Detection)."
msgstr "Whether to accept DAD (Duplicate Address Detection)."
-#: ../../configuration/nat/nat44.rst:330
+#: ../../configuration/nat/nat44.rst:342
msgid "Which generates the following configuration:"
msgstr "Which generates the following configuration:"
-#: ../../configuration/nat/nat44.rst:444
+#: ../../configuration/nat/nat44.rst:458
msgid "Which results in a configuration of:"
msgstr "Which results in a configuration of:"
-#: ../../configuration/nat/nat44.rst:522
+#: ../../configuration/nat/nat44.rst:542
msgid "Which would generate the following NAT destination configuration:"
msgstr "Which would generate the following NAT destination configuration:"
-#: ../../configuration/firewall/general.rst:217
-#: ../../configuration/firewall/general-legacy.rst:193
+#: ../../configuration/firewall/groups.rst:44
msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
@@ -18293,7 +17500,7 @@ msgstr "Wireless options"
msgid "Wireless options (Station/Client)"
msgstr "Wireless options (Station/Client)"
-#: ../../configuration/firewall/index.rst:23
+#: ../../configuration/firewall/index.rst:7
msgid "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
msgstr "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
@@ -18305,8 +17512,7 @@ msgstr "With WireGuard, a Road Warrior VPN config is similar to a site-to-site V
msgid "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
-#: ../../configuration/firewall/general.rst:94
-#: ../../configuration/firewall/general-legacy.rst:46
+#: ../../configuration/firewall/global-options.rst:31
msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
@@ -18314,29 +17520,29 @@ msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, o
msgid "With this command, you can specify how the URL path should be matched against incoming requests."
msgstr "With this command, you can specify how the URL path should be matched against incoming requests."
-#: ../../configuration/firewall/index.rst:73
+#: ../../configuration/firewall/index.rst:166
msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
-#: ../../configuration/service/dhcp-server.rst:290
-#: ../../configuration/service/dhcp-server.rst:295
-#: ../../configuration/service/dhcp-server.rst:300
-#: ../../configuration/service/dhcp-server.rst:310
-#: ../../configuration/service/dhcp-server.rst:315
-#: ../../configuration/service/dhcp-server.rst:345
-#: ../../configuration/service/dhcp-server.rst:350
-#: ../../configuration/service/dhcp-server.rst:355
-#: ../../configuration/service/dhcp-server.rst:375
-#: ../../configuration/service/dhcp-server.rst:380
-#: ../../configuration/service/dhcp-server.rst:390
+#: ../../configuration/service/dhcp-server.rst:257
+#: ../../configuration/service/dhcp-server.rst:262
+#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:357
msgid "Y"
msgstr "Y"
-#: ../../configuration/firewall/zone.rst:99
+#: ../../configuration/firewall/zone.rst:118
msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
-#: ../../configuration/system/login.rst:363
+#: ../../configuration/system/login.rst:365
msgid "You are able to set post-login or pre-login banner messages to display certain information for this system."
msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system."
@@ -18348,24 +17554,23 @@ msgstr "You are be able to download the files using SCP, once the SSH service ha
msgid "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
msgstr "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
-#: ../../configuration/system/conntrack.rst:86
+#: ../../configuration/system/conntrack.rst:99
msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
msgstr "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
-#: ../../configuration/service/dns.rst:299
+#: ../../configuration/service/dns.rst:312
msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
-#: ../../configuration/system/ipv6.rst:106
+#: ../../configuration/system/ipv6.rst:107
msgid "You can also specify which IPv6 access-list should be shown:"
msgstr "You can also specify which IPv6 access-list should be shown:"
-#: ../../configuration/protocols/igmp.rst:121
#: ../../configuration/protocols/pim6.rst:42
msgid "You can also tune multicast with the following commands."
msgstr "You can also tune multicast with the following commands."
-#: ../../configuration/service/pppoe-server.rst:152
+#: ../../configuration/service/pppoe-server.rst:139
msgid "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
msgstr "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
@@ -18377,7 +17582,7 @@ msgstr "You can also write a description for a filter:"
msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key."
msgstr "You can assign multiple keys to the same user by using a unique identifier per SSH key."
-#: ../../configuration/nat/nat44.rst:386
+#: ../../configuration/nat/nat44.rst:400
msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
@@ -18402,11 +17607,6 @@ msgid "You can configure multiple interfaces which whould participate in sflow a
msgstr "You can configure multiple interfaces which whould participate in sflow accounting."
#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
@@ -18414,7 +17614,7 @@ msgstr "You can create multiple VLAN interfaces on a physical interface. The VLA
msgid "You can disable a VRRP group with ``disable`` option:"
msgstr "You can disable a VRRP group with ``disable`` option:"
-#: ../../configuration/system/ipv6.rst:148
+#: ../../configuration/system/ipv6.rst:122
msgid "You can get more specific OSPFv3 information by using the parameters shown below:"
msgstr "You can get more specific OSPFv3 information by using the parameters shown below:"
@@ -18422,15 +17622,15 @@ msgstr "You can get more specific OSPFv3 information by using the parameters sho
msgid "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
msgstr "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
-#: ../../configuration/service/mdns.rst:30
+#: ../../configuration/service/mdns.rst:46
msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
-#: ../../configuration/vpn/sstp.rst:320
+#: ../../configuration/vpn/sstp.rst:332
msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
-#: ../../configuration/system/login.rst:441
+#: ../../configuration/system/login.rst:443
msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
@@ -18442,7 +17642,7 @@ msgstr "You can only apply one policy per interface and direction, but you could
msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
-#: ../../configuration/service/dhcp-server.rst:211
+#: ../../configuration/service/dhcp-server.rst:176
msgid "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
msgstr "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
@@ -18462,7 +17662,7 @@ msgstr "You can verify your VRRP group status with the operational mode ``run sh
msgid "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
msgstr "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
-#: ../../configuration/protocols/ospf.rst:1342
+#: ../../configuration/protocols/ospf.rst:1344
msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
@@ -18482,7 +17682,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated
msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
-#: ../../configuration/firewall/zone.rst:39
+#: ../../configuration/firewall/zone.rst:58
msgid "You need 2 separate firewalls to define traffic: one for each direction."
msgstr "You need 2 separate firewalls to define traffic: one for each direction."
@@ -18534,7 +17734,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro
msgid "Zone-Policy Overview"
msgstr "Zone-Policy Overview"
-#: ../../configuration/firewall/index.rst:66
+#: ../../configuration/firewall/index.rst:159
msgid "Zone-based firewall"
msgstr "Zone-based firewall"
@@ -18587,25 +17787,6 @@ msgid ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a ne
msgstr ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources."
#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
msgid ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
msgstr ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
@@ -18625,7 +17806,7 @@ msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally
msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
-#: ../../configuration/protocols/igmp.rst:181
+#: ../../configuration/protocols/igmp-proxy.rst:9
msgid ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
msgstr ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
@@ -18637,7 +17818,7 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc
msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
-#: ../../configuration/vrf/index.rst:399
+#: ../../configuration/vrf/index.rst:401
msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
@@ -18657,6 +17838,10 @@ msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys
msgid ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
msgstr ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
+#: ../../configuration/nat/nat64.rst:7
+msgid ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+msgstr ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+
#: ../../configuration/nat/nat44.rst:7
msgid ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
msgstr ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
@@ -18685,6 +17870,10 @@ msgstr ":abbr:`NTP (Network Time Protocol`) is a networking protocol for clock s
msgid ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
msgstr ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
+#: ../../configuration/protocols/pim.rst:12
+msgid ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+msgstr ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+
#: ../../configuration/interfaces/pppoe.rst:9
msgid ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
msgstr ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
@@ -18706,28 +17895,13 @@ msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementat
msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:"
#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
msgid ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
msgstr ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
+#: ../../configuration/nat/nat64.rst:28
+msgid ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+msgstr ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+
#: ../../configuration/nat/nat44.rst:78
msgid ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
msgstr ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
@@ -18877,25 +18051,10 @@ msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
-#: ../../configuration/service/dns.rst:217
+#: ../../configuration/service/dns.rst:230
msgid ":rfc:`2136` Based"
msgstr ":rfc:`2136` Based"
@@ -18923,7 +18082,7 @@ msgstr "`3. Add a full path to the script`_"
msgid "`4. Add optional parameters`_"
msgstr "`4. Add optional parameters`_"
-#: ../../configuration/service/dhcp-server.rst:189
+#: ../../configuration/service/dhcp-server.rst:154
msgid "`<name>` must be identical on both sides!"
msgstr "`<name>` must be identical on both sides!"
@@ -18952,42 +18111,10 @@ msgid "``-`` failed"
msgstr "``-`` failed"
#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
msgid "``/config/scripts/dhcp-client/post-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/post-hooks.d/``"
#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
msgid "``/config/scripts/dhcp-client/pre-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/pre-hooks.d/``"
@@ -19063,6 +18190,10 @@ msgstr "``4800`` - 4800 bps"
msgid "``57600`` - 57,600 bps"
msgstr "``57600`` - 57,600 bps"
+#: ../../configuration/nat/nat64.rst:31
+msgid "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+
#: ../../configuration/interfaces/bonding.rst:43
msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
@@ -19095,15 +18226,17 @@ msgstr "``a`` - 802.11a - 54 Mbits/sec"
msgid "``ac`` - 802.11ac - 1300 Mbits/sec"
msgstr "``ac`` - 802.11ac - 1300 Mbits/sec"
-#: ../../configuration/policy/route-map.rst:373
+#: ../../configuration/policy/route-map.rst:375
msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
msgstr "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
-#: ../../configuration/policy/route-map.rst:366
+#: ../../configuration/policy/route-map.rst:368
msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
-#: ../../configuration/firewall/general.rst:334
+#: ../../configuration/firewall/bridge.rst:72
+#: ../../configuration/firewall/ipv4.rst:88
+#: ../../configuration/firewall/ipv6.rst:88
msgid "``accept``: accept the packet."
msgstr "``accept``: accept the packet."
@@ -19135,7 +18268,7 @@ msgstr "``all-available`` all checking target addresses must be available to pas
msgid "``any-available`` any of the checking target addresses must be available to pass this check"
msgstr "``any-available`` any of the checking target addresses must be available to pass this check"
-#: ../../configuration/vpn/site2site_ipsec.rst:376
+#: ../../configuration/vpn/site2site_ipsec.rst:385
msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
@@ -19163,7 +18296,7 @@ msgstr "``bgp`` - Border Gateway Protocol (BGP)"
msgid "``bind`` - select a VTI interface to bind to this peer;"
msgstr "``bind`` - select a VTI interface to bind to this peer;"
-#: ../../configuration/policy/route-map.rst:374
+#: ../../configuration/policy/route-map.rst:376
msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
msgstr "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
@@ -19191,7 +18324,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating
msgid "``clear`` set action to clear;"
msgstr "``clear`` set action to clear;"
-#: ../../configuration/vpn/site2site_ipsec.rst:402
+#: ../../configuration/vpn/site2site_ipsec.rst:411
msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
msgstr "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
@@ -19215,6 +18348,12 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)"
msgid "``connection-type`` - how to handle this connection process. Possible variants:"
msgstr "``connection-type`` - how to handle this connection process. Possible variants:"
+#: ../../configuration/firewall/bridge.rst:74
+#: ../../configuration/firewall/ipv4.rst:90
+#: ../../configuration/firewall/ipv6.rst:90
+msgid "``continue``: continue parsing next rule."
+msgstr "``continue``: continue parsing next rule."
+
#: ../../configuration/vpn/site2site_ipsec.rst:62
msgid "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
@@ -19223,7 +18362,7 @@ msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check
msgid "``d`` - Execution interval in days"
msgstr "``d`` - Execution interval in days"
-#: ../../configuration/vpn/site2site_ipsec.rst:391
+#: ../../configuration/vpn/site2site_ipsec.rst:400
msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
@@ -19255,7 +18394,7 @@ msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec con
msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
-#: ../../configuration/vpn/site2site_ipsec.rst:387
+#: ../../configuration/vpn/site2site_ipsec.rst:396
msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
@@ -19279,7 +18418,9 @@ msgstr "``disable`` disable IPComp compression (default);"
msgid "``disable`` disable MOBIKE;"
msgstr "``disable`` disable MOBIKE;"
-#: ../../configuration/firewall/general.rst:336
+#: ../../configuration/firewall/bridge.rst:76
+#: ../../configuration/firewall/ipv4.rst:92
+#: ../../configuration/firewall/ipv6.rst:92
msgid "``drop``: drop the packet."
msgstr "``drop``: drop the packet."
@@ -19347,6 +18488,10 @@ msgstr "``file`` - path to the key file;"
msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+#: ../../configuration/vpn/ipsec.rst:164
+msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+
#: ../../configuration/vpn/site2site_ipsec.rst:97
msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
@@ -19355,7 +18500,7 @@ msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagr
msgid "``g`` - 802.11g - 54 Mbits/sec (default)"
msgstr "``g`` - 802.11g - 54 Mbits/sec (default)"
-#: ../../configuration/policy/route-map.rst:365
+#: ../../configuration/policy/route-map.rst:367
msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
@@ -19435,7 +18580,7 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which
msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
-#: ../../configuration/policy/route-map.rst:364
+#: ../../configuration/policy/route-map.rst:366
msgid "``internet`` - Well-known communities value 0"
msgstr "``internet`` - Well-known communities value 0"
@@ -19447,7 +18592,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);"
msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)"
msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)"
-#: ../../configuration/firewall/general.rst:340
+#: ../../configuration/firewall/bridge.rst:78
+#: ../../configuration/firewall/ipv4.rst:96
+#: ../../configuration/firewall/ipv6.rst:96
msgid "``jump``: jump to another custom chain."
msgstr "``jump``: jump to another custom chain."
@@ -19471,6 +18618,10 @@ msgstr "``latency``: A server profile focused on lowering network latency. This
msgid "``least-connection`` Distributes requests to the server with the fewest active connections"
msgstr "``least-connection`` Distributes requests to the server with the fewest active connections"
+#: ../../configuration/loadbalancing/reverse-proxy.rst:108
+msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+
#: ../../configuration/vpn/ipsec.rst:125
msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
@@ -19491,7 +18642,7 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);"
msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
msgstr "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
-#: ../../configuration/policy/route-map.rst:371
+#: ../../configuration/policy/route-map.rst:373
msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
msgstr "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
@@ -19499,7 +18650,7 @@ msgstr "``llgr-stale`` - Well-known communities value LLGR_STA
msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
msgstr "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
-#: ../../configuration/policy/route-map.rst:361
+#: ../../configuration/policy/route-map.rst:363
msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
msgstr "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
@@ -19564,78 +18715,62 @@ msgid "``n`` - 802.11n - 600 Mbits/sec"
msgstr "``n`` - 802.11n - 600 Mbits/sec"
#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
-#: ../../configuration/firewall/general.rst:142
-#: ../../configuration/firewall/general-legacy.rst:93
+#: ../../configuration/firewall/global-options.rst:79
msgid "``net.ipv4.conf.all.accept_redirects``"
msgstr "``net.ipv4.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:132
-#: ../../configuration/firewall/general-legacy.rst:84
+#: ../../configuration/firewall/global-options.rst:69
msgid "``net.ipv4.conf.all.accept_source_route``"
msgstr "``net.ipv4.conf.all.accept_source_route``"
-#: ../../configuration/firewall/general.rst:157
-#: ../../configuration/firewall/general-legacy.rst:108
+#: ../../configuration/firewall/global-options.rst:94
msgid "``net.ipv4.conf.all.log_martians``"
msgstr "``net.ipv4.conf.all.log_martians``"
-#: ../../configuration/firewall/general.rst:165
-#: ../../configuration/firewall/general-legacy.rst:115
+#: ../../configuration/firewall/global-options.rst:102
msgid "``net.ipv4.conf.all.rp_filter``"
msgstr "``net.ipv4.conf.all.rp_filter``"
-#: ../../configuration/firewall/general.rst:150
-#: ../../configuration/firewall/general-legacy.rst:101
+#: ../../configuration/firewall/global-options.rst:87
msgid "``net.ipv4.conf.all.send_redirects``"
msgstr "``net.ipv4.conf.all.send_redirects``"
-#: ../../configuration/firewall/general.rst:124
-#: ../../configuration/firewall/general-legacy.rst:76
+#: ../../configuration/firewall/global-options.rst:61
msgid "``net.ipv4.icmp_echo_ignore_broadcasts``"
msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``"
-#: ../../configuration/firewall/general.rst:180
-#: ../../configuration/firewall/general-legacy.rst:129
+#: ../../configuration/firewall/global-options.rst:117
msgid "``net.ipv4.tcp_rfc1337``"
msgstr "``net.ipv4.tcp_rfc1337``"
-#: ../../configuration/firewall/general.rst:172
-#: ../../configuration/firewall/general-legacy.rst:122
+#: ../../configuration/firewall/global-options.rst:109
msgid "``net.ipv4.tcp_syncookies``"
msgstr "``net.ipv4.tcp_syncookies``"
-#: ../../configuration/firewall/general.rst:143
-#: ../../configuration/firewall/general-legacy.rst:94
+#: ../../configuration/firewall/global-options.rst:80
msgid "``net.ipv6.conf.all.accept_redirects``"
msgstr "``net.ipv6.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:133
-#: ../../configuration/firewall/general-legacy.rst:85
+#: ../../configuration/firewall/global-options.rst:70
msgid "``net.ipv6.conf.all.accept_source_route``"
msgstr "``net.ipv6.conf.all.accept_source_route``"
-#: ../../configuration/policy/route-map.rst:362
+#: ../../configuration/policy/route-map.rst:364
msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
msgstr "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
-#: ../../configuration/policy/route-map.rst:363
+#: ../../configuration/policy/route-map.rst:365
msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
msgstr "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
-#: ../../configuration/policy/route-map.rst:372
+#: ../../configuration/policy/route-map.rst:374
msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
msgstr "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
-#: ../../configuration/policy/route-map.rst:375
+#: ../../configuration/policy/route-map.rst:377
msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
msgstr "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
@@ -19740,7 +18875,9 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en
msgid "``psk`` - Preshared secret key name:"
msgstr "``psk`` - Preshared secret key name:"
-#: ../../configuration/firewall/general.rst:345
+#: ../../configuration/firewall/bridge.rst:83
+#: ../../configuration/firewall/ipv4.rst:101
+#: ../../configuration/firewall/ipv6.rst:101
msgid "``queue``: Enqueue packet to userspace."
msgstr "``queue``: Enqueue packet to userspace."
@@ -19748,7 +18885,8 @@ msgstr "``queue``: Enqueue packet to userspace."
msgid "``rate``: Number of packets. Default 5."
msgstr "``rate``: Number of packets. Default 5."
-#: ../../configuration/firewall/general.rst:338
+#: ../../configuration/firewall/ipv4.rst:94
+#: ../../configuration/firewall/ipv6.rst:94
msgid "``reject``: reject the packet."
msgstr "``reject``: reject the packet."
@@ -19781,7 +18919,9 @@ msgstr "``respond`` - does not try to initiate a connection to a remote peer. In
msgid "``restart`` set action to restart;"
msgstr "``restart`` set action to restart;"
-#: ../../configuration/firewall/general.rst:342
+#: ../../configuration/firewall/bridge.rst:80
+#: ../../configuration/firewall/ipv4.rst:98
+#: ../../configuration/firewall/ipv6.rst:98
msgid "``return``: Return from the current chain and continue at the next rule of the last chain."
msgstr "``return``: Return from the current chain and continue at the next rule of the last chain."
@@ -19801,19 +18941,19 @@ msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential ord
msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
-#: ../../configuration/policy/route-map.rst:367
+#: ../../configuration/policy/route-map.rst:369
msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
msgstr "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
-#: ../../configuration/policy/route-map.rst:369
+#: ../../configuration/policy/route-map.rst:371
msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
msgstr "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
-#: ../../configuration/policy/route-map.rst:368
+#: ../../configuration/policy/route-map.rst:370
msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
msgstr "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
-#: ../../configuration/policy/route-map.rst:370
+#: ../../configuration/policy/route-map.rst:372
msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
@@ -19829,6 +18969,31 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se
msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
+#: ../../configuration/firewall/index.rst:90
+msgid "``set firewall bridge forward filter ...``."
+msgstr "``set firewall bridge forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:61
+msgid "``set firewall ipv4 forward filter ...``."
+msgstr "``set firewall ipv4 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:72
+msgid "``set firewall ipv4 input filter ...``."
+msgstr "``set firewall ipv4 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:63
+msgid "``set firewall ipv6 forward filter ...``."
+msgstr "``set firewall ipv6 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:56
+msgid "``set firewall ipv6 input filter ...``."
+msgstr "``set firewall ipv6 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:74
+msgid "``set firewall ipv6 output filter ...``."
+msgstr "``set firewall ipv6 output filter ...``."
+
#: ../../configuration/interfaces/wireless.rst:238
msgid "``single-user-beamformee`` - Support for operation as single user beamformee"
msgstr "``single-user-beamformee`` - Support for operation as single user beamformee"
@@ -19877,7 +19042,8 @@ msgstr "``static`` - Statically configured routes"
msgid "``station`` - Connects to another access point"
msgstr "``station`` - Connects to another access point"
-#: ../../configuration/firewall/general.rst:347
+#: ../../configuration/firewall/ipv4.rst:103
+#: ../../configuration/firewall/ipv6.rst:103
msgid "``synproxy``: synproxy the packet."
msgstr "``synproxy``: synproxy the packet."
@@ -19961,10 +19127,18 @@ msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defi
msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
+#: ../../configuration/vpn/site2site_ipsec.rst:152
+msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+
#: ../../configuration/vpn/ipsec.rst:168
msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
+#: ../../configuration/vpn/ipsec.rst:168
+msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+
#: ../../configuration/policy/route-map.rst:175
msgid "``vnc`` - Virtual Network Control (VNC)"
msgstr "``vnc`` - Virtual Network Control (VNC)"
@@ -19993,7 +19167,7 @@ msgstr "``yes`` enable remote host re-authentication during an IKE rekey;"
msgid "`source-address` and `source-interface` can not be used at the same time."
msgstr "`source-address` and `source-interface` can not be used at the same time."
-#: ../../configuration/protocols/rpki.rst:16
+#: ../../configuration/protocols/rpki.rst:12
msgid "`tweet by EvilMog`_, 2020-02-21"
msgstr "`tweet by EvilMog`_, 2020-02-21"
@@ -20005,8 +19179,8 @@ msgstr "a bandwidth test over the VPN got these results:"
msgid "a blank indicates that no test has been carried out"
msgstr "a blank indicates that no test has been carried out"
-#: ../../configuration/nat/nat44.rst:728
-#: ../../configuration/nat/nat44.rst:733
+#: ../../configuration/nat/nat44.rst:750
+#: ../../configuration/nat/nat44.rst:755
msgid "aes256 Encryption"
msgstr "aes256 Encryption"
@@ -20020,7 +19194,7 @@ msgstr "alert"
msgid "all"
msgstr "all"
-#: ../../configuration/vrf/index.rst:426
+#: ../../configuration/vrf/index.rst:428
msgid "an RD / RTLIST"
msgstr "an RD / RTLIST"
@@ -20052,27 +19226,31 @@ msgstr "auto - interface duplex setting is auto-negotiated"
msgid "auto - interface speed is auto-negotiated"
msgstr "auto - interface speed is auto-negotiated"
+#: ../../configuration/system/frr.rst:32
+msgid "bgpd"
+msgstr "bgpd"
+
#: ../../configuration/service/router-advert.rst:13
msgid "bonding"
msgstr "bonding"
-#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:305
msgid "boot-size"
msgstr "boot-size"
-#: ../../configuration/service/dhcp-server.rst:331
+#: ../../configuration/service/dhcp-server.rst:298
msgid "bootfile-name"
msgstr "bootfile-name"
-#: ../../configuration/service/dhcp-server.rst:333
+#: ../../configuration/service/dhcp-server.rst:300
msgid "bootfile-name, filename"
msgstr "bootfile-name, filename"
-#: ../../configuration/service/dhcp-server.rst:321
+#: ../../configuration/service/dhcp-server.rst:288
msgid "bootfile-server"
msgstr "bootfile-server"
-#: ../../configuration/service/dhcp-server.rst:336
+#: ../../configuration/service/dhcp-server.rst:303
msgid "bootfile-size"
msgstr "bootfile-size"
@@ -20080,7 +19258,7 @@ msgstr "bootfile-size"
msgid "bridge"
msgstr "bridge"
-#: ../../configuration/service/dhcp-server.rst:269
+#: ../../configuration/service/dhcp-server.rst:236
msgid "client-prefix-length"
msgstr "client-prefix-length"
@@ -20112,11 +19290,11 @@ msgstr "daemon"
msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
-#: ../../configuration/service/dns.rst:205
+#: ../../configuration/service/dns.rst:218
msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
-#: ../../configuration/service/dns.rst:400
+#: ../../configuration/service/dns.rst:413
msgid "ddclient_ will skip any address located before the string set in `<pattern>`."
msgstr "ddclient_ will skip any address located before the string set in `<pattern>`."
@@ -20128,7 +19306,7 @@ msgstr "debug"
msgid "decrement-lifetime"
msgstr "decrement-lifetime"
-#: ../../configuration/service/dhcp-server.rst:368
+#: ../../configuration/service/dhcp-server.rst:335
msgid "default-lease-time, max-lease-time"
msgstr "default-lease-time, max-lease-time"
@@ -20140,7 +19318,7 @@ msgstr "default-lifetime"
msgid "default-preference"
msgstr "default-preference"
-#: ../../configuration/service/dhcp-server.rst:281
+#: ../../configuration/service/dhcp-server.rst:248
msgid "default-router"
msgstr "default-router"
@@ -20156,7 +19334,7 @@ msgstr "deprecate-prefix"
msgid "destination-hashing"
msgstr "destination-hashing"
-#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:285
msgid "dhcp-server-identifier"
msgstr "dhcp-server-identifier"
@@ -20168,28 +19346,9 @@ msgstr "direct"
msgid "directory"
msgstr "directory"
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/pppoe.rst:241
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/sstp-client.rst:113
#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
msgid "disable: No source validation"
msgstr "disable: No source validation"
@@ -20197,17 +19356,17 @@ msgstr "disable: No source validation"
msgid "dnssl"
msgstr "dnssl"
-#: ../../configuration/service/dhcp-server.rst:296
-#: ../../configuration/service/dhcp-server.rst:298
+#: ../../configuration/service/dhcp-server.rst:263
+#: ../../configuration/service/dhcp-server.rst:265
msgid "domain-name"
msgstr "domain-name"
-#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:260
msgid "domain-name-servers"
msgstr "domain-name-servers"
-#: ../../configuration/service/dhcp-server.rst:351
-#: ../../configuration/service/dhcp-server.rst:353
+#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:320
msgid "domain-search"
msgstr "domain-search"
@@ -20215,7 +19374,7 @@ msgstr "domain-search"
msgid "emerg"
msgstr "emerg"
-#: ../../configuration/firewall/general.rst:147
+#: ../../configuration/firewall/global-options.rst:84
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
@@ -20223,13 +19382,11 @@ msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following sy
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:139
-#: ../../configuration/firewall/general-legacy.rst:90
+#: ../../configuration/firewall/global-options.rst:76
msgid "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:154
-#: ../../configuration/firewall/general-legacy.rst:105
+#: ../../configuration/firewall/global-options.rst:91
msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
@@ -20245,11 +19402,11 @@ msgstr "ethernet"
msgid "exact-match: exact match of the network prefixes."
msgstr "exact-match: exact match of the network prefixes."
-#: ../../configuration/service/dhcp-server.rst:376
+#: ../../configuration/service/dhcp-server.rst:343
msgid "exclude"
msgstr "exclude"
-#: ../../configuration/service/dhcp-server.rst:381
+#: ../../configuration/service/dhcp-server.rst:348
msgid "failover"
msgstr "failover"
@@ -20318,11 +19475,15 @@ msgstr "invalid"
msgid "inverse-match: network/netmask to match (requires network be defined)."
msgstr "inverse-match: network/netmask to match (requires network be defined)."
-#: ../../configuration/service/dhcp-server.rst:301
-#: ../../configuration/service/dhcp-server.rst:303
+#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:270
msgid "ip-forwarding"
msgstr "ip-forwarding"
+#: ../../configuration/system/frr.rst:33
+msgid "isisd"
+msgstr "isisd"
+
#: ../../configuration/interfaces/ethernet.rst:90
msgid "it can be used with any NIC,"
msgstr "it can be used with any NIC,"
@@ -20339,7 +19500,11 @@ msgstr "kern"
msgid "l2tpv3"
msgstr "l2tpv3"
-#: ../../configuration/service/dhcp-server.rst:366
+#: ../../configuration/system/frr.rst:34
+msgid "ldpd"
+msgstr "ldpd"
+
+#: ../../configuration/service/dhcp-server.rst:333
msgid "lease"
msgstr "lease"
@@ -20347,19 +19512,19 @@ msgstr "lease"
msgid "least-connection"
msgstr "least-connection"
-#: ../../configuration/vpn/site2site_ipsec.rst:271
+#: ../../configuration/vpn/site2site_ipsec.rst:275
msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
msgstr "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
-#: ../../configuration/vpn/site2site_ipsec.rst:163
+#: ../../configuration/vpn/site2site_ipsec.rst:167
msgid "left local_ip: `198.51.100.3` # server side WAN IP"
msgstr "left local_ip: `198.51.100.3` # server side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:272
+#: ../../configuration/vpn/site2site_ipsec.rst:276
msgid "left public_ip:172.18.201.10"
msgstr "left public_ip:172.18.201.10"
-#: ../../configuration/vpn/site2site_ipsec.rst:161
+#: ../../configuration/vpn/site2site_ipsec.rst:165
msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
@@ -20439,28 +19604,9 @@ msgstr "logalert"
msgid "logaudit"
msgstr "logaudit"
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/pppoe.rst:237
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/sstp-client.rst:109
#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
@@ -20472,7 +19618,15 @@ msgstr "lpr"
msgid "mDNS Repeater"
msgstr "mDNS Repeater"
-#: ../../configuration/service/mdns.rst:28
+#: ../../configuration/service/mdns.rst:38
+msgid "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+msgstr "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+
+#: ../../configuration/service/mdns.rst:33
+msgid "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+
+#: ../../configuration/service/mdns.rst:29
msgid "mDNS repeater can be temporarily disabled without deleting the service using"
msgstr "mDNS repeater can be temporarily disabled without deleting the service using"
@@ -20512,12 +19666,12 @@ msgstr "more information related IGP - :ref:`routing-isis`"
msgid "more information related IGP - :ref:`routing-ospf`"
msgstr "more information related IGP - :ref:`routing-ospf`"
-#: ../../configuration/service/dhcp-server.rst:291
+#: ../../configuration/service/dhcp-server.rst:258
#: ../../configuration/service/router-advert.rst:1
msgid "name-server"
msgstr "name-server"
-#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:280
msgid "netbios-name-servers"
msgstr "netbios-name-servers"
@@ -20533,7 +19687,7 @@ msgstr "network: network/netmask to match (requires inverse-match be defined) BU
msgid "news"
msgstr "news"
-#: ../../configuration/service/dhcp-server.rst:323
+#: ../../configuration/service/dhcp-server.rst:290
msgid "next-server"
msgstr "next-server"
@@ -20557,11 +19711,11 @@ msgstr "notice"
msgid "ntp"
msgstr "ntp"
-#: ../../configuration/service/dhcp-server.rst:306
+#: ../../configuration/service/dhcp-server.rst:273
msgid "ntp-server"
msgstr "ntp-server"
-#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:275
msgid "ntp-servers"
msgstr "ntp-servers"
@@ -20573,6 +19727,14 @@ msgstr "one rule with a LAN (inbound-interface) and the WAN (interface)."
msgid "openvpn"
msgstr "openvpn"
+#: ../../configuration/system/frr.rst:35
+msgid "ospf6d"
+msgstr "ospf6d"
+
+#: ../../configuration/system/frr.rst:36
+msgid "ospfd"
+msgstr "ospfd"
+
#: ../../configuration/protocols/ospf.rst:207
msgid "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
msgstr "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
@@ -20601,8 +19763,8 @@ msgstr "policy extcommunity-list"
msgid "policy large-community-list"
msgstr "policy large-community-list"
-#: ../../configuration/service/dhcp-server.rst:346
-#: ../../configuration/service/dhcp-server.rst:348
+#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:315
msgid "pop-server"
msgstr "pop-server"
@@ -20619,8 +19781,8 @@ msgstr "prefix-list, distribute-list"
msgid "pseudo-ethernet"
msgstr "pseudo-ethernet"
-#: ../../configuration/service/dhcp-server.rst:371
-#: ../../configuration/service/dhcp-server.rst:373
+#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:340
msgid "range"
msgstr "range"
@@ -20636,7 +19798,7 @@ msgstr "reset commands"
msgid "retrans-timer"
msgstr "retrans-timer"
-#: ../../configuration/service/dhcp-server.rst:358
+#: ../../configuration/service/dhcp-server.rst:325
msgid "rfc3442-static-route, windows-static-route"
msgstr "rfc3442-static-route, windows-static-route"
@@ -20644,18 +19806,22 @@ msgstr "rfc3442-static-route, windows-static-route"
msgid "rfc3768-compatibility"
msgstr "rfc3768-compatibility"
-#: ../../configuration/vpn/site2site_ipsec.rst:273
+#: ../../configuration/vpn/site2site_ipsec.rst:277
msgid "right local_ip: 172.18.202.10 # right side WAN IP"
msgstr "right local_ip: 172.18.202.10 # right side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:165
+#: ../../configuration/vpn/site2site_ipsec.rst:169
msgid "right local_ip: `203.0.113.2` # remote office side WAN IP"
msgstr "right local_ip: `203.0.113.2` # remote office side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:164
+#: ../../configuration/vpn/site2site_ipsec.rst:168
msgid "right subnet: `10.0.0.0/24` site2,remote office side"
msgstr "right subnet: `10.0.0.0/24` site2,remote office side"
+#: ../../configuration/system/frr.rst:37
+msgid "ripd"
+msgstr "ripd"
+
#: ../../configuration/highavailability/index.rst:349
msgid "round-robin"
msgstr "round-robin"
@@ -20665,7 +19831,7 @@ msgstr "round-robin"
msgid "route-map"
msgstr "route-map"
-#: ../../configuration/service/dhcp-server.rst:283
+#: ../../configuration/service/dhcp-server.rst:250
msgid "routers"
msgstr "routers"
@@ -20682,7 +19848,7 @@ msgstr "sFlow is a technology that enables monitoring of network traffic by send
msgid "security"
msgstr "security"
-#: ../../configuration/service/dhcp-server.rst:316
+#: ../../configuration/service/dhcp-server.rst:283
msgid "server-identifier"
msgstr "server-identifier"
@@ -20694,8 +19860,8 @@ msgstr "server example"
msgid "set a destination and/or source address. Accepted input:"
msgstr "set a destination and/or source address. Accepted input:"
-#: ../../configuration/nat/nat44.rst:729
-#: ../../configuration/nat/nat44.rst:734
+#: ../../configuration/nat/nat44.rst:751
+#: ../../configuration/nat/nat44.rst:756
msgid "sha256 Hashes"
msgstr "sha256 Hashes"
@@ -20703,7 +19869,7 @@ msgstr "sha256 Hashes"
msgid "show commands"
msgstr "show commands"
-#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:289
msgid "siaddr"
msgstr "siaddr"
@@ -20711,8 +19877,8 @@ msgstr "siaddr"
msgid "slow: Request partner to transmit LACPDUs every 30 seconds"
msgstr "slow: Request partner to transmit LACPDUs every 30 seconds"
-#: ../../configuration/service/dhcp-server.rst:341
-#: ../../configuration/service/dhcp-server.rst:343
+#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:310
msgid "smtp-server"
msgstr "smtp-server"
@@ -20732,40 +19898,21 @@ msgstr "spoke01-spoke04"
msgid "spoke05"
msgstr "spoke05"
-#: ../../configuration/service/dhcp-server.rst:386
+#: ../../configuration/service/dhcp-server.rst:353
msgid "static-mapping"
msgstr "static-mapping"
-#: ../../configuration/service/dhcp-server.rst:356
+#: ../../configuration/service/dhcp-server.rst:323
msgid "static-route"
msgstr "static-route"
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/pppoe.rst:233
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/sstp-client.rst:105
#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
msgstr "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
-#: ../../configuration/service/dhcp-server.rst:271
+#: ../../configuration/service/dhcp-server.rst:238
msgid "subnet-mask"
msgstr "subnet-mask"
@@ -20781,8 +19928,8 @@ msgstr "tail"
msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
msgstr "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
-#: ../../configuration/service/dhcp-server.rst:326
-#: ../../configuration/service/dhcp-server.rst:328
+#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:295
msgid "tftp-server-name"
msgstr "tftp-server-name"
@@ -20791,16 +19938,16 @@ msgstr "tftp-server-name"
msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
msgstr "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
-#: ../../configuration/service/dhcp-server.rst:275
-#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:242
+#: ../../configuration/service/dhcp-server.rst:244
msgid "time-offset"
msgstr "time-offset"
-#: ../../configuration/service/dhcp-server.rst:286
+#: ../../configuration/service/dhcp-server.rst:253
msgid "time-server"
msgstr "time-server"
-#: ../../configuration/service/dhcp-server.rst:288
+#: ../../configuration/service/dhcp-server.rst:255
msgid "time-servers"
msgstr "time-servers"
@@ -20861,7 +20008,7 @@ msgstr "weighted-round-robin"
msgid "while a *byte* is written as a single **b**."
msgstr "while a *byte* is written as a single **b**."
-#: ../../configuration/service/dhcp-server.rst:311
+#: ../../configuration/service/dhcp-server.rst:278
msgid "wins-server"
msgstr "wins-server"
@@ -20877,14 +20024,18 @@ msgstr "wireless"
msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
msgstr "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
-#: ../../configuration/service/dhcp-server.rst:361
+#: ../../configuration/service/dhcp-server.rst:328
msgid "wpad-url"
msgstr "wpad-url"
-#: ../../configuration/service/dhcp-server.rst:363
+#: ../../configuration/service/dhcp-server.rst:330
msgid "wpad-url, wpad-url code 252 = text"
msgstr "wpad-url, wpad-url code 252 = text"
#: ../../configuration/service/router-advert.rst:23
msgid "wwan"
msgstr "wwan"
+
+#: ../../configuration/system/frr.rst:38
+msgid "zebra"
+msgstr "zebra"
diff --git a/docs/_locale/ja/contributing.pot b/docs/_locale/ja/contributing.pot
index 0b6bc28f..dbf06213 100644
--- a/docs/_locale/ja/contributing.pot
+++ b/docs/_locale/ja/contributing.pot
@@ -80,8 +80,8 @@ msgstr "A single, short, summary of the commit (recommended 50 characters or les
msgid "Abbreviations and acronyms **must** be capitalized."
msgstr "Abbreviations and acronyms **must** be capitalized."
-#: ../../contributing/build-vyos.rst:403
-#: ../../contributing/build-vyos.rst:591
+#: ../../contributing/build-vyos.rst:443
+#: ../../contributing/build-vyos.rst:631
msgid "Accel-PPP"
msgstr "Accel-PPP"
@@ -93,7 +93,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from
msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
-#: ../../contributing/testing.rst:99
+#: ../../contributing/testing.rst:100
msgid "Add one or more IP addresses"
msgstr "Add one or more IP addresses"
@@ -101,17 +101,17 @@ msgstr "Add one or more IP addresses"
msgid "Address"
msgstr "Address"
-#: ../../contributing/build-vyos.rst:800
+#: ../../contributing/build-vyos.rst:840
msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
msgstr "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
-#: ../../contributing/build-vyos.rst:627
-#: ../../contributing/build-vyos.rst:656
-#: ../../contributing/build-vyos.rst:691
+#: ../../contributing/build-vyos.rst:667
+#: ../../contributing/build-vyos.rst:696
+#: ../../contributing/build-vyos.rst:731
msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
msgstr "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
-#: ../../contributing/testing.rst:50
+#: ../../contributing/testing.rst:51
msgid "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
msgstr "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
@@ -147,23 +147,23 @@ msgstr "Always use the ``-x`` option to the ``git cherry-pick`` command when bac
msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
msgstr "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
-#: ../../contributing/build-vyos.rst:702
+#: ../../contributing/build-vyos.rst:742
msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
-#: ../../contributing/build-vyos.rst:831
+#: ../../contributing/build-vyos.rst:871
msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
-#: ../../contributing/testing.rst:56
+#: ../../contributing/testing.rst:57
msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
-#: ../../contributing/testing.rst:12
+#: ../../contributing/testing.rst:13
msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
msgstr "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
-#: ../../contributing/build-vyos.rst:777
+#: ../../contributing/build-vyos.rst:817
msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
msgstr "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
@@ -215,15 +215,15 @@ msgstr "Boot Timing"
msgid "Bug Report/Issue"
msgstr "Bug Report/Issue"
-#: ../../contributing/build-vyos.rst:785
+#: ../../contributing/build-vyos.rst:825
msgid "Build"
msgstr "Build"
-#: ../../contributing/build-vyos.rst:60
+#: ../../contributing/build-vyos.rst:122
msgid "Build Container"
msgstr "Build Container"
-#: ../../contributing/build-vyos.rst:182
+#: ../../contributing/build-vyos.rst:215
msgid "Build ISO"
msgstr "Build ISO"
@@ -231,31 +231,31 @@ msgstr "Build ISO"
msgid "Build VyOS"
msgstr "Build VyOS"
-#: ../../contributing/build-vyos.rst:85
+#: ../../contributing/build-vyos.rst:147
msgid "Build from source"
msgstr "Build from source"
-#: ../../contributing/build-vyos.rst:582
+#: ../../contributing/build-vyos.rst:622
msgid "Building Out-Of-Tree Modules"
msgstr "Building Out-Of-Tree Modules"
-#: ../../contributing/build-vyos.rst:435
+#: ../../contributing/build-vyos.rst:475
msgid "Building The Kernel"
msgstr "Building The Kernel"
-#: ../../contributing/build-vyos.rst:246
+#: ../../contributing/build-vyos.rst:286
msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
msgstr "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
-#: ../../contributing/build-vyos.rst:705
+#: ../../contributing/build-vyos.rst:745
msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
msgstr "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
-#: ../../contributing/build-vyos.rst:584
+#: ../../contributing/build-vyos.rst:624
msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
msgstr "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
-#: ../../contributing/build-vyos.rst:475
+#: ../../contributing/build-vyos.rst:515
msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
msgstr "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
@@ -275,7 +275,7 @@ msgstr "C++ Backend Code"
msgid "Capitalization and punctuation"
msgstr "Capitalization and punctuation"
-#: ../../contributing/build-vyos.rst:448
+#: ../../contributing/build-vyos.rst:488
msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
@@ -283,7 +283,7 @@ msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.j
msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
msgstr "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
-#: ../../contributing/build-vyos.rst:441
+#: ../../contributing/build-vyos.rst:481
msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
msgstr "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
@@ -299,7 +299,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic
msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
-#: ../../contributing/testing.rst:151
+#: ../../contributing/testing.rst:152
msgid "Config Load Tests"
msgstr "Config Load Tests"
@@ -323,11 +323,11 @@ msgstr "Consult the documentation_ to ensure that you have configured your syste
msgid "Continuous Integration"
msgstr "Continuous Integration"
-#: ../../contributing/build-vyos.rst:255
+#: ../../contributing/build-vyos.rst:295
msgid "Customize"
msgstr "Customize"
-#: ../../contributing/testing.rst:100
+#: ../../contributing/testing.rst:101
msgid "DHCP client and DHCPv6 prefix delegation"
msgstr "DHCP client and DHCPv6 prefix delegation"
@@ -335,19 +335,31 @@ msgstr "DHCP client and DHCPv6 prefix delegation"
msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
msgstr "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
-#: ../../contributing/build-vyos.rst:713
+#: ../../contributing/build-vyos.rst:753
msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
msgstr "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
+#: ../../contributing/build-vyos.rst:42
+msgid "Debian Bookworm for VyOS 1.4 (sagitta)"
+msgstr "Debian Bookworm for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:43
+msgid "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+msgstr "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+
#: ../../contributing/build-vyos.rst:154
msgid "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
msgstr "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
-#: ../../contributing/build-vyos.rst:153
+#: ../../contributing/build-vyos.rst:154
+msgid "Debian Bullseye for VyOS 1.4 (sagitta)"
+msgstr "Debian Bullseye for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:41
msgid "Debian Buster for VyOS 1.3 (equuleus)"
msgstr "Debian Buster for VyOS 1.3 (equuleus)"
-#: ../../contributing/build-vyos.rst:152
+#: ../../contributing/build-vyos.rst:40
msgid "Debian Jessie for VyOS 1.2 (crux)"
msgstr "Debian Jessie for VyOS 1.2 (crux)"
@@ -379,15 +391,15 @@ msgstr "Development"
msgid "Do not add angle brackets around the format, they will be inserted automatically"
msgstr "Do not add angle brackets around the format, they will be inserted automatically"
-#: ../../contributing/build-vyos.rst:33
+#: ../../contributing/build-vyos.rst:83
msgid "Docker"
msgstr "Docker"
-#: ../../contributing/build-vyos.rst:73
+#: ../../contributing/build-vyos.rst:135
msgid "Dockerhub"
msgstr "Dockerhub"
-#: ../../contributing/build-vyos.rst:50
+#: ../../contributing/build-vyos.rst:112
msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
@@ -395,6 +407,10 @@ msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recomm
msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
msgstr "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
+#: ../../contributing/build-vyos.rst:87
+msgid "Due to the updated version of Docker, the following examples may become invalid."
+msgstr "Due to the updated version of Docker, the following examples may become invalid."
+
#: ../../contributing/debugging.rst:172
msgid "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
msgstr "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
@@ -403,7 +419,7 @@ msgstr "During the migration and extensive rewrite of functionality from Perl in
msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
msgstr "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
-#: ../../contributing/build-vyos.rst:407
+#: ../../contributing/build-vyos.rst:447
msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
msgstr "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
@@ -420,7 +436,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl
msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit."
#: ../../contributing/development.rst:412
-#: ../../contributing/testing.rst:65
+#: ../../contributing/testing.rst:66
msgid "Example:"
msgstr "Example:"
@@ -453,11 +469,11 @@ msgstr "FRR"
msgid "Feature Request"
msgstr "Feature Request"
-#: ../../contributing/build-vyos.rst:560
+#: ../../contributing/build-vyos.rst:600
msgid "Firmware"
msgstr "Firmware"
-#: ../../contributing/build-vyos.rst:593
+#: ../../contributing/build-vyos.rst:633
msgid "First, clone the source code and check out the appropriate version by running:"
msgstr "First, clone the source code and check out the appropriate version by running:"
@@ -485,7 +501,7 @@ msgstr "For example, ``/tmp/vyos.ifconfig.debug`` can be created to enable inter
msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
msgstr "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
-#: ../../contributing/build-vyos.rst:170
+#: ../../contributing/build-vyos.rst:72
msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
msgstr "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
@@ -534,7 +550,7 @@ msgstr "Good: PPPoE, IPsec"
msgid "Good: RADIUS (as in remote authentication for dial-in user services)"
msgstr "Good: RADIUS (as in remote authentication for dial-in user services)"
-#: ../../contributing/build-vyos.rst:244
+#: ../../contributing/build-vyos.rst:284
msgid "Good luck!"
msgstr "Good luck!"
@@ -562,11 +578,11 @@ msgstr "Horrible: \"frobnication algorithm.\""
msgid "How can we reproduce this Bug?"
msgstr "How can we reproduce this Bug?"
-#: ../../contributing/testing.rst:102
+#: ../../contributing/testing.rst:103
msgid "IP and IPv6 options"
msgstr "IP and IPv6 options"
-#: ../../contributing/build-vyos.rst:308
+#: ../../contributing/build-vyos.rst:348
msgid "ISO Build Issues"
msgstr "ISO Build Issues"
@@ -590,11 +606,11 @@ msgstr "If applicable a reference to a previous commit should be made linking th
msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
-#: ../../contributing/build-vyos.rst:699
+#: ../../contributing/build-vyos.rst:739
msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
-#: ../../contributing/build-vyos.rst:562
+#: ../../contributing/build-vyos.rst:602
msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
@@ -622,7 +638,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di
msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
-#: ../../contributing/build-vyos.rst:554
+#: ../../contributing/build-vyos.rst:594
msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
@@ -638,7 +654,7 @@ msgstr "Include output"
msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
-#: ../../contributing/build-vyos.rst:810
+#: ../../contributing/build-vyos.rst:850
msgid "Install"
msgstr "Install"
@@ -646,7 +662,7 @@ msgstr "Install"
msgid "Install https://pypi.org/project/stdeb/"
msgstr "Install https://pypi.org/project/stdeb/"
-#: ../../contributing/build-vyos.rst:35
+#: ../../contributing/build-vyos.rst:85
msgid "Installing Docker_ and prerequisites:"
msgstr "Installing Docker_ and prerequisites:"
@@ -654,23 +670,23 @@ msgstr "Installing Docker_ and prerequisites:"
msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
-#: ../../contributing/build-vyos.rst:632
+#: ../../contributing/build-vyos.rst:672
msgid "Intel NIC"
msgstr "Intel NIC"
-#: ../../contributing/build-vyos.rst:404
+#: ../../contributing/build-vyos.rst:444
msgid "Intel NIC drivers"
msgstr "Intel NIC drivers"
-#: ../../contributing/build-vyos.rst:661
+#: ../../contributing/build-vyos.rst:701
msgid "Intel QAT"
msgstr "Intel QAT"
-#: ../../contributing/build-vyos.rst:405
+#: ../../contributing/build-vyos.rst:445
msgid "Inter QAT"
msgstr "Inter QAT"
-#: ../../contributing/testing.rst:90
+#: ../../contributing/testing.rst:91
msgid "Interface based tests"
msgstr "Interface based tests"
@@ -690,11 +706,11 @@ msgstr "It's an Ada program and requires GNAT and gprbuild for building, depende
msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
-#: ../../contributing/testing.rst:17
+#: ../../contributing/testing.rst:18
msgid "Jenkins CI"
msgstr "Jenkins CI"
-#: ../../contributing/build-vyos.rst:816
+#: ../../contributing/build-vyos.rst:856
msgid "Just install using the following commands:"
msgstr "Just install using the following commands:"
@@ -710,7 +726,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi
msgid "Kernel"
msgstr "Kernel"
-#: ../../contributing/build-vyos.rst:787
+#: ../../contributing/build-vyos.rst:827
msgid "Launch Docker container and build package"
msgstr "Launch Docker container and build package"
@@ -734,7 +750,7 @@ msgstr "Like any other project we have some small guidelines about our source co
msgid "Limits:"
msgstr "Limits:"
-#: ../../contributing/build-vyos.rst:390
+#: ../../contributing/build-vyos.rst:430
msgid "Linux Kernel"
msgstr "Linux Kernel"
@@ -742,7 +758,7 @@ msgstr "Linux Kernel"
msgid "Live System"
msgstr "Live System"
-#: ../../contributing/testing.rst:101
+#: ../../contributing/testing.rst:102
msgid "MTU size"
msgstr "MTU size"
@@ -750,11 +766,11 @@ msgstr "MTU size"
msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
-#: ../../contributing/testing.rst:60
+#: ../../contributing/testing.rst:61
msgid "Manual Smoketest Run"
msgstr "Manual Smoketest Run"
-#: ../../contributing/testing.rst:168
+#: ../../contributing/testing.rst:169
msgid "Manual config load test"
msgstr "Manual config load test"
@@ -770,7 +786,7 @@ msgstr "Migrating old CLI"
msgid "Move default values to scripts"
msgstr "Move default values to scripts"
-#: ../../contributing/build-vyos.rst:147
+#: ../../contributing/build-vyos.rst:35
msgid "Native Build"
msgstr "Native Build"
@@ -807,23 +823,23 @@ msgstr "None"
msgid "Notes"
msgstr "Notes"
-#: ../../contributing/build-vyos.rst:199
+#: ../../contributing/build-vyos.rst:236
msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
-#: ../../contributing/build-vyos.rst:184
+#: ../../contributing/build-vyos.rst:217
msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
-#: ../../contributing/build-vyos.rst:384
+#: ../../contributing/build-vyos.rst:424
msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
-#: ../../contributing/build-vyos.rst:469
+#: ../../contributing/build-vyos.rst:509
msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
-#: ../../contributing/build-vyos.rst:133
+#: ../../contributing/build-vyos.rst:199
msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
@@ -831,7 +847,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t
msgid "Old concept/syntax"
msgstr "Old concept/syntax"
-#: ../../contributing/testing.rst:62
+#: ../../contributing/testing.rst:63
msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
@@ -843,7 +859,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with
msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
-#: ../../contributing/testing.rst:170
+#: ../../contributing/testing.rst:171
msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
@@ -851,6 +867,10 @@ msgstr "One is not bound to load all configurations one after another but can al
msgid "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
msgstr "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+#: ../../contributing/testing.rst:7
+msgid "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+msgstr "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+
#: ../../contributing/development.rst:665
msgid "Only applicable to leaf nodes"
msgstr "Only applicable to leaf nodes"
@@ -863,7 +883,7 @@ msgstr "Other packages (e.g. vyos-1x) add dependencies to the ISO build procedur
msgid "Our StrongSWAN build differs from the upstream:"
msgstr "Our StrongSWAN build differs from the upstream:"
-#: ../../contributing/testing.rst:19
+#: ../../contributing/testing.rst:20
msgid "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
msgstr "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
@@ -875,12 +895,12 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind
msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
-#: ../../contributing/testing.rst:92
+#: ../../contributing/testing.rst:93
msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
-#: ../../contributing/build-vyos.rst:697
-#: ../../contributing/build-vyos.rst:766
+#: ../../contributing/build-vyos.rst:737
+#: ../../contributing/build-vyos.rst:806
msgid "Packages"
msgstr "Packages"
@@ -904,11 +924,11 @@ msgstr "Please submit your patches using the well-known GitHub pull-request agai
msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
-#: ../../contributing/testing.rst:103
+#: ../../contributing/testing.rst:104
msgid "Port description"
msgstr "Port description"
-#: ../../contributing/testing.rst:104
+#: ../../contributing/testing.rst:105
msgid "Port disable"
msgstr "Port disable"
@@ -952,7 +972,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway?
msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
-#: ../../contributing/build-vyos.rst:745
+#: ../../contributing/build-vyos.rst:785
msgid "QEMU"
msgstr "QEMU"
@@ -968,16 +988,16 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca
msgid "Report a Bug"
msgstr "Report a Bug"
-#: ../../contributing/build-vyos.rst:747
+#: ../../contributing/build-vyos.rst:787
msgid "Run the following command after building the ISO image."
msgstr "Run the following command after building the ISO image."
-#: ../../contributing/build-vyos.rst:756
+#: ../../contributing/build-vyos.rst:796
msgid "Run the following command after building the QEMU image."
msgstr "Run the following command after building the QEMU image."
-#: ../../contributing/build-vyos.rst:637
-#: ../../contributing/build-vyos.rst:666
+#: ../../contributing/build-vyos.rst:677
+#: ../../contributing/build-vyos.rst:706
msgid "Simply use our wrapper script to build all of the driver modules."
msgstr "Simply use our wrapper script to build all of the driver modules."
@@ -985,19 +1005,19 @@ msgstr "Simply use our wrapper script to build all of the driver modules."
msgid "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
msgstr "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
-#: ../../contributing/testing.rst:29
+#: ../../contributing/testing.rst:30
msgid "Smoketests"
msgstr "Smoketests"
-#: ../../contributing/testing.rst:31
+#: ../../contributing/testing.rst:32
msgid "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
msgstr "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
-#: ../../contributing/testing.rst:44
+#: ../../contributing/testing.rst:45
msgid "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
msgstr "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
-#: ../../contributing/build-vyos.rst:136
+#: ../../contributing/build-vyos.rst:202
msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
@@ -1005,7 +1025,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver
msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
-#: ../../contributing/testing.rst:201
+#: ../../contributing/testing.rst:202
msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
@@ -1013,7 +1033,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos
msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
-#: ../../contributing/build-vyos.rst:229
+#: ../../contributing/build-vyos.rst:269
msgid "Start the build:"
msgstr "Start the build:"
@@ -1057,15 +1077,15 @@ msgstr "Text generation"
msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
-#: ../../contributing/build-vyos.rst:634
+#: ../../contributing/build-vyos.rst:674
msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
-#: ../../contributing/build-vyos.rst:662
+#: ../../contributing/build-vyos.rst:702
msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
-#: ../../contributing/build-vyos.rst:392
+#: ../../contributing/build-vyos.rst:432
msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
@@ -1089,7 +1109,7 @@ msgstr "The ``generate()`` function generates config files for system components
msgid "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
msgstr "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
-#: ../../contributing/testing.rst:47
+#: ../../contributing/testing.rst:48
msgid "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
msgstr "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
@@ -1101,19 +1121,19 @@ msgstr "The ``verify()`` function takes your internal representation of the conf
msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
-#: ../../contributing/build-vyos.rst:54
+#: ../../contributing/build-vyos.rst:116
msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
-#: ../../contributing/testing.rst:158
+#: ../../contributing/testing.rst:159
msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
-#: ../../contributing/build-vyos.rst:87
+#: ../../contributing/build-vyos.rst:149
msgid "The container can also be built directly from source:"
msgstr "The container can also be built directly from source:"
-#: ../../contributing/build-vyos.rst:62
+#: ../../contributing/build-vyos.rst:124
msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
@@ -1121,11 +1141,11 @@ msgstr "The container can be built by hand or by fetching the pre-built one from
msgid "The default template processor for VyOS code is Jinja2_."
msgstr "The default template processor for VyOS code is Jinja2_."
-#: ../../contributing/build-vyos.rst:773
+#: ../../contributing/build-vyos.rst:813
msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
-#: ../../contributing/testing.rst:163
+#: ../../contributing/testing.rst:164
msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
@@ -1137,6 +1157,10 @@ msgstr "The file can be placed in ``/tmp`` for one time debugging (as the file w
msgid "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
msgstr "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
+#: ../../contributing/build-vyos.rst:26
+msgid "The following includes the build process for VyOS 1.2 to the latest version."
+msgstr "The following includes the build process for VyOS 1.2 to the latest version."
+
#: ../../contributing/development.rst:71
msgid "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
msgstr "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
@@ -1149,11 +1173,11 @@ msgstr "The great thing about schemas is not only that people can know the compl
msgid "The information is used in three ways:"
msgstr "The information is used in three ways:"
-#: ../../contributing/build-vyos.rst:437
+#: ../../contributing/build-vyos.rst:477
msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
-#: ../../contributing/build-vyos.rst:425
+#: ../../contributing/build-vyos.rst:465
msgid "The most obvious reasons could be:"
msgstr "The most obvious reasons could be:"
@@ -1161,7 +1185,7 @@ msgstr "The most obvious reasons could be:"
msgid "The original repo is at https://github.com/dmbaturin/hvinfo"
msgstr "The original repo is at https://github.com/dmbaturin/hvinfo"
-#: ../../contributing/testing.rst:153
+#: ../../contributing/testing.rst:154
msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
@@ -1181,7 +1205,7 @@ msgstr "The reason is that the configuration migration backend is rewritten and
msgid "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
msgstr "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
-#: ../../contributing/testing.rst:53
+#: ../../contributing/testing.rst:54
msgid "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
msgstr "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
@@ -1205,7 +1229,7 @@ msgstr "The switch to the Python programming language for new code is not merely
msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
-#: ../../contributing/build-vyos.rst:310
+#: ../../contributing/build-vyos.rst:350
msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
@@ -1221,7 +1245,7 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo
msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
-#: ../../contributing/build-vyos.rst:257
+#: ../../contributing/build-vyos.rst:297
msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
@@ -1249,31 +1273,35 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https
msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
-#: ../../contributing/build-vyos.rst:572
+#: ../../contributing/build-vyos.rst:612
msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
-#: ../../contributing/build-vyos.rst:26
+#: ../../contributing/build-vyos.rst:76
+msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+
+#: ../../contributing/build-vyos.rst:28
msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
-#: ../../contributing/testing.rst:147
+#: ../../contributing/testing.rst:148
msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
-#: ../../contributing/testing.rst:97
+#: ../../contributing/testing.rst:98
msgid "Those common tests consists out of:"
msgstr "Those common tests consists out of:"
-#: ../../contributing/build-vyos.rst:107
+#: ../../contributing/build-vyos.rst:173
msgid "Tips and Tricks"
msgstr "Tips and Tricks"
-#: ../../contributing/build-vyos.rst:46
+#: ../../contributing/build-vyos.rst:108
msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
-#: ../../contributing/build-vyos.rst:149
+#: ../../contributing/build-vyos.rst:37
msgid "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
msgstr "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
@@ -1285,7 +1313,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every
msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
-#: ../../contributing/build-vyos.rst:333
+#: ../../contributing/build-vyos.rst:373
msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
@@ -1305,19 +1333,19 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll
msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
-#: ../../contributing/build-vyos.rst:75
+#: ../../contributing/build-vyos.rst:137
msgid "To manually download the container from DockerHub, run:"
msgstr "To manually download the container from DockerHub, run:"
-#: ../../contributing/build-vyos.rst:156
+#: ../../contributing/build-vyos.rst:46
msgid "To start, clone the repository to your local machine:"
msgstr "To start, clone the repository to your local machine:"
-#: ../../contributing/build-vyos.rst:812
+#: ../../contributing/build-vyos.rst:852
msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
-#: ../../contributing/build-vyos.rst:711
+#: ../../contributing/build-vyos.rst:751
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -1357,11 +1385,11 @@ msgstr "Useful commands are:"
msgid "VIF (incl. VIF-S/VIF-C)"
msgstr "VIF (incl. VIF-S/VIF-C)"
-#: ../../contributing/testing.rst:105
+#: ../../contributing/testing.rst:106
msgid "VLANs (QinQ and regular 802.1q)"
msgstr "VLANs (QinQ and regular 802.1q)"
-#: ../../contributing/build-vyos.rst:754
+#: ../../contributing/build-vyos.rst:794
msgid "VMware"
msgstr "VMware"
@@ -1373,7 +1401,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form."
msgid "Verbs **should** be avoided. If a verb can be omitted, omit it."
msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it."
-#: ../../contributing/build-vyos.rst:742
+#: ../../contributing/build-vyos.rst:782
msgid "Virtualization Platforms"
msgstr "Virtualization Platforms"
@@ -1381,7 +1409,11 @@ msgstr "Virtualization Platforms"
msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
-#: ../../contributing/build-vyos.rst:768
+#: ../../contributing/build-vyos.rst:168
+msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+
+#: ../../contributing/build-vyos.rst:808
msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
@@ -1389,19 +1421,19 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst
msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
-#: ../../contributing/build-vyos.rst:600
+#: ../../contributing/build-vyos.rst:640
msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:"
msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:"
-#: ../../contributing/testing.rst:24
+#: ../../contributing/testing.rst:25
msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
-#: ../../contributing/build-vyos.rst:349
+#: ../../contributing/build-vyos.rst:389
msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
-#: ../../contributing/build-vyos.rst:341
+#: ../../contributing/build-vyos.rst:381
msgid "We now need to mount some required, volatile filesystems"
msgstr "We now need to mount some required, volatile filesystems"
@@ -1425,7 +1457,7 @@ msgstr "What was the configuration prior to the change?"
msgid "What were you attempting to achieve?"
msgstr "What were you attempting to achieve?"
-#: ../../contributing/testing.rst:34
+#: ../../contributing/testing.rst:35
msgid "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
msgstr "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
@@ -1437,7 +1469,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is
msgid "When modifying the source code, remember these rules of the legacy elimination campaign:"
msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:"
-#: ../../contributing/build-vyos.rst:241
+#: ../../contributing/build-vyos.rst:281
msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
@@ -1449,7 +1481,7 @@ msgstr "When writing a new configuration migrator it may happen that you see an
msgid "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
msgstr "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
-#: ../../contributing/testing.rst:108
+#: ../../contributing/testing.rst:109
msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
@@ -1490,11 +1522,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was
msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
-#: ../../contributing/build-vyos.rst:827
+#: ../../contributing/build-vyos.rst:867
msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
-#: ../../contributing/build-vyos.rst:109
+#: ../../contributing/build-vyos.rst:175
msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
@@ -1506,7 +1538,7 @@ msgstr "You can type ``help`` to get an overview of the available commands, and
msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
-#: ../../contributing/build-vyos.rst:430
+#: ../../contributing/build-vyos.rst:470
msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
@@ -1526,7 +1558,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your
msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
-#: ../../contributing/testing.rst:106
+#: ../../contributing/testing.rst:107
msgid "..."
msgstr "..."
@@ -1582,7 +1614,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi
msgid "``set``"
msgstr "``set``"
-#: ../../contributing/build-vyos.rst:427
+#: ../../contributing/build-vyos.rst:467
msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
diff --git a/docs/_locale/ja/copyright.pot b/docs/_locale/ja/copyright.pot
index 53078f45..d64e38c0 100644
--- a/docs/_locale/ja/copyright.pot
+++ b/docs/_locale/ja/copyright.pot
@@ -13,8 +13,8 @@ msgid "Copyright Notice"
msgstr "Copyright Notice"
#: ../../copyright.md:3
-msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors"
-msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors"
+msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors"
+msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors"
#: ../../copyright.md:9
msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one."
diff --git a/docs/_locale/ja/index.pot b/docs/_locale/ja/index.pot
index c3b65128..67033299 100644
--- a/docs/_locale/ja/index.pot
+++ b/docs/_locale/ja/index.pot
@@ -12,23 +12,23 @@ msgstr ""
msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
-#: ../../index.rst:70
+#: ../../index.rst:72
msgid "Adminguide"
msgstr "Adminguide"
-#: ../../index.rst:31
+#: ../../index.rst:33
msgid "Automate"
msgstr "Automate"
-#: ../../index.rst:23
+#: ../../index.rst:25
msgid "Configuration and Operation"
msgstr "Configuration and Operation"
-#: ../../index.rst:44
+#: ../../index.rst:46
msgid "Contribute and Community"
msgstr "Contribute and Community"
-#: ../../index.rst:83
+#: ../../index.rst:85
msgid "Development"
msgstr "Development"
@@ -36,31 +36,31 @@ msgstr "Development"
msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
-#: ../../index.rst:38
+#: ../../index.rst:40
msgid "Examples"
msgstr "Examples"
-#: ../../index.rst:61
+#: ../../index.rst:63
msgid "First Steps"
msgstr "First Steps"
-#: ../../index.rst:11
+#: ../../index.rst:12
msgid "Get / Build VyOS"
msgstr "Get / Build VyOS"
-#: ../../index.rst:40
+#: ../../index.rst:42
msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
-#: ../../index.rst:16
+#: ../../index.rst:18
msgid "Install VyOS"
msgstr "Install VyOS"
-#: ../../index.rst:33
+#: ../../index.rst:35
msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
-#: ../../index.rst:96
+#: ../../index.rst:98
msgid "Misc"
msgstr "Misc"
@@ -68,11 +68,11 @@ msgstr "Misc"
msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
-#: ../../index.rst:13
+#: ../../index.rst:15
msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
-#: ../../index.rst:18
+#: ../../index.rst:20
msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
@@ -80,7 +80,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:
msgid "There are many ways to contribute to the project."
msgstr "There are many ways to contribute to the project."
-#: ../../index.rst:25
+#: ../../index.rst:27
msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
diff --git a/docs/_locale/ja/installation.pot b/docs/_locale/ja/installation.pot
index dd3e9019..fab479b9 100644
--- a/docs/_locale/ja/installation.pot
+++ b/docs/_locale/ja/installation.pot
@@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project."
msgid "**Early Production Access**"
msgstr "**Early Production Access**"
-#: ../../installation/install.rst:538
+#: ../../installation/install.rst:541
msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
@@ -56,7 +56,7 @@ msgstr "**Release Candidate**"
msgid "**Requirements**"
msgstr "**Requirements**"
-#: ../../installation/install.rst:543
+#: ../../installation/install.rst:546
msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
@@ -128,37 +128,35 @@ msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs"
msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 custom VyOS powder coat"
msgstr "APU4 custom VyOS powder coat"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop back"
msgstr "APU4 desktop back"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop closed"
msgstr "APU4 desktop closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack closed"
msgstr "APU4 rack closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack front"
msgstr "APU4 rack front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #1"
msgstr "APU4 rack module #1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #2"
msgstr "APU4 rack module #2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #3 with PSU"
msgstr "APU4 rack module #3 with PSU"
@@ -166,7 +164,7 @@ msgstr "APU4 rack module #3 with PSU"
msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
-#: ../../installation/install.rst:487
+#: ../../installation/install.rst:490
msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
@@ -234,7 +232,7 @@ msgstr "After installation - exit from the console using the key combination ``C
msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
-#: ../../installation/update.rst:81
+#: ../../installation/update.rst:88
msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
@@ -262,7 +260,7 @@ msgstr "An IP address"
msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
-#: ../../installation/install.rst:551
+#: ../../installation/install.rst:554
msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
@@ -338,7 +336,7 @@ msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected
msgid "Bits per second : 9600"
msgstr "Bits per second : 9600"
-#: ../../installation/install.rst:580
+#: ../../installation/install.rst:583
msgid "Black screen on install"
msgstr "Black screen on install"
@@ -358,39 +356,39 @@ msgstr "Building from source"
msgid "CLI"
msgstr "CLI"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Back"
msgstr "CSE-505-203B Back"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Front"
msgstr "CSE-505-203B Front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 1"
msgstr "CSE-505-203B Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 2"
msgstr "CSE-505-203B Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 3"
msgstr "CSE-505-203B Open 3"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open"
msgstr "CSE-505-203B w/ 10GE Open"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 1"
msgstr "CSE-505-203B w/ 10GE Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 2"
msgstr "CSE-505-203B w/ 10GE Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 3"
msgstr "CSE-505-203B w/ 10GE Open 3"
@@ -455,7 +453,7 @@ msgstr "Click to ``Instances`` and ``Launch Instance``"
msgid "Click to your new vm and find out your Public IP address."
msgstr "Click to your new vm and find out your Public IP address."
-#: ../../installation/install.rst:562
+#: ../../installation/install.rst:565
msgid "Client Boot"
msgstr "Client Boot"
@@ -491,7 +489,7 @@ msgstr "Configure Security Group. It's recommended that you configure ssh access
msgid "Configure a DHCP server to provide the client with:"
msgstr "Configure a DHCP server to provide the client with:"
-#: ../../installation/install.rst:476
+#: ../../installation/install.rst:479
msgid "Configure a TFTP server so that it serves the following:"
msgstr "Configure a TFTP server so that it serves the following:"
@@ -525,11 +523,8 @@ msgid "Connect to the instance by SSH key."
msgstr "Connect to the instance by SSH key."
#: ../../installation/cloud/index.rst:7
-#: ../../installation/cloud/index.rst:7
-#: ../../installation/index.rst:7
#: ../../installation/index.rst:7
#: ../../installation/virtual/index.rst:5
-#: ../../installation/virtual/index.rst:5
msgid "Content"
msgstr "Content"
@@ -649,7 +644,7 @@ msgstr "Disable XHCI"
msgid "Disk size"
msgstr "Disk size"
-#: ../../installation/install.rst:547
+#: ../../installation/install.rst:550
msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
@@ -727,15 +722,10 @@ msgid "Every version is contained in its own squashfs image that is mounted in a
msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts."
#: ../../installation/install.rst:17
-#: ../../installation/install.rst:17
-#: ../../installation/install.rst:21
#: ../../installation/install.rst:21
#: ../../installation/install.rst:25
-#: ../../installation/install.rst:25
-#: ../../installation/install.rst:29
#: ../../installation/install.rst:29
#: ../../installation/install.rst:33
-#: ../../installation/install.rst:33
#: ../../installation/install.rst:37
msgid "Everyone"
msgstr "Everyone"
@@ -752,11 +742,11 @@ msgstr "Example"
msgid "Example:"
msgstr "Example:"
-#: ../../installation/install.rst:519
+#: ../../installation/install.rst:522
msgid "Example of simple (no menu) configuration file:"
msgstr "Example of simple (no menu) configuration file:"
-#: ../../installation/install.rst:499
+#: ../../installation/install.rst:502
msgid "Example of the contents of the TFTP server:"
msgstr "Example of the contents of the TFTP server:"
@@ -768,7 +758,7 @@ msgstr "Extension Modules"
msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
-#: ../../installation/install.rst:564
+#: ../../installation/install.rst:567
msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
@@ -816,7 +806,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c
msgid "GPG verification"
msgstr "GPG verification"
-#: ../../installation/install.rst:582
+#: ../../installation/install.rst:585
msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
@@ -964,7 +954,7 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration
msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
-#: ../../installation/install.rst:491
+#: ../../installation/install.rst:494
msgid "In the example we configured our existent VyOS as the TFTP server too:"
msgstr "In the example we configured our existent VyOS as the TFTP server too:"
@@ -985,7 +975,7 @@ msgstr "Installation"
msgid "Installation and Image Management"
msgstr "Installation and Image Management"
-#: ../../installation/install.rst:594
+#: ../../installation/install.rst:597
msgid "Installation can then continue as outlined above."
msgstr "Installation can then continue as outlined above."
@@ -1021,7 +1011,7 @@ msgstr "It is advised that VyOS routers are configured in a resource group with
msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
-#: ../../installation/install.rst:575
+#: ../../installation/install.rst:578
msgid "Known Issues"
msgstr "Known Issues"
@@ -1057,7 +1047,7 @@ msgstr "Live installation"
msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)"
msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)"
-#: ../../installation/install.rst:555
+#: ../../installation/install.rst:558
msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
@@ -1138,7 +1128,7 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po
msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
-#: ../../installation/install.rst:569
+#: ../../installation/install.rst:572
msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
@@ -1462,11 +1452,11 @@ msgstr "Stayed in this stage. This is because the KVM console is chosen as the d
msgid "Step 1: DHCP"
msgstr "Step 1: DHCP"
-#: ../../installation/install.rst:474
+#: ../../installation/install.rst:477
msgid "Step 2: TFTP"
msgstr "Step 2: TFTP"
-#: ../../installation/install.rst:531
+#: ../../installation/install.rst:534
msgid "Step 3: HTTP"
msgstr "Step 3: HTTP"
@@ -1498,11 +1488,11 @@ msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be u
msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
-#: ../../installation/install.rst:479
+#: ../../installation/install.rst:482
msgid "The *ldlinux.c32* file from the Syslinux distribution"
msgstr "The *ldlinux.c32* file from the Syslinux distribution"
-#: ../../installation/install.rst:478
+#: ../../installation/install.rst:481
msgid "The *pxelinux.0* file from the Syslinux distribution"
msgstr "The *pxelinux.0* file from the Syslinux distribution"
@@ -1582,7 +1572,7 @@ msgstr "The image will be loaded and the last lines you will get will be:"
msgid "The import can be verified with:"
msgstr "The import can be verified with:"
-#: ../../installation/install.rst:483
+#: ../../installation/install.rst:486
msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
@@ -1590,7 +1580,7 @@ msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *ini
msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
-#: ../../installation/install.rst:480
+#: ../../installation/install.rst:483
msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
@@ -1598,7 +1588,7 @@ msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz
msgid "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
-#: ../../installation/update.rst:76
+#: ../../installation/update.rst:83
msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
@@ -1618,7 +1608,7 @@ msgstr "The system is fully operational."
msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
-#: ../../installation/install.rst:587
+#: ../../installation/install.rst:590
msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
@@ -1663,7 +1653,7 @@ msgstr "This guide was developed using an APU4C4 board with the following specs:
msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
-#: ../../installation/install.rst:577
+#: ../../installation/install.rst:580
msgid "This is a list of known issues that can arise during installation."
msgstr "This is a list of known issues that can arise during installation."
@@ -1695,6 +1685,10 @@ msgstr "To turn the template into a working VyOS machine, further steps are nece
msgid "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
+#: ../../installation/update.rst:81
+msgid "To use the `latest` option the \"system update-check url\" must be configured."
+msgstr "To use the `latest` option the \"system update-check url\" must be configured."
+
#: ../../installation/install.rst:248
msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
@@ -1827,7 +1821,7 @@ msgstr "Wait until you get the outcome (bytes copied). Be patient, in some compu
msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
-#: ../../installation/install.rst:533
+#: ../../installation/install.rst:536
msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
@@ -1879,6 +1873,10 @@ msgstr "You can go back to your Vyatta install using the ``set system image defa
msgid "You can now proceed with a regular image installation as described in :ref:`installation`."
msgstr "You can now proceed with a regular image installation as described in :ref:`installation`."
+#: ../../installation/update.rst:75
+msgid "You can use ``latest`` option. It loads the latest available Rolling release."
+msgstr "You can use ``latest`` option. It loads the latest available Rolling release."
+
#: ../../installation/migrate-from-vyatta.rst:28
msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
@@ -1923,7 +1921,7 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.
msgid "``gpg --recv-keys FD220285A0FE6D7E``"
msgstr "``gpg --recv-keys FD220285A0FE6D7E``"
-#: ../../installation/install.rst:590
+#: ../../installation/install.rst:593
msgid "`console=ttyS0,115200`"
msgstr "`console=ttyS0,115200`"
@@ -1955,7 +1953,7 @@ msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-
msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
-#: ../../installation/update.rst:79
+#: ../../installation/update.rst:86
msgid "https://vyos.net/get/nightly-builds/"
msgstr "https://vyos.net/get/nightly-builds/"
@@ -1971,6 +1969,6 @@ msgstr "https://www.oracle.com/cloud/"
msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
-#: ../../installation/install.rst:592
+#: ../../installation/install.rst:595
msgid "option, and type CTRL-X to boot."
msgstr "option, and type CTRL-X to boot."
diff --git a/docs/_locale/ja/quick-start.pot b/docs/_locale/ja/quick-start.pot
index b4c7bf79..1823bbf8 100644
--- a/docs/_locale/ja/quick-start.pot
+++ b/docs/_locale/ja/quick-start.pot
@@ -8,19 +8,19 @@ msgstr ""
"Language: ja\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: ../../quick-start.rst:178
+#: ../../quick-start.rst:189
msgid "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
msgstr "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
-#: ../../quick-start.rst:124
+#: ../../quick-start.rst:125
msgid "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
msgstr "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
-#: ../../quick-start.rst:180
+#: ../../quick-start.rst:191
msgid "A rule to ``accept`` packets from established and related connections."
msgstr "A rule to ``accept`` packets from established and related connections."
-#: ../../quick-start.rst:181
+#: ../../quick-start.rst:192
msgid "A rule to ``drop`` packets from invalid connections."
msgstr "A rule to ``drop`` packets from invalid connections."
@@ -40,27 +40,31 @@ msgstr "After switching to :ref:`quick-start-configuration-mode` issue the follo
msgid "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
msgstr "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
-#: ../../quick-start.rst:301
+#: ../../quick-start.rst:311
msgid "Allow Access to Services"
msgstr "Allow Access to Services"
-#: ../../quick-start.rst:257
+#: ../../quick-start.rst:267
msgid "Allow Management Access"
msgstr "Allow Management Access"
-#: ../../quick-start.rst:208
+#: ../../quick-start.rst:202
msgid "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
msgstr "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
+#: ../../quick-start.rst:219
+msgid "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+msgstr "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+
#: ../../quick-start.rst:167
msgid "Apply the firewall policies:"
msgstr "Apply the firewall policies:"
-#: ../../quick-start.rst:367
+#: ../../quick-start.rst:377
msgid "As above, commit your changes, save the configuration, and exit configuration mode:"
msgstr "As above, commit your changes, save the configuration, and exit configuration mode:"
-#: ../../quick-start.rst:227
+#: ../../quick-start.rst:237
msgid "Block Incoming Traffic"
msgstr "Block Incoming Traffic"
@@ -76,7 +80,7 @@ msgstr "By default, VyOS is in operational mode, and the command prompt displays
msgid "Commit and Save"
msgstr "Commit and Save"
-#: ../../quick-start.rst:327
+#: ../../quick-start.rst:337
msgid "Commit changes, save the configuration, and exit configuration mode:"
msgstr "Commit changes, save the configuration, and exit configuration mode:"
@@ -84,19 +88,19 @@ msgstr "Commit changes, save the configuration, and exit configuration mode:"
msgid "Configuration Mode"
msgstr "Configuration Mode"
-#: ../../quick-start.rst:143
+#: ../../quick-start.rst:138
msgid "Configure Firewall Groups"
msgstr "Configure Firewall Groups"
-#: ../../quick-start.rst:162
+#: ../../quick-start.rst:157
msgid "Configure Stateful Packet Filtering"
msgstr "Configure Stateful Packet Filtering"
-#: ../../quick-start.rst:271
+#: ../../quick-start.rst:281
msgid "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
msgstr "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
-#: ../../quick-start.rst:233
+#: ../../quick-start.rst:243
msgid "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
msgstr "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
@@ -120,35 +124,35 @@ msgstr "DHCP leases will hold for one day (86400 seconds)"
msgid "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
msgstr "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
-#: ../../quick-start.rst:341
+#: ../../quick-start.rst:351
msgid "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
msgstr "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
-#: ../../quick-start.rst:281
+#: ../../quick-start.rst:291
msgid "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
msgstr "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
-#: ../../quick-start.rst:357
+#: ../../quick-start.rst:367
msgid "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
msgstr "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
-#: ../../quick-start.rst:319
+#: ../../quick-start.rst:329
msgid "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
msgstr "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
-#: ../../quick-start.rst:122
+#: ../../quick-start.rst:123
msgid "Firewall"
msgstr "Firewall"
-#: ../../quick-start.rst:263
+#: ../../quick-start.rst:273
msgid "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
msgstr "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
-#: ../../quick-start.rst:339
+#: ../../quick-start.rst:349
msgid "Hardening"
msgstr "Hardening"
-#: ../../quick-start.rst:303
+#: ../../quick-start.rst:313
msgid "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
msgstr "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
@@ -156,7 +160,11 @@ msgstr "Here we're allowing the router to respond to pings. Then, we can allow a
msgid "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
msgstr "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
-#: ../../quick-start.rst:150
+#: ../../quick-start.rst:145
+msgid "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+msgstr "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+
+#: ../../quick-start.rst:144
msgid "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
msgstr "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
@@ -164,11 +172,15 @@ msgstr "In this case, we will create two interface groups—a ``WAN`` group for
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../quick-start.rst:109
+#: ../../quick-start.rst:170
+msgid "Most installations would choose this option, and will contain:"
+msgstr "Most installations would choose this option, and will contain:"
+
+#: ../../quick-start.rst:110
msgid "NAT"
msgstr "NAT"
-#: ../../quick-start.rst:229
+#: ../../quick-start.rst:239
msgid "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
msgstr "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
@@ -180,19 +192,31 @@ msgstr "Once your configuration works as expected, you can save it permanently b
msgid "Only hosts from your internal/LAN network can use the DNS recursor"
msgstr "Only hosts from your internal/LAN network can use the DNS recursor"
-#: ../../quick-start.rst:168
+#: ../../quick-start.rst:162
msgid "Option 1: Common Chain"
msgstr "Option 1: Common Chain"
-#: ../../quick-start.rst:206
+#: ../../quick-start.rst:163
+msgid "Option 1: Global State Policies"
+msgstr "Option 1: Global State Policies"
+
+#: ../../quick-start.rst:179
+msgid "Option 2: Common/Custom Chain"
+msgstr "Option 2: Common/Custom Chain"
+
+#: ../../quick-start.rst:200
msgid "Option 2: Per-Hook Chain"
msgstr "Option 2: Per-Hook Chain"
+#: ../../quick-start.rst:217
+msgid "Option 3: Per-Hook Chain"
+msgstr "Option 3: Per-Hook Chain"
+
#: ../../quick-start.rst:5
msgid "Quick Start"
msgstr "Quick Start"
-#: ../../quick-start.rst:344
+#: ../../quick-start.rst:354
msgid "Replace the default ``vyos`` system user:"
msgstr "Replace the default ``vyos`` system user:"
@@ -204,7 +228,7 @@ msgstr "Replace the default `vyos` system user:"
msgid "SSH Management"
msgstr "SSH Management"
-#: ../../quick-start.rst:350
+#: ../../quick-start.rst:360
msgid "Set up :ref:`ssh_key_based_authentication`:"
msgstr "Set up :ref:`ssh_key_based_authentication`:"
@@ -216,7 +240,7 @@ msgstr "The address range `192.168.0.2/24 - 192.168.0.8/24` will be reserved for
msgid "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
msgstr "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
-#: ../../quick-start.rst:176
+#: ../../quick-start.rst:187
msgid "The chain we will create is called ``CONN_FILTER`` and has three rules:"
msgstr "The chain we will create is called ``CONN_FILTER`` and has three rules:"
@@ -228,7 +252,7 @@ msgstr "The default gateway and DNS recursor address will be `192.168.0.1/24`"
msgid "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
msgstr "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
-#: ../../quick-start.rst:137
+#: ../../quick-start.rst:132
msgid "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
msgstr "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
@@ -236,11 +260,11 @@ msgstr "The firewall begins with the base ``filter`` tables you define for each
msgid "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
msgstr "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
-#: ../../quick-start.rst:111
+#: ../../quick-start.rst:112
msgid "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
msgstr "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
-#: ../../quick-start.rst:194
+#: ../../quick-start.rst:205
msgid "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
msgstr "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
@@ -260,31 +284,39 @@ msgstr "This chapter will guide you on how to get up to speed quickly using your
msgid "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
msgstr "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
-#: ../../quick-start.rst:145
+#: ../../quick-start.rst:140
msgid "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
msgstr "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
+#: ../../quick-start.rst:164
+msgid "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+msgstr "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+
#: ../../quick-start.rst:90
msgid "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
msgstr "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
-#: ../../quick-start.rst:170
+#: ../../quick-start.rst:181
msgid "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
msgstr "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
-#: ../../quick-start.rst:259
+#: ../../quick-start.rst:269
msgid "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
msgstr "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
-#: ../../quick-start.rst:247
+#: ../../quick-start.rst:257
msgid "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
msgstr "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
-#: ../../quick-start.rst:164
+#: ../../quick-start.rst:159
+msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+
+#: ../../quick-start.rst:158
msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
-#: ../../quick-start.rst:379
+#: ../../quick-start.rst:389
msgid "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
msgstr "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
diff --git a/docs/_locale/pt/404.pot b/docs/_locale/pt/404.pot
index 6fe1cc78..bb81ce96 100644
--- a/docs/_locale/pt/404.pot
+++ b/docs/_locale/pt/404.pot
@@ -25,5 +25,13 @@ msgid "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
msgstr "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
#: ../../404.rst:11
+msgid "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+msgstr "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+
+#: ../../404.rst:12
+msgid "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+msgstr "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+
+#: ../../404.rst:11
msgid "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
msgstr "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
diff --git a/docs/_locale/pt/LC_MESSAGES/404.mo b/docs/_locale/pt/LC_MESSAGES/404.mo
index e63f75fd..55eec7d3 100644
--- a/docs/_locale/pt/LC_MESSAGES/404.mo
+++ b/docs/_locale/pt/LC_MESSAGES/404.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/automation.mo b/docs/_locale/pt/LC_MESSAGES/automation.mo
index 4546ab53..e9c17d9e 100644
--- a/docs/_locale/pt/LC_MESSAGES/automation.mo
+++ b/docs/_locale/pt/LC_MESSAGES/automation.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/cli.mo b/docs/_locale/pt/LC_MESSAGES/cli.mo
index 6d4566a6..eebe0051 100644
--- a/docs/_locale/pt/LC_MESSAGES/cli.mo
+++ b/docs/_locale/pt/LC_MESSAGES/cli.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/configexamples.mo b/docs/_locale/pt/LC_MESSAGES/configexamples.mo
index a690274e..dff77ff7 100644
--- a/docs/_locale/pt/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/pt/LC_MESSAGES/configexamples.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/configuration.mo b/docs/_locale/pt/LC_MESSAGES/configuration.mo
index 62817f09..d048c623 100644
--- a/docs/_locale/pt/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/pt/LC_MESSAGES/configuration.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/contributing.mo b/docs/_locale/pt/LC_MESSAGES/contributing.mo
index 6853741f..45d920c0 100644
--- a/docs/_locale/pt/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/pt/LC_MESSAGES/contributing.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/installation.mo b/docs/_locale/pt/LC_MESSAGES/installation.mo
index 2008a799..ccb5df93 100644
--- a/docs/_locale/pt/LC_MESSAGES/installation.mo
+++ b/docs/_locale/pt/LC_MESSAGES/installation.mo
Binary files differ
diff --git a/docs/_locale/pt/LC_MESSAGES/quick-start.mo b/docs/_locale/pt/LC_MESSAGES/quick-start.mo
index 6dda3bb6..7bbab8c6 100644
--- a/docs/_locale/pt/LC_MESSAGES/quick-start.mo
+++ b/docs/_locale/pt/LC_MESSAGES/quick-start.mo
Binary files differ
diff --git a/docs/_locale/pt/automation.pot b/docs/_locale/pt/automation.pot
index 89b627f0..92be3d32 100644
--- a/docs/_locale/pt/automation.pot
+++ b/docs/_locale/pt/automation.pot
@@ -32,22 +32,30 @@ msgstr "**user-data**: includes vyos-commands."
msgid "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
msgstr "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
-#: ../../automation/vyos-api.rst:285
+#: ../../automation/vyos-api.rst:322
msgid "/config-file"
msgstr "/config-file"
-#: ../../automation/vyos-api.rst:228
+#: ../../automation/vyos-api.rst:265
msgid "/configure"
msgstr "/configure"
-#: ../../automation/vyos-api.rst:209
+#: ../../automation/vyos-api.rst:246
msgid "/generate"
msgstr "/generate"
-#: ../../automation/vyos-api.rst:147
+#: ../../automation/vyos-api.rst:184
msgid "/image"
msgstr "/image"
+#: ../../automation/vyos-api.rst:165
+msgid "/poweroff"
+msgstr "/poweroff"
+
+#: ../../automation/vyos-api.rst:147
+msgid "/reboot"
+msgstr "/reboot"
+
#: ../../automation/vyos-api.rst:129
msgid "/reset"
msgstr "/reset"
@@ -56,7 +64,7 @@ msgstr "/reset"
msgid "/retrieve"
msgstr "/retrieve"
-#: ../../automation/vyos-api.rst:185
+#: ../../automation/vyos-api.rst:222
msgid "/show"
msgstr "/show"
@@ -178,6 +186,34 @@ msgstr "Configuration"
msgid "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
msgstr "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
+#: ../../automation/vyos-pyvyos.rst:94
+msgid "Configure, then Delete Object"
+msgstr "Configure, then Delete Object"
+
+#: ../../automation/vyos-pyvyos.rst:141
+msgid "Configure, then Load File"
+msgstr "Configure, then Load File"
+
+#: ../../automation/vyos-pyvyos.rst:101
+msgid "Configure, then Save"
+msgstr "Configure, then Save"
+
+#: ../../automation/vyos-pyvyos.rst:108
+msgid "Configure, then Save File"
+msgstr "Configure, then Save File"
+
+#: ../../automation/vyos-pyvyos.rst:68
+msgid "Configure, then Set"
+msgstr "Configure, then Set"
+
+#: ../../automation/vyos-pyvyos.rst:85
+msgid "Configure, then Show Object"
+msgstr "Configure, then Show Object"
+
+#: ../../automation/vyos-pyvyos.rst:77
+msgid "Configure, then Show a Single Object Value"
+msgstr "Configure, then Show a Single Object Value"
+
#: ../../automation/vyos-napalm.rst:89
msgid "Content of commands.conf"
msgstr "Content of commands.conf"
@@ -258,7 +294,7 @@ msgstr "For configuration and enabling the API see :ref:`http-api`"
msgid "For example, get the addresses of a ``dum0`` interface."
msgstr "For example, get the addresses of a ``dum0`` interface."
-#: ../../automation/vyos-api.rst:189
+#: ../../automation/vyos-api.rst:226
msgid "For example, show which images are installed."
msgstr "For example, show which images are installed."
@@ -270,10 +306,18 @@ msgstr "For more information on the NoCloud data source, visit its `page <https:
msgid "From cli or GUI, power on VM, and after it boots, verify configuration"
msgstr "From cli or GUI, power on VM, and after it boots, verify configuration"
+#: ../../automation/vyos-pyvyos.rst:123
+msgid "Generate Object"
+msgstr "Generate Object"
+
#: ../../automation/cloud-init.rst:268
msgid "Generate qcow image"
msgstr "Generate qcow image"
+#: ../../automation/vyos-pyvyos.rst:24
+msgid "Getting Started"
+msgstr "Getting Started"
+
#: ../../automation/command-scripting.rst:82
msgid "Here is a simple example:"
msgstr "Here is a simple example:"
@@ -306,6 +350,10 @@ msgstr "If you need to gather information from linux commands to configure VyOS,
msgid "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
msgstr "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
+#: ../../automation/vyos-pyvyos.rst:27
+msgid "Importing and Disabling Warnings for verify=False"
+msgstr "Importing and Disabling Warnings for verify=False"
+
#: ../../automation/cloud-init.rst:298
msgid "In Proxmox server three files are going to be used for this setup:"
msgstr "In Proxmox server three files are going to be used for this setup:"
@@ -326,6 +374,10 @@ msgstr "In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G.
msgid "Initial Configuration"
msgstr "Initial Configuration"
+#: ../../automation/vyos-pyvyos.rst:47
+msgid "Initializing a VyDevice Object"
+msgstr "Initializing a VyDevice Object"
+
#: ../../automation/cloud-init.rst:180
msgid "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
msgstr "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
@@ -334,6 +386,10 @@ msgstr "Injecting configuration data is not limited to cloud platforms. Users ca
msgid "Install ``napalm-vyos`` module"
msgstr "Install ``napalm-vyos`` module"
+#: ../../automation/vyos-pyvyos.rst:15
+msgid "Installation"
+msgstr "Installation"
+
#: ../../automation/vyos-salt.rst:98
msgid "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
msgstr "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
@@ -451,6 +507,14 @@ msgstr "Proxmox IP address: **192.168.0.253/24**"
msgid "Proxmox `Cloud-init-Support`_."
msgstr "Proxmox `Cloud-init-Support`_."
+#: ../../automation/vyos-pyvyos.rst:6
+msgid "PyVyOS"
+msgstr "PyVyOS"
+
+#: ../../automation/vyos-pyvyos.rst:8
+msgid "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+msgstr "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+
#: ../../automation/cloud-init.rst:416
msgid "References"
msgstr "References"
@@ -459,6 +523,10 @@ msgstr "References"
msgid "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
msgstr "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
+#: ../../automation/vyos-pyvyos.rst:132
+msgid "Reset Object"
+msgstr "Reset Object"
+
#: ../../automation/vyos-ansible.rst:80
msgid "Run ansible"
msgstr "Run ansible"
@@ -487,11 +555,11 @@ msgstr "Salt"
msgid "Salt master configuration:"
msgstr "Salt master configuration:"
-#: ../../automation/vyos-api.rst:307
+#: ../../automation/vyos-api.rst:344
msgid "Save a running configuration to a file."
msgstr "Save a running configuration to a file."
-#: ../../automation/vyos-api.rst:289
+#: ../../automation/vyos-api.rst:326
msgid "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
msgstr "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
@@ -503,6 +571,10 @@ msgstr "Script vyos-napalm.py"
msgid "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
msgstr "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
+#: ../../automation/vyos-pyvyos.rst:115
+msgid "Show Object"
+msgstr "Show Object"
+
#: ../../automation/command-scripting.rst:52
msgid "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
msgstr "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
@@ -523,7 +595,7 @@ msgstr "Structure of files"
msgid "System Defaults/Fallbacks"
msgstr "System Defaults/Fallbacks"
-#: ../../automation/vyos-api.rst:264
+#: ../../automation/vyos-api.rst:301
msgid "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
msgstr "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
@@ -535,11 +607,11 @@ msgstr "The ``/config/scripts/vyos-postconfig-bootup.script`` script is called o
msgid "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
msgstr "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
-#: ../../automation/vyos-api.rst:187
+#: ../../automation/vyos-api.rst:224
msgid "The ``/show`` endpoint is to show everything in the operational mode."
msgstr "The ``/show`` endpoint is to show everything in the operational mode."
-#: ../../automation/vyos-api.rst:211
+#: ../../automation/vyos-api.rst:248
msgid "The ``generate`` endpoint run a ``generate`` command."
msgstr "The ``generate`` endpoint run a ``generate`` command."
@@ -568,7 +640,7 @@ msgstr "The default file looks like this:"
msgid "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
msgstr "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
-#: ../../automation/vyos-api.rst:287
+#: ../../automation/vyos-api.rst:324
msgid "The endpoint ``/config-file`` is to save or load a configuration."
msgstr "The endpoint ``/config-file`` is to save or load a configuration."
@@ -604,11 +676,11 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
msgstr "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
-#: ../../automation/vyos-api.rst:323
+#: ../../automation/vyos-api.rst:360
msgid "To Load a configuration file."
msgstr "To Load a configuration file."
-#: ../../automation/vyos-api.rst:149
+#: ../../automation/vyos-api.rst:186
msgid "To add or delete an image, use the ``/image`` endpoint."
msgstr "To add or delete an image, use the ``/image`` endpoint."
@@ -624,6 +696,10 @@ msgstr "To get the whole configuration, pass an empty list to the ``path`` field
msgid "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
msgstr "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
+#: ../../automation/vyos-api.rst:149
+msgid "To initiate a reboot use the ``reboot`` endpoint."
+msgstr "To initiate a reboot use the ``reboot`` endpoint."
+
#: ../../automation/command-scripting.rst:128
msgid "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
msgstr "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
@@ -632,6 +708,10 @@ msgstr "To make sure that a script is not accidentally called without the ``vyat
msgid "To only get a part of the configuration, for example ``system syslog``."
msgstr "To only get a part of the configuration, for example ``system syslog``."
+#: ../../automation/vyos-api.rst:167
+msgid "To power off the system use the ``poweroff`` endpoint."
+msgstr "To power off the system use the ``poweroff`` endpoint."
+
#: ../../automation/cloud-init.rst:223
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -648,6 +728,14 @@ msgstr "User-data"
msgid "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
msgstr "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
+#: ../../automation/vyos-pyvyos.rst:35
+msgid "Using API Response Class"
+msgstr "Using API Response Class"
+
+#: ../../automation/vyos-pyvyos.rst:65
+msgid "Using PyVyOS"
+msgstr "Using PyVyOS"
+
#: ../../automation/cloud-init.rst:373
msgid "VM ID: in this example, VM ID used is 555."
msgstr "VM ID: in this example, VM ID used is 555."
@@ -736,11 +824,15 @@ msgstr "Without proxy it requires VyOS minion configuration and support op-mode
msgid "Without proxy it requires VyOS minion configuration and supports op-mode data:"
msgstr "Without proxy it requires VyOS minion configuration and supports op-mode data:"
-#: ../../automation/vyos-api.rst:230
+#: ../../automation/vyos-pyvyos.rst:17
+msgid "You can install PyVyOS using pip:"
+msgstr "You can install PyVyOS using pip:"
+
+#: ../../automation/vyos-api.rst:267
msgid "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
msgstr "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
-#: ../../automation/vyos-api.rst:249
+#: ../../automation/vyos-api.rst:286
msgid "``delete`` a single command"
msgstr "``delete`` a single command"
@@ -748,7 +840,7 @@ msgstr "``delete`` a single command"
msgid "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
msgstr "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
-#: ../../automation/vyos-api.rst:233
+#: ../../automation/vyos-api.rst:270
msgid "``set`` a single command"
msgstr "``set`` a single command"
@@ -764,7 +856,7 @@ msgstr "``vyos``/``vyos`` credentials if no others specified by data source."
msgid "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
msgstr "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
-#: ../../automation/vyos-api.rst:151
+#: ../../automation/vyos-api.rst:188
msgid "add an image"
msgstr "add an image"
@@ -784,7 +876,7 @@ msgstr "cloud-init logs to /var/log/cloud-init.log. This file can be helpful in
msgid "commands.txt"
msgstr "commands.txt"
-#: ../../automation/vyos-api.rst:168
+#: ../../automation/vyos-api.rst:205
msgid "delete an image, for example ``1.3-rolling-202006070117``"
msgstr "delete an image, for example ``1.3-rolling-202006070117``"
diff --git a/docs/_locale/pt/cli.pot b/docs/_locale/pt/cli.pot
index 61aae75c..34644e74 100644
--- a/docs/_locale/pt/cli.pot
+++ b/docs/_locale/pt/cli.pot
@@ -124,15 +124,19 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to `
msgid "Get a collection of all the set commands required which led to the running configuration."
msgstr "Get a collection of all the set commands required which led to the running configuration."
-#: ../../cli.rst:930
+#: ../../cli.rst:933
msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
-#: ../../cli.rst:916
+#: ../../cli.rst:919
msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
#: ../../cli.rst:413
+msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+
+#: ../../cli.rst:413
msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
@@ -168,7 +172,7 @@ msgstr "Remote Archive"
msgid "Rename a configuration element."
msgstr "Rename a configuration element."
-#: ../../cli.rst:914
+#: ../../cli.rst:917
msgid "Restore Default"
msgstr "Restore Default"
@@ -184,7 +188,7 @@ msgstr "Rollback Changes"
msgid "Rollback to revision N (currently requires reboot)"
msgstr "Rollback to revision N (currently requires reboot)"
-#: ../../cli.rst:881
+#: ../../cli.rst:884
msgid "Saving and loading manually"
msgstr "Saving and loading manually"
@@ -244,11 +248,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:
msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
-#: ../../cli.rst:869
+#: ../../cli.rst:872
msgid "The number of revisions don't affect the commit-archive."
msgstr "The number of revisions don't affect the commit-archive."
-#: ../../cli.rst:927
+#: ../../cli.rst:930
msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
@@ -280,7 +284,7 @@ msgstr "To remove an existing comment from your current configuration, specify a
msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
-#: ../../cli.rst:892
+#: ../../cli.rst:895
msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
@@ -352,7 +356,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper
msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
-#: ../../cli.rst:886
+#: ../../cli.rst:889
msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
@@ -364,6 +368,10 @@ msgstr "When viewing in page mode the following commands are available:"
msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+#: ../../cli.rst:370
+msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+
#: ../../cli.rst:618
msgid "You can also rename config subtrees:"
msgstr "You can also rename config subtrees:"
@@ -384,15 +392,15 @@ msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down wit
msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
-#: ../../cli.rst:883
+#: ../../cli.rst:886
msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
-#: ../../cli.rst:871
+#: ../../cli.rst:874
msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
-#: ../../cli.rst:924
+#: ../../cli.rst:927
msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
@@ -404,6 +412,18 @@ msgstr "``b`` will scroll back one page"
msgid "``ftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``ftp://<user>:<passwd>@<host>/<dir>``"
+#: ../../cli.rst:870
+msgid "``git+https://<user>:<passwd>@<host>/<path>``"
+msgstr "``git+https://<user>:<passwd>@<host>/<path>``"
+
+#: ../../cli.rst:864
+msgid "``http://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``http://<user>:<passwd>@<host>:/<dir>``"
+
+#: ../../cli.rst:865
+msgid "``https://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``https://<user>:<passwd>@<host>:/<dir>``"
+
#: ../../cli.rst:71
msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
@@ -416,11 +436,11 @@ msgstr "``q`` key can be used to cancel output"
msgid "``return`` will scroll down one line"
msgstr "``return`` will scroll down one line"
-#: ../../cli.rst:864
+#: ../../cli.rst:868
msgid "``scp://<user>:<passwd>@<host>:/<dir>``"
msgstr "``scp://<user>:<passwd>@<host>:/<dir>``"
-#: ../../cli.rst:865
+#: ../../cli.rst:867
msgid "``sftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
@@ -428,7 +448,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
msgid "``space`` will scroll down one page"
msgstr "``space`` will scroll down one page"
-#: ../../cli.rst:867
+#: ../../cli.rst:869
msgid "``tftp://<host>/<dir>``"
msgstr "``tftp://<host>/<dir>``"
diff --git a/docs/_locale/pt/configexamples.pot b/docs/_locale/pt/configexamples.pot
index 3ea7db0c..bbc06225 100644
--- a/docs/_locale/pt/configexamples.pot
+++ b/docs/_locale/pt/configexamples.pot
@@ -211,22 +211,18 @@ msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them."
msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them."
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
msgid "64496:1"
msgstr "64496:1"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
msgid "64496:100"
msgstr "64496:100"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
msgid "64496:2"
msgstr "64496:2"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
msgid "64496:50"
msgstr "64496:50"
@@ -276,7 +272,7 @@ msgstr "A brief excursion into VRFs: This has been one of the longest-standing f
msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
-#: ../../configexamples/index.rst:35
+#: ../../configexamples/index.rst:37
msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
@@ -322,10 +318,22 @@ msgstr "Active Directory on Windows server"
msgid "Add (temporary) default route"
msgstr "Add (temporary) default route"
+#: ../../configexamples/ansible.rst:73
+msgid "Add all the hosts of VyOS:"
+msgstr "Add all the hosts of VyOS:"
+
+#: ../../configexamples/ansible.rst:85
+msgid "Add general variables:"
+msgstr "Add general variables:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47
msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
+#: ../../configexamples/ansible.rst:99
+msgid "Add the simple playbook with the tasks for each router:"
+msgstr "Add the simple playbook with the tasks for each router:"
+
#: ../../configexamples/wan-load-balancing.rst:167
msgid "Adding a rule for the second interface"
msgstr "Adding a rule for the second interface"
@@ -426,11 +434,15 @@ msgstr "And show all DHCP Leases"
msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig."
msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig."
-#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None
-#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None
+#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1
msgid "Ansible Example topology image"
msgstr "Ansible Example topology image"
+#: ../../configexamples/ansible.rst:7
+msgid "Ansible example"
+msgstr "Ansible example"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10
msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
@@ -559,6 +571,10 @@ msgstr "Basic Firewall"
msgid "Basic Setup (via console)"
msgstr "Basic Setup (via console)"
+#: ../../configexamples/ansible.rst:64
+msgid "Basik configuration of the ansible.cfg:"
+msgstr "Basik configuration of the ansible.cfg:"
+
#: ../../configexamples/qos.rst:74
msgid "Before the interface eth0 on router VyOS3"
msgstr "Before the interface eth0 on router VyOS3"
@@ -611,6 +627,14 @@ msgstr "Check the result"
msgid "Check the result."
msgstr "Check the result."
+#: ../../configexamples/ansible.rst:142
+msgid "Check the result on the vyos10 router:"
+msgstr "Check the result on the vyos10 router:"
+
+#: ../../configexamples/ansible.rst:51
+msgid "Check the version:"
+msgstr "Check the version:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164
msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
@@ -619,6 +643,10 @@ msgstr "Checking the routing table of the VRF should reveal both static and conn
msgid "Checking through op-mode commands"
msgstr "Checking through op-mode commands"
+#: ../../configexamples/site-2-site-cisco.rst:71
+msgid "Cisco"
+msgstr "Cisco"
+
#: ../../configexamples/ha.rst:90
msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
@@ -652,6 +680,7 @@ msgstr "Conclusions"
#: ../../configexamples/ospf-unnumbered.rst:12
#: ../../configexamples/policy-based-ipsec-and-firewall.rst:47
#: ../../configexamples/segment-routing-isis.rst:24
+#: ../../configexamples/site-2-site-cisco.rst:18
msgid "Configuration"
msgstr "Configuration"
@@ -675,7 +704,7 @@ msgstr "Configuration 'dcsp' and shaper using QoS"
msgid "Configuration Blueprints"
msgstr "Configuration Blueprints"
-#: ../../configexamples/index.rst:28
+#: ../../configexamples/index.rst:30
msgid "Configuration Blueprints (autotest)"
msgstr "Configuration Blueprints (autotest)"
@@ -856,7 +885,7 @@ msgstr "Dynamic routing used between CE and PE nodes and eBGP peering establishe
msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
-#: ../../configexamples/index.rst:32
+#: ../../configexamples/index.rst:34
msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
@@ -962,6 +991,10 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman
msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
+#: ../../configexamples/site-2-site-cisco.rst:9
+msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+
#: ../../configexamples/ha.rst:60
msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
@@ -998,6 +1031,10 @@ msgstr "From Management to Outside (fails as intended)"
msgid "Full configuration from all devices"
msgstr "Full configuration from all devices"
+#: ../../configexamples/site-2-site-cisco.rst:23
+msgid "GRE:"
+msgstr "GRE:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19
msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
@@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:"
msgid "IP Schema"
msgstr "IP Schema"
+#: ../../configexamples/site-2-site-cisco.rst:34
+msgid "IPsec:"
+msgstr "IPsec:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85
msgid "IPv4 Network"
msgstr "IPv4 Network"
@@ -1171,6 +1212,10 @@ msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS sys
msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
+#: ../../configexamples/ansible.rst:216
+msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+
#: ../../configexamples/ha.rst:154
msgid "In this case, the hardware router has a different IP, so it would be"
msgstr "In this case, the hardware router has a different IP, so it would be"
@@ -1191,6 +1236,10 @@ msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream
msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
+#: ../../configexamples/ansible.rst:12
+msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42
msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication."
msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication."
@@ -1215,6 +1264,14 @@ msgstr "Information about Ethernet Virtual Private Networks"
msgid "Information about prefix-sid and label-operation from VyOS"
msgstr "Information about prefix-sid and label-operation from VyOS"
+#: ../../configexamples/ansible.rst:37
+msgid "Install the Ansible:"
+msgstr "Install the Ansible:"
+
+#: ../../configexamples/ansible.rst:44
+msgid "Install the paramiko:"
+msgstr "Install the paramiko:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3
msgid "Inter-VRF Routing over VRF Lite"
msgstr "Inter-VRF Routing over VRF Lite"
@@ -1276,7 +1333,7 @@ msgstr "Keep networks isolated is -in general- a good principle, but there are c
msgid "L3VPN EVPN with VyOS"
msgstr "L3VPN EVPN with VyOS"
-#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None
+#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1
msgid "L3VPN EVPN with VyOS topology image"
msgstr "L3VPN EVPN with VyOS topology image"
@@ -1403,29 +1460,14 @@ msgstr "Network Cabling"
msgid "Network Topology"
msgstr "Network Topology"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None
-#: ../../configexamples/l3vpn-hub-and-spoke.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/pppoe-ipv6-basic.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/zone-policy.rst:None
+#: ../../configexamples/ansible.rst:-1
+#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1
+#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1
+#: ../../configexamples/nmp.rst:-1
+#: ../../configexamples/pppoe-ipv6-basic.rst:-1
+#: ../../configexamples/qos.rst:-1
+#: ../../configexamples/wan-load-balancing.rst:-1
+#: ../../configexamples/zone-policy.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -1457,7 +1499,7 @@ msgstr "Node"
msgid "Note that router1 is a VM that runs on one of the compute nodes."
msgstr "Note that router1 is a VM that runs on one of the compute nodes."
-#: ../../configexamples/pppoe-ipv6-basic.rst:111
+#: ../../configexamples/pppoe-ipv6-basic.rst:115
msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
@@ -1554,7 +1596,7 @@ msgstr "One cable/logical connection between LAN2 and Management"
msgid "OpenVPN with LDAP"
msgstr "OpenVPN with LDAP"
-#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None
+#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1
msgid "OpenVPN with LDAP topology image"
msgstr "OpenVPN with LDAP topology image"
@@ -1793,6 +1835,10 @@ msgstr "Sets your LAN interface's IP address"
msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
+#: ../../configexamples/ansible.rst:10
+msgid "Setting up Ansible on a server running the Debian operating system."
+msgstr "Setting up Ansible on a server running the Debian operating system."
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51
msgid "Setup the ipv6 default route to the tunnel interface"
msgstr "Setup the ipv6 default route to the tunnel interface"
@@ -1809,6 +1855,10 @@ msgstr "Similarly, to attach the firewall, you would use `set interfaces etherne
msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
+#: ../../configexamples/site-2-site-cisco.rst:128
+msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+
#: ../../configexamples/zone-policy.rst:236
msgid "Since we have 4 zones, we need to setup the following rulesets."
msgstr "Since we have 4 zones, we need to setup the following rulesets."
@@ -1821,6 +1871,10 @@ msgstr "Single LAN Setup"
msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
+#: ../../configexamples/site-2-site-cisco.rst:4
+msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179
msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
@@ -1838,6 +1892,10 @@ msgstr "Spoke"
msgid "Start by setting the interface and default action for each zone."
msgstr "Start by setting the interface and default action for each zone."
+#: ../../configexamples/ansible.rst:122
+msgid "Start the playbook:"
+msgstr "Start the playbook:"
+
#: ../../configexamples/zone-policy.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
@@ -1909,6 +1967,11 @@ msgstr "Testdate: 2023-05-11"
msgid "Testdate: 2023-08-31"
msgstr "Testdate: 2023-08-31"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7
+msgid "Testdate: 2024-01-13"
+msgstr "Testdate: 2024-01-13"
+
#: ../../configexamples/ha.rst:276
#: ../../configexamples/ha.rst:337
msgid "Testing"
@@ -1979,7 +2042,11 @@ msgstr "The format of these addresses:"
msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
-#: ../../configexamples/index.rst:30
+#: ../../configexamples/site-2-site-cisco.rst:14
+msgid "The lab was built using EVE-NG."
+msgstr "The lab was built using EVE-NG."
+
+#: ../../configexamples/index.rst:32
msgid "The next pages contains automatic full tested configuration examples."
msgstr "The next pages contains automatic full tested configuration examples."
@@ -1987,7 +2054,7 @@ msgstr "The next pages contains automatic full tested configuration examples."
msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
-#: ../../configexamples/index.rst:38
+#: ../../configexamples/index.rst:40
msgid "The process will do the following steps:"
msgstr "The process will do the following steps:"
@@ -1999,6 +2066,10 @@ msgstr "The scope of this document is to cover such cases in a dynamic way witho
msgid "The setup used in this example is shown in the following diagram:"
msgstr "The setup used in this example is shown in the following diagram:"
+#: ../../configexamples/ansible.rst:161
+msgid "The simple way without configuration of the hostname (one task for all routers):"
+msgstr "The simple way without configuration of the hostname (one task for all routers):"
+
#: ../../configexamples/ha.rst:339
msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
@@ -2079,6 +2150,10 @@ msgstr "This example uses the failover mode."
msgid "This gives us MPLS segment routing enabled and labels forwarding :"
msgstr "This gives us MPLS segment routing enabled and labels forwarding :"
+#: ../../configexamples/site-2-site-cisco.rst:6
+msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+
#: ../../configexamples/azure-vpn-dual-bgp.rst:8
msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
@@ -2196,7 +2271,7 @@ msgstr "Transport:"
msgid "Tunnelbroker.net (IPv6)"
msgstr "Tunnelbroker.net (IPv6)"
-#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1
msgid "Tunnelbroker topology image"
msgstr "Tunnelbroker topology image"
@@ -2212,6 +2287,7 @@ msgstr "Two rules will be created, the first rule directs traffic coming in from
msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
+#: ../../configexamples/ansible.rst:15
#: ../../configexamples/qos.rst:16
msgid "Using the general schema for example:"
msgstr "Using the general schema for example:"
@@ -2245,6 +2321,7 @@ msgstr "VRRP Configuration"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829
+#: ../../configexamples/site-2-site-cisco.rst:134
msgid "Verification"
msgstr "Verification"
@@ -2264,9 +2341,18 @@ msgid "Version: 1.4-rolling-202308240020"
msgstr "Version: 1.4-rolling-202308240020"
#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8
+msgid "Version: 1.5-rolling-202401121239"
+msgstr "Version: 1.5-rolling-202401121239"
+
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
msgid "Version: vyos-1.4-rolling-202302150317"
msgstr "Version: vyos-1.4-rolling-202302150317"
+#: ../../configexamples/site-2-site-cisco.rst:21
+msgid "VyOS"
+msgstr "VyOS"
+
#: ../../configexamples/l3vpn-hub-and-spoke.rst:1025
msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
@@ -2434,6 +2520,10 @@ msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF t
msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
+#: ../../configexamples/ansible.rst:22
+msgid "We have four pre-configured routers with this configuration:"
+msgstr "We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/zone-policy.rst:25
msgid "We have three networks."
msgstr "We have three networks."
@@ -2623,15 +2713,15 @@ msgstr "compute3 - Port 11 of each switch"
msgid "compute3 (VMware ESXi 6.5)"
msgstr "compute3 (VMware ESXi 6.5)"
-#: ../../configexamples/index.rst:41
+#: ../../configexamples/index.rst:43
msgid "configure each host in the lab"
msgstr "configure each host in the lab"
-#: ../../configexamples/index.rst:40
+#: ../../configexamples/index.rst:42
msgid "create the lab on a eve-ng server"
msgstr "create the lab on a eve-ng server"
-#: ../../configexamples/index.rst:42
+#: ../../configexamples/index.rst:44
msgid "do some defined tests"
msgstr "do some defined tests"
@@ -2652,7 +2742,7 @@ msgstr "extended community and remote label of specific destination"
msgid "first the PCA"
msgstr "first the PCA"
-#: ../../configexamples/index.rst:44
+#: ../../configexamples/index.rst:46
msgid "generate the documentation and include files"
msgstr "generate the documentation and include files"
@@ -2664,7 +2754,7 @@ msgstr "green uses local routing table id and VNI 4000"
msgid "information between PE and CE:"
msgstr "information between PE and CE:"
-#: ../../configexamples/index.rst:43
+#: ../../configexamples/index.rst:45
msgid "optional do an upgrade to a higher version and do step 3 again."
msgstr "optional do an upgrade to a higher version and do step 3 again."
@@ -2680,7 +2770,7 @@ msgstr "router2 (Random 1RU machine with 4 NICs)"
msgid "save the output to a file and import it in nearly all openvpn clients."
msgstr "save the output to a file and import it in nearly all openvpn clients."
-#: ../../configexamples/index.rst:45
+#: ../../configexamples/index.rst:47
msgid "shutdown and destroy the lab, if there is no error"
msgstr "shutdown and destroy the lab, if there is no error"
@@ -2700,6 +2790,22 @@ msgstr "switch2 (Nexus 10gb Switch)"
msgid "v6 pairs would be:"
msgstr "v6 pairs would be:"
+#: ../../configexamples/ansible.rst:34
+msgid "vyos10 - 192.0.2.108"
+msgstr "vyos10 - 192.0.2.108"
+
+#: ../../configexamples/ansible.rst:31
+msgid "vyos7 - 192.0.2.105"
+msgstr "vyos7 - 192.0.2.105"
+
+#: ../../configexamples/ansible.rst:32
+msgid "vyos8 - 192.0.2.106"
+msgstr "vyos8 - 192.0.2.106"
+
+#: ../../configexamples/ansible.rst:33
+msgid "vyos9 - 192.0.2.107"
+msgstr "vyos9 - 192.0.2.107"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571
msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot
index 8b7aff49..01486200 100644
--- a/docs/_locale/pt/configuration.pot
+++ b/docs/_locale/pt/configuration.pot
@@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag"
msgid "\"Other configuration\" flag"
msgstr "\"Other configuration\" flag"
+#: ../../configuration/firewall/flowtables.rst:5
+msgid "###################ä############# Flowtables Firewall Configuration #################################"
+msgstr "###################ä############# Flowtables Firewall Configuration #################################"
+
#: ../../configuration/protocols/babel.rst:146
msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
@@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic."
msgid "**Apply the traffic policy to an interface ingress or egress**."
msgstr "**Apply the traffic policy to an interface ingress or egress**."
+#: ../../configuration/firewall/index.rst:22
+msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+
+#: ../../configuration/firewall/index.rst:23
+msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+
#: ../../configuration/interfaces/tunnel.rst:137
msgid "**Cisco IOS Router:**"
msgstr "**Cisco IOS Router:**"
-#: ../../configuration/service/pppoe-server.rst:69
+#: ../../configuration/service/pppoe-server.rst:66
msgid "**Client IP address via IP range definition**"
msgstr "**Client IP address via IP range definition**"
@@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**"
msgid "**Cluster-List length check**"
msgstr "**Cluster-List length check**"
+#: ../../configuration/firewall/index.rst:35
+msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+
#: ../../configuration/trafficpolicy/index.rst:30
msgid "**Create a traffic policy**."
msgstr "**Create a traffic policy**."
+#: ../../configuration/interfaces/wwan.rst:53
#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021q.txt:97
#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../configuration/interfaces/wwan.rst:53
msgid "**DHCP(v6)**"
msgstr "**DHCP(v6)**"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
msgid "**DHCPv6 Prefix Delegation (PD)**"
msgstr "**DHCPv6 Prefix Delegation (PD)**"
+#: ../../configuration/firewall/index.rst:41
+msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/firewall/index.rst:43
+msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/index.rst:44
+msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/bridge.rst:9
+#: ../../configuration/firewall/flowtables.rst:9
+msgid "**Documentation under development**"
+msgstr "**Documentation under development**"
+
#: ../../configuration/trafficpolicy/index.rst:169
msgid "**Ethernet (protocol, destination address or source address)**"
msgstr "**Ethernet (protocol, destination address or source address)**"
-#: ../../configuration/service/dhcp-server.rst:235
-#: ../../configuration/service/dhcp-server.rst:657
-#: ../../configuration/service/dhcp-server.rst:694
+#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/service/dhcp-server.rst:587
+#: ../../configuration/service/dhcp-server.rst:626
msgid "**Example:**"
msgstr "**Example:**"
@@ -177,10 +182,30 @@ msgstr "**External check**"
msgid "**Firewall mark**"
msgstr "**Firewall mark**"
-#: ../../configuration/firewall/index.rst:41
+#: ../../configuration/firewall/flowtables.rst:51
+msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+
+#: ../../configuration/firewall/index.rst:152
msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
+#: ../../configuration/firewall/index.rst:58
+msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:86
+msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/index.rst:87
+msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/flowtables.rst:83
+msgid "**Hardware offload:** should be supported by the NICs used."
+msgstr "**Hardware offload:** should be supported by the NICs used."
+
#: ../../configuration/protocols/bgp.rst:94
msgid "**IGP cost check**"
msgstr "**IGP cost check**"
@@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr
msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
+#: ../../configuration/firewall/ipv4.rst:60
+#: ../../configuration/firewall/ipv6.rst:60
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+
+#: ../../configuration/firewall/bridge.rst:143
+#: ../../configuration/firewall/ipv4.rst:190
+#: ../../configuration/firewall/ipv6.rst:190
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+
#: ../../configuration/firewall/general.rst:72
msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
@@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term
msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
+#: ../../configuration/firewall/index.rst:48
+msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:49
+msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/trafficpolicy/index.rst:170
msgid "**Interface name**"
msgstr "**Interface name**"
-#: ../../configuration/vpn/site2site_ipsec.rst:299
+#: ../../configuration/vpn/site2site_ipsec.rst:303
msgid "**LEFT**"
msgstr "**LEFT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:283
+#: ../../configuration/vpn/site2site_ipsec.rst:287
msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
-#: ../../configuration/interfaces/vxlan.rst:214
+#: ../../configuration/firewall/bridge.rst:48
+msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+
+#: ../../configuration/interfaces/vxlan.rst:235
msgid "**Leaf2 configuration:**"
msgstr "**Leaf2 configuration:**"
-#: ../../configuration/interfaces/vxlan.rst:239
+#: ../../configuration/interfaces/vxlan.rst:260
msgid "**Leaf3 configuration:**"
msgstr "**Leaf3 configuration:**"
@@ -261,33 +309,33 @@ msgstr "**MED check**"
msgid "**Multi-path check**"
msgstr "**Multi-path check**"
-#: ../../configuration/protocols/bgp.rst:1192
+#: ../../configuration/protocols/bgp.rst:1193
msgid "**Node1:**"
msgstr "**Node1:**"
-#: ../../configuration/protocols/bgp.rst:1220
+#: ../../configuration/protocols/bgp.rst:1221
msgid "**Node2:**"
msgstr "**Node2:**"
#: ../../configuration/protocols/ospf.rst:840
#: ../../configuration/protocols/ospf.rst:913
#: ../../configuration/protocols/ospf.rst:985
-#: ../../configuration/protocols/ospf.rst:1348
+#: ../../configuration/protocols/ospf.rst:1350
#: ../../configuration/protocols/segment-routing.rst:281
msgid "**Node 1**"
msgstr "**Node 1**"
#: ../../configuration/protocols/babel.rst:192
-#: ../../configuration/protocols/bgp.rst:1102
-#: ../../configuration/protocols/bgp.rst:1129
-#: ../../configuration/protocols/bgp.rst:1147
-#: ../../configuration/protocols/bgp.rst:1175
-#: ../../configuration/protocols/isis.rst:313
-#: ../../configuration/protocols/isis.rst:388
-#: ../../configuration/protocols/isis.rst:429
-#: ../../configuration/protocols/isis.rst:467
+#: ../../configuration/protocols/bgp.rst:1103
+#: ../../configuration/protocols/bgp.rst:1130
+#: ../../configuration/protocols/bgp.rst:1148
+#: ../../configuration/protocols/bgp.rst:1176
+#: ../../configuration/protocols/isis.rst:341
+#: ../../configuration/protocols/isis.rst:416
+#: ../../configuration/protocols/isis.rst:457
+#: ../../configuration/protocols/isis.rst:495
#: ../../configuration/protocols/ospf.rst:948
-#: ../../configuration/protocols/ospf.rst:1318
+#: ../../configuration/protocols/ospf.rst:1320
#: ../../configuration/protocols/rip.rst:243
#: ../../configuration/protocols/segment-routing.rst:195
msgid "**Node 1:**"
@@ -296,20 +344,20 @@ msgstr "**Node 1:**"
#: ../../configuration/protocols/ospf.rst:850
#: ../../configuration/protocols/ospf.rst:930
#: ../../configuration/protocols/ospf.rst:1001
-#: ../../configuration/protocols/ospf.rst:1363
+#: ../../configuration/protocols/ospf.rst:1365
#: ../../configuration/protocols/segment-routing.rst:296
msgid "**Node 2**"
msgstr "**Node 2**"
#: ../../configuration/protocols/babel.rst:202
-#: ../../configuration/protocols/bgp.rst:1113
-#: ../../configuration/protocols/bgp.rst:1135
-#: ../../configuration/protocols/bgp.rst:1159
-#: ../../configuration/protocols/bgp.rst:1181
-#: ../../configuration/protocols/isis.rst:324
-#: ../../configuration/protocols/isis.rst:404
-#: ../../configuration/protocols/isis.rst:483
-#: ../../configuration/protocols/ospf.rst:1327
+#: ../../configuration/protocols/bgp.rst:1114
+#: ../../configuration/protocols/bgp.rst:1136
+#: ../../configuration/protocols/bgp.rst:1160
+#: ../../configuration/protocols/bgp.rst:1182
+#: ../../configuration/protocols/isis.rst:352
+#: ../../configuration/protocols/isis.rst:432
+#: ../../configuration/protocols/isis.rst:511
+#: ../../configuration/protocols/ospf.rst:1329
#: ../../configuration/protocols/rip.rst:251
#: ../../configuration/protocols/segment-routing.rst:211
msgid "**Node 2:**"
@@ -331,15 +379,39 @@ msgstr "**One gateway:**"
msgid "**Origin check**"
msgstr "**Origin check**"
+#: ../../configuration/firewall/index.rst:64
+msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:65
+msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/protocols/bgp.rst:125
msgid "**Peer address**"
msgstr "**Peer address**"
+#: ../../configuration/firewall/index.rst:38
+msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+
#: ../../configuration/policy/examples.rst:5
msgid "**Policy definition:**"
msgstr "**Policy definition:**"
-#: ../../configuration/service/dhcp-server.rst:450
+#: ../../configuration/firewall/index.rst:76
+msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+
+#: ../../configuration/firewall/index.rst:29
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/firewall/index.rst:28
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/service/dhcp-server.rst:391
msgid "**Primary**"
msgstr "**Primary**"
@@ -401,19 +473,19 @@ msgstr "**R2**"
msgid "**R2 Static Key**"
msgstr "**R2 Static Key**"
-#: ../../configuration/service/pppoe-server.rst:104
+#: ../../configuration/service/pppoe-server.rst:91
msgid "**RADIUS based IP pools (Framed-IP-Address)**"
msgstr "**RADIUS based IP pools (Framed-IP-Address)**"
-#: ../../configuration/service/pppoe-server.rst:128
+#: ../../configuration/service/pppoe-server.rst:115
msgid "**RADIUS sessions management DM/CoA**"
msgstr "**RADIUS sessions management DM/CoA**"
-#: ../../configuration/vpn/site2site_ipsec.rst:335
+#: ../../configuration/vpn/site2site_ipsec.rst:343
msgid "**RIGHT**"
msgstr "**RIGHT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:289
+#: ../../configuration/vpn/site2site_ipsec.rst:293
msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
@@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172
msgid "**Router-ID check**"
msgstr "**Router-ID check**"
-#: ../../configuration/protocols/igmp.rst:46
+#: ../../configuration/protocols/pim.rst:228
msgid "**Router 1**"
msgstr "**Router 1**"
-#: ../../configuration/protocols/igmp.rst:74
+#: ../../configuration/protocols/pim.rst:256
msgid "**Router 2**"
msgstr "**Router 2**"
-#: ../../configuration/protocols/igmp.rst:59
+#: ../../configuration/protocols/pim.rst:241
msgid "**Router 3**"
msgstr "**Router 3**"
@@ -449,7 +521,7 @@ msgstr "**SW1**"
msgid "**SW2**"
msgstr "**SW2**"
-#: ../../configuration/service/dhcp-server.rst:459
+#: ../../configuration/service/dhcp-server.rst:400
msgid "**Secondary**"
msgstr "**Secondary**"
@@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**"
msgid "**Setting up the GRE tunnel**"
msgstr "**Setting up the GRE tunnel**"
-#: ../../configuration/interfaces/vxlan.rst:191
+#: ../../configuration/firewall/index.rst:80
+msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/interfaces/vxlan.rst:212
msgid "**Spine1 Configuration:**"
msgstr "**Spine1 Configuration:**"
-#: ../../configuration/protocols/ospf.rst:1378
+#: ../../configuration/protocols/ospf.rst:1380
msgid "**Status**"
msgstr "**Status**"
-#: ../../configuration/protocols/ospf.rst:1336
+#: ../../configuration/protocols/ospf.rst:1338
msgid "**To see the redistributed routes:**"
msgstr "**To see the redistributed routes:**"
@@ -490,48 +566,12 @@ msgstr "**VyOS Router:**"
msgid "**Weight check**"
msgstr "**Weight check**"
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
+#: ../../_include/interface-dhcp-options.txt:74
msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
@@ -579,51 +619,19 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe
msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
-#: ../../configuration/vpn/sstp.rst:188
+#: ../../configuration/vpn/sstp.rst:199
msgid "**deny** - deny mppe"
msgstr "**deny** - deny mppe"
-#: ../../configuration/nat/nat44.rst:201
+#: ../../configuration/nat/nat44.rst:213
msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
@@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server
msgid "**discard:** Received packets which already contain relay information will be discarded."
msgstr "**discard:** Received packets which already contain relay information will be discarded."
-#: ../../configuration/protocols/igmp.rst:195
+#: ../../configuration/protocols/igmp-proxy.rst:23
msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
@@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow
msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
-#: ../../configuration/firewall/general.rst:99
+#: ../../configuration/firewall/global-options.rst:36
msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
@@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen
msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
+#: ../../configuration/nat/nat44.rst:165
+msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
#: ../../configuration/interfaces/bonding.rst:161
msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
@@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c
msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
-#: ../../configuration/vpn/sstp.rst:187
+#: ../../configuration/nat/nat44.rst:149
+msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
+#: ../../configuration/vpn/sstp.rst:198
msgid "**prefer** - ask client for mppe, if it rejects don't fail"
msgstr "**prefer** - ask client for mppe, if it rejects don't fail"
@@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro
msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
-#: ../../configuration/nat/nat44.rst:169
+#: ../../configuration/nat/nat44.rst:181
msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
@@ -767,7 +783,7 @@ msgstr "**remote side - commands**"
msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
-#: ../../configuration/vpn/sstp.rst:186
+#: ../../configuration/vpn/sstp.rst:197
msgid "**require** - ask client for mppe, if it rejects drop connection"
msgstr "**require** - ask client for mppe, if it rejects drop connection"
@@ -779,7 +795,7 @@ msgstr "**right**"
msgid "**setpcap**: Capability sets (from bounded or inherited set)"
msgstr "**setpcap**: Capability sets (from bounded or inherited set)"
-#: ../../configuration/nat/nat44.rst:183
+#: ../../configuration/nat/nat44.rst:195
msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
@@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock"
msgid "**transition** - Send and accept both styles of TLVs during transition."
msgstr "**transition** - Send and accept both styles of TLVs during transition."
-#: ../../configuration/protocols/igmp.rst:191
+#: ../../configuration/protocols/igmp-proxy.rst:19
msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
@@ -860,25 +876,6 @@ msgid "011110"
msgstr "011110"
#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
msgid "0: Disable DAD"
msgstr "0: Disable DAD"
@@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing."
msgid "0 if not defined."
msgstr "0 if not defined."
-#: ../../configuration/service/dhcp-server.rst:270
+#: ../../configuration/service/dhcp-server.rst:237
#: ../../configuration/system/syslog.rst:114
#: ../../configuration/system/syslog.rst:173
#: ../../configuration/trafficpolicy/index.rst:801
@@ -898,7 +895,7 @@ msgstr "0 if not defined."
msgid "1"
msgstr "1"
-#: ../../configuration/nat/nat44.rst:588
+#: ../../configuration/nat/nat44.rst:612
msgid "1-to-1 NAT"
msgstr "1-to-1 NAT"
@@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s"
msgid "11"
msgstr "11"
-#: ../../configuration/service/dhcp-server.rst:352
+#: ../../configuration/service/dhcp-server.rst:319
msgid "119"
msgstr "119"
@@ -963,11 +960,11 @@ msgstr "119"
msgid "12"
msgstr "12"
-#: ../../configuration/service/dhcp-server.rst:357
+#: ../../configuration/service/dhcp-server.rst:324
msgid "121, 249"
msgstr "121, 249"
-#: ../../configuration/service/dhcp-server.rst:337
+#: ../../configuration/service/dhcp-server.rst:304
#: ../../configuration/system/syslog.rst:138
#: ../../configuration/trafficpolicy/index.rst:870
msgid "13"
@@ -979,7 +976,7 @@ msgstr "13"
msgid "14"
msgstr "14"
-#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:264
#: ../../configuration/system/syslog.rst:142
#: ../../configuration/trafficpolicy/index.rst:866
msgid "15"
@@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)"
msgid "18"
msgstr "18"
-#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:269
#: ../../configuration/system/syslog.rst:150
msgid "19"
msgstr "19"
@@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)"
msgid "1. Create an event handler"
msgstr "1. Create an event handler"
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
+#: ../../configuration/firewall/flowtables.rst:144
+msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+
#: ../../_include/interface-ipv6.txt:80
msgid "1: Enable DAD (default)"
msgstr "1: Enable DAD (default)"
@@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)"
msgid "1 if not defined."
msgstr "1 if not defined."
-#: ../../configuration/service/dhcp-server.rst:276
+#: ../../configuration/service/dhcp-server.rst:243
#: ../../configuration/system/syslog.rst:116
#: ../../configuration/system/syslog.rst:178
#: ../../configuration/trafficpolicy/index.rst:799
@@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s"
msgid "2500 - 2.5 GBit/s"
msgstr "2500 - 2.5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dhcp-server.rst:329
msgid "252"
msgstr "252"
@@ -1097,30 +1079,15 @@ msgstr "2FA OTP support"
msgid "2. Add regex to the script"
msgstr "2. Add regex to the script"
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
+#: ../../configuration/firewall/flowtables.rst:148
+msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+
#: ../../_include/interface-ipv6.txt:81
msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
-#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:249
#: ../../configuration/system/syslog.rst:118
#: ../../configuration/system/syslog.rst:181
#: ../../configuration/trafficpolicy/index.rst:797
@@ -1148,7 +1115,7 @@ msgstr "38"
msgid "3. Add a full path to the script"
msgstr "3. Add a full path to the script"
-#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:254
#: ../../configuration/system/syslog.rst:120
#: ../../configuration/system/syslog.rst:183
#: ../../configuration/trafficpolicy/index.rst:795
@@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s"
msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
-#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:274
msgid "42"
msgstr "42"
-#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:279
msgid "44"
msgstr "44"
@@ -1180,6 +1147,10 @@ msgstr "46"
msgid "4. Add optional parameters"
msgstr "4. Add optional parameters"
+#: ../../configuration/firewall/flowtables.rst:153
+msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+
#: ../../configuration/system/syslog.rst:122
#: ../../configuration/system/syslog.rst:185
#: ../../configuration/trafficpolicy/index.rst:793
@@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s"
msgid "5000 - 5 GBit/s"
msgstr "5000 - 5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:284
msgid "54"
msgstr "54"
+#: ../../configuration/firewall/flowtables.rst:157
+msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+
#: ../../configuration/highavailability/index.rst:257
#: ../../configuration/highavailability/index.rst:288
msgid "5 if not defined."
msgstr "5 if not defined."
-#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:259
#: ../../configuration/system/syslog.rst:124
#: ../../configuration/system/syslog.rst:189
#: ../../configuration/trafficpolicy/index.rst:791
@@ -1212,7 +1187,7 @@ msgstr "5 if not defined."
msgid "6"
msgstr "6"
-#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:294
msgid "66"
msgstr "66"
@@ -1220,14 +1195,18 @@ msgstr "66"
msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
-#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:299
msgid "67"
msgstr "67"
-#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:309
msgid "69"
msgstr "69"
+#: ../../configuration/firewall/flowtables.rst:161
+msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+
#: ../../configuration/interfaces/tunnel.rst:81
msgid "6in4 (SIT)"
msgstr "6in4 (SIT)"
@@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin
msgid "7"
msgstr "7"
-#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:314
msgid "70"
msgstr "70"
@@ -1252,11 +1231,6 @@ msgid "8"
msgstr "8"
#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
@@ -1325,22 +1299,31 @@ msgstr "<x.x.x.x>-<x.x.x.x>: IP range to match."
msgid "<x.x.x.x>: IP address to match."
msgstr "<x.x.x.x>: IP address to match."
+#: ../../configuration/pki/index.rst:252
+msgid "ACME"
+msgstr "ACME"
+
+#: ../../configuration/pki/index.rst:281
+msgid "ACME Directory Resource URI."
+msgstr "ACME Directory Resource URI."
+
+#: ../../configuration/service/https.rst:59
+msgid "API"
+msgstr "API"
+
#: ../../configuration/protocols/static.rst:150
msgid "ARP"
msgstr "ARP"
-#: ../../configuration/firewall/general.rst:302
-#: ../../configuration/firewall/general-legacy.rst:257
+#: ../../configuration/firewall/groups.rst:129
msgid "A **domain group** represents a collection of domains."
msgstr "A **domain group** represents a collection of domains."
-#: ../../configuration/firewall/general.rst:284
-#: ../../configuration/firewall/general-legacy.rst:242
+#: ../../configuration/firewall/groups.rst:111
msgid "A **mac group** represents a collection of mac addresses."
msgstr "A **mac group** represents a collection of mac addresses."
-#: ../../configuration/firewall/general.rst:259
-#: ../../configuration/firewall/general-legacy.rst:217
+#: ../../configuration/firewall/groups.rst:86
msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
@@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by
msgid "A Rule-Set can be applied to every interface:"
msgstr "A Rule-Set can be applied to every interface:"
-#: ../../configuration/service/dhcp-server.rst:631
+#: ../../configuration/service/dhcp-server.rst:561
msgid "A SNTP server address can be specified for DHCPv6 clients."
msgstr "A SNTP server address can be specified for DHCPv6 clients."
@@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac
msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
-#: ../../configuration/service/dns.rst:149
+#: ../../configuration/service/dns.rst:162
msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
-#: ../../configuration/service/dhcp-server.rst:603
+#: ../../configuration/service/dhcp-server.rst:533
msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
@@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used
msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
-#: ../../configuration/firewall/zone.rst:54
+#: ../../configuration/firewall/zone.rst:73
msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
@@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe
msgid "A complete LDAP auth OpenVPN configuration could look like the following example:"
msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:"
-#: ../../configuration/vpn/sstp.rst:323
+#: ../../configuration/vpn/sstp.rst:335
msgid "A connection attempt will be shown as:"
msgstr "A connection attempt will be shown as:"
@@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w
msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
-#: ../../configuration/nat/nat44.rst:685
+#: ../../configuration/nat/nat44.rst:709
msgid "A dummy interface for the provider-assigned IP;"
msgstr "A dummy interface for the provider-assigned IP;"
@@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi
msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
-#: ../../configuration/service/dhcp-server.rst:187
+#: ../../configuration/service/dhcp-server.rst:152
msgid "A generic `<name>` referencing this sync service."
msgstr "A generic `<name>` referencing this sync service."
@@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik
msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
+#: ../../configuration/firewall/flowtables.rst:44
+msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+
#: ../../configuration/protocols/bgp.rst:698
msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
@@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt
msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
-#: ../../configuration/nat/nat44.rst:360
+#: ../../configuration/nat/nat44.rst:374
msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"
msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:"
-#: ../../configuration/firewall/general.rst:761
-#: ../../configuration/firewall/general-legacy.rst:506
+#: ../../configuration/firewall/ipv4.rst:485
+#: ../../configuration/firewall/ipv6.rst:491
msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."
msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``."
@@ -1536,23 +1523,14 @@ msgid "A segment ID that contains an IP address prefix calculated by an IGP in t
msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it"
#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
-#: ../../configuration/service/dhcp-server.rst:659
+#: ../../configuration/service/dhcp-server.rst:589
msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
-#: ../../configuration/protocols/bgp.rst:1145
+#: ../../configuration/protocols/bgp.rst:1146
msgid "A simple BGP configuration via IPv6."
msgstr "A simple BGP configuration via IPv6."
@@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6."
msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
-#: ../../configuration/protocols/bgp.rst:1100
+#: ../../configuration/protocols/bgp.rst:1101
msgid "A simple eBGP configuration:"
msgstr "A simple eBGP configuration:"
@@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities."
msgid "A simple example of an FQ-CoDel policy working inside a Shaper one."
msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one."
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+
#: ../../configuration/nat/nat66.rst:28
msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
@@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa
msgid "A sync group allows VRRP groups to transition together."
msgstr "A sync group allows VRRP groups to transition together."
-#: ../../configuration/protocols/ospf.rst:1316
+#: ../../configuration/protocols/ospf.rst:1318
msgid "A typical configuration using 2 nodes."
msgstr "A typical configuration using 2 nodes."
-#: ../../configuration/nat/nat44.rst:400
+#: ../../configuration/nat/nat44.rst:414
msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
@@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header
msgid "A very small buffer will soon start dropping packets."
msgstr "A very small buffer will soon start dropping packets."
-#: ../../configuration/firewall/zone.rst:33
+#: ../../configuration/firewall/zone.rst:52
msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
-#: ../../configuration/service/dns.rst:384
+#: ../../configuration/service/dns.rst:397
msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
@@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected
msgid "Action which will be run once the ctrl-alt-del keystroke is received."
msgstr "Action which will be run once the ctrl-alt-del keystroke is received."
-#: ../../configuration/firewall/general.rst:327
+#: ../../configuration/firewall/bridge.rst:65
+#: ../../configuration/firewall/ipv4.rst:81
+#: ../../configuration/firewall/ipv6.rst:81
#: ../../configuration/policy/route.rst:238
msgid "Actions"
msgstr "Actions"
-#: ../../configuration/interfaces/openvpn.rst:431
+#: ../../configuration/interfaces/openvpn.rst:483
msgid "Active Directory"
msgstr "Active Directory"
@@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should
msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI."
msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI."
-#: ../../configuration/vpn/openconnect.rst:169
+#: ../../configuration/vpn/openconnect.rst:176
msgid "Adding a 2FA with an OTP-key"
msgstr "Adding a 2FA with an OTP-key"
@@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing
msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
-#: ../../configuration/nat/nat44.rst:738
+#: ../../configuration/nat/nat44.rst:760
msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
@@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis
msgid "Address"
msgstr "Address"
-#: ../../configuration/nat/nat44.rst:219
+#: ../../configuration/nat/nat44.rst:231
msgid "Address Conversion"
msgstr "Address Conversion"
@@ -1773,20 +1761,19 @@ msgstr "Address Conversion"
msgid "Address Families"
msgstr "Address Families"
-#: ../../configuration/firewall/general.rst:192
-#: ../../configuration/firewall/general-legacy.rst:168
+#: ../../configuration/firewall/groups.rst:19
msgid "Address Groups"
msgstr "Address Groups"
-#: ../../configuration/service/dhcp-server.rst:662
+#: ../../configuration/service/dhcp-server.rst:592
msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
-#: ../../configuration/service/dhcp-server.rst:652
+#: ../../configuration/service/dhcp-server.rst:582
msgid "Address pools"
msgstr "Address pools"
-#: ../../configuration/service/https.rst:42
+#: ../../configuration/service/https.rst:33
msgid "Address to listen for HTTPS requests"
msgstr "Address to listen for HTTPS requests"
@@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for
msgid "Administrative Distance"
msgstr "Administrative Distance"
-#: ../../configuration/nat/nat44.rst:289
+#: ../../configuration/nat/nat44.rst:301
msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
@@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix"
msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
-#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:325
msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
@@ -1846,7 +1833,7 @@ msgstr "Algorithm"
msgid "Aliases"
msgstr "Aliases"
-#: ../../configuration/service/dns.rst:154
+#: ../../configuration/service/dns.rst:167
msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
@@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes
msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
-#: ../../configuration/service/dns.rst:156
+#: ../../configuration/service/dns.rst:169
msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
@@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve
msgid "All reply sizes are accepted by default."
msgstr "All reply sizes are accepted by default."
+#: ../../configuration/protocols/pim.rst:91
+msgid "All routers in the PIM network must agree on these values."
+msgstr "All routers in the PIM network must agree on these values."
+
#: ../../configuration/system/task-scheduler.rst:10
msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
@@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an
msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
-#: ../../configuration/firewall/zone.rst:36
+#: ../../configuration/firewall/zone.rst:55
msgid "All traffic between zones is affected by existing policies"
msgstr "All traffic between zones is affected by existing policies"
-#: ../../configuration/firewall/zone.rst:35
+#: ../../configuration/firewall/zone.rst:54
msgid "All traffic to and from an interface within a zone is permitted."
msgstr "All traffic to and from an interface within a zone is permitted."
@@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy
msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
-#: ../../configuration/service/dns.rst:346
+#: ../../configuration/service/dns.rst:359
msgid "Allow explicit IPv6 address for the interface."
msgstr "Allow explicit IPv6 address for the interface."
@@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface."
msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
+#: ../../configuration/service/mdns.rst:43
+msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+
#: ../../configuration/protocols/bfd.rst:34
msgid "Allow this BFD peer to not be directly connected"
msgstr "Allow this BFD peer to not be directly connected"
-#: ../../configuration/firewall/general.rst:1137
#: ../../configuration/firewall/general-legacy.rst:694
msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
+#: ../../configuration/firewall/ipv4.rst:812
+#: ../../configuration/firewall/ipv6.rst:821
+#: ../../configuration/system/conntrack.rst:199
+msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+
#: ../../configuration/interfaces/bridge.rst:162
msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
@@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP
msgid "Already learned known_hosts files of clients need an update as the public key will change."
msgstr "Already learned known_hosts files of clients need an update as the public key will change."
-#: ../../configuration/firewall/general.rst:377
+#: ../../configuration/firewall/bridge.rst:123
+#: ../../configuration/firewall/ipv4.rst:166
+#: ../../configuration/firewall/ipv6.rst:166
msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
@@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic
msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
-#: ../../configuration/nat/nat44.rst:276
+#: ../../configuration/nat/nat44.rst:288
msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
@@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables"
msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
-#: ../../configuration/interfaces/vxlan.rst:321
+#: ../../configuration/interfaces/vxlan.rst:342
msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
-#: ../../configuration/service/dhcp-server.rst:130
+#: ../../configuration/service/dhcp-server.rst:116
msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
-#: ../../configuration/firewall/general.rst:241
+#: ../../configuration/firewall/groups.rst:68
msgid "An **interface group** represents a collection of interfaces."
msgstr "An **interface group** represents a collection of interfaces."
@@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag
msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
+#: ../../configuration/firewall/ipv4.rst:373
+msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+
#: ../../configuration/firewall/general-legacy.rst:424
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
-#: ../../configuration/firewall/general.rst:619
+#: ../../configuration/firewall/ipv6.rst:371
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:"
msgid "An example of key generation:"
msgstr "An example of key generation:"
-#: ../../configuration/vpn/openconnect.rst:291
+#: ../../configuration/vpn/openconnect.rst:298
msgid "An example of the data captured by a FREERADIUS server with sql accounting:"
msgstr "An example of the data captured by a FREERADIUS server with sql accounting:"
@@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti
msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
+#: ../../configuration/firewall/flowtables.rst:142
+msgid "Analysis on what happens for desired connection:"
+msgstr "Analysis on what happens for desired connection:"
+
+#: ../../configuration/firewall/bridge.rst:297
+msgid "And, to print only bridge firewall information:"
+msgstr "And, to print only bridge firewall information:"
+
+#: ../../configuration/firewall/ipv4.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+
#: ../../configuration/policy/route.rst:76
msgid "And for ipv6:"
msgstr "And for ipv6:"
+#: ../../configuration/firewall/groups.rst:165
+msgid "And next, some configuration example where groups are used:"
+msgstr "And next, some configuration example where groups are used:"
+
+#: ../../configuration/firewall/bridge.rst:349
+msgid "And op-mode commands:"
+msgstr "And op-mode commands:"
+
#: ../../configuration/system/ip.rst:84
msgid "And the different IPv4 **reset** commands available:"
msgstr "And the different IPv4 **reset** commands available:"
@@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:"
msgid "And then hash is reduced modulo slave count."
msgstr "And then hash is reduced modulo slave count."
-#: ../../configuration/nat/nat44.rst:590
+#: ../../configuration/nat/nat44.rst:614
msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
@@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo
msgid "Apply routing policy to **inbound** direction of out VLAN interfaces"
msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces"
-#: ../../configuration/firewall/zone.rst:82
+#: ../../configuration/firewall/zone.rst:101
msgid "Applying a Rule-Set to a Zone"
msgstr "Applying a Rule-Set to a Zone"
@@ -2151,49 +2181,11 @@ msgstr "Arista EOS"
msgid "Aruba/HP"
msgstr "Aruba/HP"
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/pppoe.rst:207
#: ../../configuration/interfaces/pppoe.rst:253
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/sstp-client.rst:79
#: ../../_include/interface-ip.txt:4
#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
@@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de
msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
+#: ../../configuration/firewall/index.rst:7
+msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+
#: ../../configuration/interfaces/wwan.rst:326
msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
@@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b
msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
-#: ../../configuration/firewall/zone.rst:49
+#: ../../configuration/firewall/zone.rst:68
msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
+#: ../../configuration/firewall/flowtables.rst:109
+msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+
#: ../../configuration/system/option.rst:80
msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
@@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys
msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
+#: ../../configuration/firewall/groups.rst:147
+msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+
#: ../../configuration/trafficpolicy/index.rst:196
msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
@@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets
msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
-#: ../../configuration/firewall/index.rst:81
+#: ../../configuration/firewall/index.rst:176
msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
-#: ../../configuration/firewall/index.rst:60
+#: ../../configuration/firewall/index.rst:182
msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
@@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules
msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
-#: ../../configuration/interfaces/vxlan.rst:264
+#: ../../configuration/interfaces/vxlan.rst:285
msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
@@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel"
msgid "Assign static IP address to `<user>` account."
msgstr "Assign static IP address to `<user>` account."
-#: ../../configuration/service/dhcp-server.rst:111
+#: ../../configuration/service/dhcp-server.rst:97
msgid "Assign the IP address to this machine for `<time>` seconds."
msgstr "Assign the IP address to this machine for `<time>` seconds."
@@ -2377,7 +2381,6 @@ msgstr "Assured Forwarding(AF) 43"
msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
-#: ../../configuration/firewall/general.rst:1489
#: ../../configuration/firewall/general-legacy.rst:972
msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
@@ -2434,7 +2437,7 @@ msgstr "Authentication – to verify that the message is from a valid source."
msgid "Authorization token"
msgstr "Authorization token"
-#: ../../configuration/service/pppoe-server.rst:172
+#: ../../configuration/service/pppoe-server.rst:159
msgid "Automatic VLAN Creation"
msgstr "Automatic VLAN Creation"
@@ -2442,6 +2445,10 @@ msgstr "Automatic VLAN Creation"
msgid "Automatic VLAN creation"
msgstr "Automatic VLAN creation"
+#: ../../configuration/protocols/pim.rst:137
+msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+
#: ../../configuration/system/option.rst:19
msgid "Automatically reboot system on kernel panic after 60 seconds."
msgstr "Automatically reboot system on kernel panic after 60 seconds."
@@ -2450,7 +2457,7 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds."
msgid "Autonomous Systems"
msgstr "Autonomous Systems"
-#: ../../configuration/nat/nat44.rst:370
+#: ../../configuration/nat/nat44.rst:384
msgid "Avoiding \"leaky\" NAT"
msgstr "Avoiding \"leaky\" NAT"
@@ -2530,7 +2537,7 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add
msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
-#: ../../configuration/vrf/index.rst:411
+#: ../../configuration/vrf/index.rst:413
msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
@@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name"
msgstr "Balancing based on domain name"
#: ../../configuration/service/ipoe-server.rst:122
-#: ../../configuration/service/pppoe-server.rst:195
+#: ../../configuration/service/pppoe-server.rst:182
#: ../../configuration/vpn/l2tp.rst:113
msgid "Bandwidth Shaping"
msgstr "Bandwidth Shaping"
@@ -2573,7 +2580,7 @@ msgstr "Bandwidth Shaping"
msgid "Bandwidth Shaping for local users"
msgstr "Bandwidth Shaping for local users"
-#: ../../configuration/service/pppoe-server.rst:197
+#: ../../configuration/service/pppoe-server.rst:184
msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes."
@@ -2585,7 +2592,14 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att
msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
-#: ../../configuration/vpn/dmvpn.rst:34
+#: ../../configuration/firewall/ipv4.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+
#: ../../configuration/vpn/dmvpn.rst:34
msgid "Baseline DMVPN topology"
msgstr "Baseline DMVPN topology"
@@ -2594,7 +2608,6 @@ msgstr "Baseline DMVPN topology"
msgid "Basic Concepts"
msgstr "Basic Concepts"
-#: ../../configuration/protocols/igmp.rst:91
#: ../../configuration/protocols/pim6.rst:26
msgid "Basic commands"
msgstr "Basic commands"
@@ -2611,7 +2624,7 @@ msgstr "Basic filtering could also be applied to IPv6 traffic."
msgid "Basic setup"
msgstr "Basic setup"
-#: ../../configuration/vpn/openconnect.rst:255
+#: ../../configuration/vpn/openconnect.rst:262
msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
@@ -2631,11 +2644,11 @@ msgstr "Because existing sessions do not automatically fail over to a new path,
msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
-#: ../../configuration/firewall/zone.rst:84
+#: ../../configuration/firewall/zone.rst:103
msgid "Before you are able to apply a rule-set to a zone you have to create the zones first."
msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first."
-#: ../../configuration/vpn/site2site_ipsec.rst:413
+#: ../../configuration/vpn/site2site_ipsec.rst:422
msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
@@ -2663,7 +2676,7 @@ msgstr "Binary value"
msgid "Bind listener to specific interface/address, mandatory for IPv6"
msgstr "Bind listener to specific interface/address, mandatory for IPv6"
-#: ../../configuration/interfaces/vxlan.rst:285
+#: ../../configuration/interfaces/vxlan.rst:306
msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
@@ -2695,15 +2708,15 @@ msgstr "Bond / Link Aggregation"
msgid "Bond options"
msgstr "Bond options"
-#: ../../configuration/service/dhcp-server.rst:339
+#: ../../configuration/service/dhcp-server.rst:306
msgid "Boot image length in 512-octet blocks"
msgstr "Boot image length in 512-octet blocks"
-#: ../../configuration/service/dhcp-server.rst:334
+#: ../../configuration/service/dhcp-server.rst:301
msgid "Bootstrap file name"
msgstr "Bootstrap file name"
-#: ../../configuration/interfaces/vxlan.rst:102
+#: ../../configuration/interfaces/vxlan.rst:123
msgid "Both IPv4 and IPv6 multicast is possible."
msgstr "Both IPv4 and IPv6 multicast is possible."
@@ -2712,25 +2725,6 @@ msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Aut
msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported."
#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
@@ -2746,10 +2740,18 @@ msgstr "Bridge"
msgid "Bridge:"
msgstr "Bridge:"
+#: ../../configuration/firewall/bridge.rst:7
+msgid "Bridge Firewall Configuration"
+msgstr "Bridge Firewall Configuration"
+
#: ../../configuration/interfaces/bridge.rst:66
msgid "Bridge Options"
msgstr "Bridge Options"
+#: ../../configuration/firewall/bridge.rst:56
+msgid "Bridge Rules"
+msgstr "Bridge Rules"
+
#: ../../configuration/interfaces/bridge.rst:198
#: ../../configuration/interfaces/bridge.rst:233
msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64"
@@ -2779,7 +2781,7 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if
msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
-#: ../../configuration/service/dns.rst:380
+#: ../../configuration/service/dns.rst:393
msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
@@ -2792,7 +2794,7 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic
msgid "By default, it supports both planned and unplanned outages."
msgstr "By default, it supports both planned and unplanned outages."
-#: ../../configuration/service/https.rst:54
+#: ../../configuration/service/https.rst:45
msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
@@ -2808,8 +2810,7 @@ msgstr "By default, the BGP prefix is advertised even if it's not present in the
msgid "By default, this bridging is allowed."
msgstr "By default, this bridging is allowed."
-#: ../../configuration/firewall/general.rst:90
-#: ../../configuration/firewall/general-legacy.rst:42
+#: ../../configuration/firewall/global-options.rst:27
msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
@@ -2876,7 +2877,7 @@ msgstr "Certificates"
msgid "Change system keyboard layout to given language."
msgstr "Change system keyboard layout to given language."
-#: ../../configuration/firewall/zone.rst:75
+#: ../../configuration/firewall/zone.rst:94
msgid "Change the default-action with this setting."
msgstr "Change the default-action with this setting."
@@ -2896,6 +2897,10 @@ msgstr "Changing the keymap only has an effect on the system console, using SSH
msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
+#: ../../configuration/system/updates.rst:28
+msgid "Check:"
+msgstr "Check:"
+
#: ../../configuration/system/acceleration.rst:32
msgid "Check if the Intel® QAT device is up and ready to do the job."
msgstr "Check if the Intel® QAT device is up and ready to do the job."
@@ -2908,10 +2913,14 @@ msgstr "Check status"
msgid "Check the many parameters available for the `show ipv6 route` command:"
msgstr "Check the many parameters available for the `show ipv6 route` command:"
-#: ../../configuration/service/pppoe-server.rst:320
+#: ../../configuration/service/pppoe-server.rst:307
msgid "Checking connections"
msgstr "Checking connections"
+#: ../../configuration/firewall/flowtables.rst:165
+msgid "Checks"
+msgstr "Checks"
+
#: ../../configuration/service/tftp-server.rst:21
msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
@@ -2921,25 +2930,6 @@ msgid "Cisco Catalyst"
msgstr "Cisco Catalyst"
#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
msgid "Cisco and Allied Telesyn call it Private VLAN"
msgstr "Cisco and Allied Telesyn call it Private VLAN"
@@ -2955,7 +2945,7 @@ msgstr "Class treatment"
msgid "Classes"
msgstr "Classes"
-#: ../../configuration/service/dhcp-server.rst:359
+#: ../../configuration/service/dhcp-server.rst:326
msgid "Classless static route"
msgstr "Classless static route"
@@ -2975,7 +2965,7 @@ msgstr "Client:"
msgid "Client Address Pools"
msgstr "Client Address Pools"
-#: ../../configuration/interfaces/openvpn.rst:388
+#: ../../configuration/interfaces/openvpn.rst:440
msgid "Client Authentication"
msgstr "Client Authentication"
@@ -2983,7 +2973,7 @@ msgstr "Client Authentication"
msgid "Client Configuration"
msgstr "Client Configuration"
-#: ../../configuration/vpn/sstp.rst:278
+#: ../../configuration/vpn/sstp.rst:289
msgid "Client IP addresses will be provided from pool `192.0.2.0/25`"
msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`"
@@ -2995,11 +2985,11 @@ msgstr "Client Side"
msgid "Client configuration"
msgstr "Client configuration"
-#: ../../configuration/service/dhcp-server.rst:299
+#: ../../configuration/service/dhcp-server.rst:266
msgid "Client domain name"
msgstr "Client domain name"
-#: ../../configuration/service/dhcp-server.rst:354
+#: ../../configuration/service/dhcp-server.rst:321
msgid "Client domain search"
msgstr "Client domain search"
@@ -3011,7 +3001,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet
msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
-#: ../../configuration/service/dhcp-server.rst:590
+#: ../../configuration/service/dhcp-server.rst:514
msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
@@ -3023,7 +3013,9 @@ msgstr "Clock daemon"
msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
-#: ../../configuration/firewall/general.rst:530
+#: ../../configuration/firewall/bridge.rst:216
+#: ../../configuration/firewall/ipv4.rst:298
+#: ../../configuration/firewall/ipv6.rst:298
msgid "Command for disabling a rule but keep it in the configuration."
msgstr "Command for disabling a rule but keep it in the configuration."
@@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration."
msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
-#: ../../configuration/firewall/general.rst:1544
-#: ../../configuration/firewall/general-legacy.rst:1054
+#: ../../configuration/firewall/ipv4.rst:1179
+#: ../../configuration/firewall/ipv6.rst:1195
msgid "Command used to update GeoIP database and firewall sets."
msgstr "Command used to update GeoIP database and firewall sets."
-#: ../../configuration/service/dhcp-server.rst:438
+#: ../../configuration/firewall/flowtables.rst:119
+msgid "Commands"
+msgstr "Commands"
+
+#: ../../configuration/service/dhcp-server.rst:379
msgid "Common configuration, valid for both primary and secondary node."
msgstr "Common configuration, valid for both primary and secondary node."
@@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut
msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source."
#: ../../configuration/container/index.rst:12
-#: ../../configuration/firewall/zone.rst:47
+#: ../../configuration/firewall/global-options.rst:23
+#: ../../configuration/firewall/groups.rst:11
+#: ../../configuration/firewall/zone.rst:66
#: ../../configuration/interfaces/bonding.rst:17
#: ../../configuration/interfaces/bridge.rst:21
#: ../../configuration/interfaces/dummy.rst:28
@@ -3081,6 +3079,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/l2tpv3.rst:31
#: ../../configuration/interfaces/loopback.rst:26
#: ../../configuration/interfaces/macsec.rst:20
+#: ../../configuration/interfaces/openvpn.rst:585
#: ../../configuration/interfaces/pppoe.rst:59
#: ../../configuration/interfaces/pseudo-ethernet.rst:45
#: ../../configuration/interfaces/sstp-client.rst:20
@@ -3090,7 +3089,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/wireless.rst:30
#: ../../configuration/interfaces/wwan.rst:16
#: ../../configuration/loadbalancing/reverse-proxy.rst:13
-#: ../../configuration/nat/nat44.rst:681
+#: ../../configuration/nat/nat44.rst:705
#: ../../configuration/policy/access-list.rst:13
#: ../../configuration/policy/as-path-list.rst:10
#: ../../configuration/policy/community-list.rst:10
@@ -3101,7 +3100,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/policy/route-map.rst:10
#: ../../configuration/protocols/bfd.rst:143
#: ../../configuration/protocols/bgp.rst:164
-#: ../../configuration/protocols/igmp.rst:186
+#: ../../configuration/protocols/igmp-proxy.rst:14
#: ../../configuration/protocols/isis.rst:28
#: ../../configuration/protocols/ospf.rst:22
#: ../../configuration/protocols/ospf.rst:1076
@@ -3112,13 +3111,13 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/service/dhcp-relay.rst:19
#: ../../configuration/service/dhcp-relay.rst:137
#: ../../configuration/service/dhcp-server.rst:22
-#: ../../configuration/service/dhcp-server.rst:586
+#: ../../configuration/service/dhcp-server.rst:510
#: ../../configuration/service/dns.rst:8
-#: ../../configuration/service/dns.rst:214
+#: ../../configuration/service/dns.rst:227
#: ../../configuration/service/https.rst:14
#: ../../configuration/service/ipoe-server.rst:28
#: ../../configuration/service/lldp.rst:36
-#: ../../configuration/service/mdns.rst:18
+#: ../../configuration/service/mdns.rst:19
#: ../../configuration/service/ntp.rst:40
#: ../../configuration/service/pppoe-server.rst:17
#: ../../configuration/service/salt-minion.rst:25
@@ -3131,28 +3130,31 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/system/login.rst:241
#: ../../configuration/system/login.rst:310
#: ../../configuration/system/sflow.rst:12
+#: ../../configuration/system/updates.rst:8
#: ../../configuration/vpn/dmvpn.rst:38
#: ../../configuration/vpn/dmvpn.rst:182
#: ../../configuration/vpn/openconnect.rst:21
#: ../../configuration/vpn/sstp.rst:65
#: ../../configuration/vrf/index.rst:16
#: ../../configuration/vrf/index.rst:253
-#: ../../configuration/vrf/index.rst:286
-#: ../../configuration/vrf/index.rst:434
+#: ../../configuration/vrf/index.rst:288
+#: ../../configuration/vrf/index.rst:436
msgid "Configuration"
msgstr "Configuration"
+#: ../../configuration/firewall/flowtables.rst:100
#: ../../configuration/protocols/babel.rst:188
-#: ../../configuration/protocols/ospf.rst:1314
+#: ../../configuration/protocols/ospf.rst:1316
#: ../../configuration/protocols/pim6.rst:78
#: ../../configuration/protocols/rip.rst:239
#: ../../configuration/protocols/segment-routing.rst:187
#: ../../configuration/system/login.rst:279
-#: ../../configuration/system/login.rst:348
+#: ../../configuration/system/login.rst:350
msgid "Configuration Example"
msgstr "Configuration Example"
-#: ../../configuration/nat/nat44.rst:313
+#: ../../configuration/nat/nat44.rst:325
+#: ../../configuration/nat/nat64.rst:38
#: ../../configuration/nat/nat66.rst:109
msgid "Configuration Examples"
msgstr "Configuration Examples"
@@ -3165,6 +3167,10 @@ msgstr "Configuration Guide"
msgid "Configuration Options"
msgstr "Configuration Options"
+#: ../../configuration/firewall/global-options.rst:17
+msgid "Configuration commands covered in this section:"
+msgstr "Configuration commands covered in this section:"
+
#: ../../configuration/vpn/ipsec.rst:284
msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
@@ -3173,7 +3179,11 @@ msgstr "Configuration commands for the private and public key will be displayed
msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
-#: ../../configuration/vrf/index.rst:428
+#: ../../configuration/firewall/bridge.rst:323
+msgid "Configuration example:"
+msgstr "Configuration example:"
+
+#: ../../configuration/vrf/index.rst:430
msgid "Configuration for these exported routes must, at a minimum, specify these two parameters."
msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters."
@@ -3181,11 +3191,11 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes
msgid "Configuration of :ref:`routing-static`"
msgstr "Configuration of :ref:`routing-static`"
-#: ../../configuration/service/dhcp-server.rst:430
+#: ../../configuration/service/dhcp-server.rst:371
msgid "Configuration of a DHCP failover pair"
msgstr "Configuration of a DHCP failover pair"
-#: ../../configuration/vrf/index.rst:436
+#: ../../configuration/vrf/index.rst:438
msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
@@ -3198,11 +3208,11 @@ msgstr "Configure"
msgid "Configure BFD"
msgstr "Configure BFD"
-#: ../../configuration/service/dns.rst:245
+#: ../../configuration/service/dns.rst:258
msgid "Configure DNS `<record>` which should be updated. This can be set multiple times."
msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times."
-#: ../../configuration/service/dns.rst:240
+#: ../../configuration/service/dns.rst:253
msgid "Configure DNS `<zone>` to be updated."
msgstr "Configure DNS `<zone>` to be updated."
@@ -3224,59 +3234,42 @@ msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
-#: ../../configuration/vpn/sstp.rst:203
+#: ../../configuration/vpn/sstp.rst:214
msgid "Configure RADIUS `<server>` and its required port for authentication requests."
msgstr "Configure RADIUS `<server>` and its required port for authentication requests."
-#: ../../configuration/vpn/sstp.rst:207
+#: ../../configuration/vpn/sstp.rst:218
msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
-#: ../../configuration/nat/nat44.rst:210
+#: ../../configuration/nat/nat44.rst:222
msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
-#: ../../configuration/system/login.rst:373
+#: ../../configuration/system/login.rst:375
msgid "Configure `<message>` which is shown after user has logged in to the system."
msgstr "Configure `<message>` which is shown after user has logged in to the system."
-#: ../../configuration/system/login.rst:368
+#: ../../configuration/system/login.rst:370
msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in."
msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in."
-#: ../../configuration/service/dns.rst:328
+#: ../../configuration/service/dns.rst:341
msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
-#: ../../configuration/service/dns.rst:321
+#: ../../configuration/service/dns.rst:334
msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
+#: ../../configuration/system/updates.rst:17
+msgid "Configure a URL that contains information about images."
+msgstr "Configure a URL that contains information about images."
+
#: ../../configuration/system/flow-accounting.rst:158
msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
@@ -3311,7 +3304,7 @@ msgstr "Configure agent IP address associated with this interface."
msgid "Configure aggregation delay timer interval."
msgstr "Configure aggregation delay timer interval."
-#: ../../configuration/vpn/openconnect.rst:278
+#: ../../configuration/vpn/openconnect.rst:285
msgid "Configure an accounting server and enable accounting with:"
msgstr "Configure an accounting server and enable accounting with:"
@@ -3323,10 +3316,18 @@ msgstr "Configure and enable collection of flow information for the interface id
msgid "Configure and enable collection of flow information for the interface identified by `<interface>`."
msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`."
+#: ../../configuration/system/updates.rst:12
+msgid "Configure auto-checking for new images"
+msgstr "Configure auto-checking for new images"
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:114
msgid "Configure backend `<name>` mode TCP or HTTP"
msgstr "Configure backend `<name>` mode TCP or HTTP"
+#: ../../configuration/nat/nat66.rst:148
+msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+
#: ../../configuration/service/console-server.rst:49
msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
@@ -3339,75 +3340,16 @@ msgstr "Configure either seven or eight data bits. This defaults to eight data b
msgid "Configure individual bridge port `<priority>`."
msgstr "Configure individual bridge port `<priority>`."
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/pppoe.rst:223
#: ../../configuration/interfaces/pppoe.rst:269
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/sstp-client.rst:95
#: ../../_include/interface-ip.txt:59
#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
msgstr "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
msgid "Configure interface `<interface>` with one or more interface addresses."
msgstr "Configure interface `<interface>` with one or more interface addresses."
@@ -3439,7 +3381,7 @@ msgstr "Configure one or more attributes to the given NTP server."
msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
-#: ../../configuration/service/dns.rst:251
+#: ../../configuration/service/dns.rst:264
msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
@@ -3452,14 +3394,10 @@ msgid "Configure physical interface speed setting."
msgstr "Configure physical interface speed setting."
#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
@@ -3491,7 +3429,7 @@ msgstr "Configure service `<name>` mode TCP or HTTP"
msgid "Configure service `<name>` to use the backend <name>"
msgstr "Configure service `<name>` to use the backend <name>"
-#: ../../configuration/system/login.rst:392
+#: ../../configuration/system/login.rst:394
msgid "Configure session timeout after which the user will be logged out."
msgstr "Configure session timeout after which the user will be logged out."
@@ -3499,7 +3437,15 @@ msgstr "Configure session timeout after which the user will be logged out."
msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
-#: ../../configuration/service/dns.rst:234
+#: ../../configuration/nat/nat66.rst:182
+msgid "Configure the A-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the A-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/nat/nat66.rst:204
+msgid "Configure the B-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the B-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/service/dns.rst:247
msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
@@ -3524,26 +3470,13 @@ msgid "Configure the load-balancing reverse-proxy service for HTTP."
msgstr "Configure the load-balancing reverse-proxy service for HTTP."
#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
+#: ../../configuration/protocols/pim.rst:180
+msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+
#: ../../configuration/vrf/index.rst:28
msgid "Configured routing table `<id>` is used by VRF `<name>`."
msgstr "Configured routing table `<id>` is used by VRF `<name>`."
@@ -3556,7 +3489,7 @@ msgstr "Configured value"
msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
-#: ../../configuration/vpn/openconnect.rst:272
+#: ../../configuration/vpn/openconnect.rst:279
msgid "Configuring RADIUS accounting"
msgstr "Configuring RADIUS accounting"
@@ -3569,11 +3502,15 @@ msgstr "Configuring a listen-address is essential for the service to work."
msgid "Connect/Disconnect"
msgstr "Connect/Disconnect"
-#: ../../configuration/vpn/sstp.rst:144
+#: ../../configuration/vpn/sstp.rst:155
msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
#: ../../configuration/protocols/rpki.rst:129
+msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+
+#: ../../configuration/protocols/rpki.rst:129
msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
@@ -3585,10 +3522,18 @@ msgstr "Conntrack"
msgid "Conntrack Sync"
msgstr "Conntrack Sync"
-#: ../../configuration/service/conntrack-sync.rst:None
+#: ../../configuration/service/conntrack-sync.rst:-1
msgid "Conntrack Sync Example"
msgstr "Conntrack Sync Example"
+#: ../../configuration/system/conntrack.rst:178
+msgid "Conntrack ignore rules"
+msgstr "Conntrack ignore rules"
+
+#: ../../configuration/system/conntrack.rst:204
+msgid "Conntrack log"
+msgstr "Conntrack log"
+
#: ../../configuration/system/syslog.rst:21
msgid "Console"
msgstr "Console"
@@ -3605,6 +3550,10 @@ msgstr "Constrain the memory available to the container."
msgid "Container"
msgstr "Container"
+#: ../../configuration/system/conntrack.rst:65
+msgid "Contrack Timeouts"
+msgstr "Contrack Timeouts"
+
#: ../../configuration/nat/nat66.rst:98
msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
msgstr "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
@@ -3629,11 +3578,11 @@ msgstr "Creat community-list policy identified by name <text>."
msgid "Creat extcommunity-list policy identified by name <text>."
msgstr "Creat extcommunity-list policy identified by name <text>."
-#: ../../configuration/service/dhcp-server.rst:118
+#: ../../configuration/service/dhcp-server.rst:104
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
-#: ../../configuration/service/dhcp-server.rst:124
+#: ../../configuration/service/dhcp-server.rst:110
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
@@ -3657,16 +3606,11 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using
msgid "Create a load balancing rule, it can be a number between 1 and 9999:"
msgstr "Create a load balancing rule, it can be a number between 1 and 9999:"
-#: ../../configuration/service/dhcp-server.rst:218
+#: ../../configuration/service/dhcp-server.rst:183
msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
@@ -3714,6 +3658,22 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho
msgid "Create as-path-policy identified by name <text>."
msgstr "Create as-path-policy identified by name <text>."
+#: ../../configuration/firewall/flowtables.rst:64
+msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+
+#: ../../configuration/firewall/flowtables.rst:95
+msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:90
+msgid "Create firewall rule in forward chain, and set action to ``offload``."
+msgstr "Create firewall rule in forward chain, and set action to ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:61
+msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+
#: ../../configuration/policy/large-community-list.rst:17
msgid "Create large-community-list policy identified by name <text>."
msgstr "Create large-community-list policy identified by name <text>."
@@ -3726,7 +3686,7 @@ msgstr "Create named `<alias>` for the configured static mapping for `<hostname>
msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
msgstr "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
-#: ../../configuration/service/dns.rst:221
+#: ../../configuration/service/dns.rst:234
msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
@@ -3750,10 +3710,18 @@ msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broa
msgid "Creating a bridge interface is very simple. In this example, we will have:"
msgstr "Creating a bridge interface is very simple. In this example, we will have:"
+#: ../../configuration/firewall/flowtables.rst:67
+msgid "Creating a flow table:"
+msgstr "Creating a flow table:"
+
#: ../../configuration/trafficpolicy/index.rst:335
msgid "Creating a traffic policy"
msgstr "Creating a traffic policy"
+#: ../../configuration/firewall/flowtables.rst:85
+msgid "Creating rules for using flow tables:"
+msgstr "Creating rules for using flow tables:"
+
#: ../../configuration/system/syslog.rst:178
msgid "Critical"
msgstr "Critical"
@@ -3794,15 +3762,27 @@ msgstr "Currently dynamic routing is supported for the following protocols:"
msgid "Custom File"
msgstr "Custom File"
+#: ../../configuration/firewall/bridge.rst:44
+msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+
#: ../../configuration/firewall/general.rst:77
msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+#: ../../configuration/firewall/ipv4.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
+#: ../../configuration/firewall/ipv6.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
#: ../../configuration/highavailability/index.rst:373
msgid "Custom health-check script allows checking real-server availability"
msgstr "Custom health-check script allows checking real-server availability"
-#: ../../configuration/system/conntrack.rst:167
+#: ../../configuration/system/conntrack.rst:180
msgid "Customized ignore rules, based on a packet and flow selector."
msgstr "Customized ignore rules, based on a packet and flow selector."
@@ -3822,20 +3802,19 @@ msgstr "DHCP Relay"
msgid "DHCP Server"
msgstr "DHCP Server"
-#: ../../configuration/service/dhcp-server.rst:384
+#: ../../configuration/service/dhcp-server.rst:351
msgid "DHCP failover parameters"
msgstr "DHCP failover parameters"
-#: ../../configuration/service/dhcp-server.rst:374
+#: ../../configuration/service/dhcp-server.rst:341
msgid "DHCP lease range"
msgstr "DHCP lease range"
-#: ../../configuration/service/dhcp-server.rst:436
+#: ../../configuration/service/dhcp-server.rst:377
msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
#: ../../configuration/service/dhcp-relay.rst:96
-#: ../../configuration/service/dhcp-relay.rst:96
msgid "DHCP relay example"
msgstr "DHCP relay example"
@@ -3843,20 +3822,19 @@ msgstr "DHCP relay example"
msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
-#: ../../configuration/service/dhcp-server.rst:654
+#: ../../configuration/service/dhcp-server.rst:584
msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
-#: ../../configuration/service/dhcp-relay.rst:182
-#: ../../configuration/service/dhcp-relay.rst:182
+#: ../../configuration/service/dhcp-relay.rst:184
msgid "DHCPv6 relay example"
msgstr "DHCPv6 relay example"
-#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-relay.rst:176
msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
msgstr "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
-#: ../../configuration/nat/nat44.rst:735
+#: ../../configuration/nat/nat44.rst:757
msgid "DH Group 14"
msgstr "DH Group 14"
@@ -3884,11 +3862,11 @@ msgstr "DNAT"
msgid "DNAT66"
msgstr "DNAT66"
-#: ../../configuration/nat/nat44.rst:494
+#: ../../configuration/nat/nat44.rst:514
msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
msgstr "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
-#: ../../configuration/nat/nat44.rst:268
+#: ../../configuration/nat/nat44.rst:280
msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
msgstr "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
@@ -3909,11 +3887,11 @@ msgstr "DNS name servers"
msgid "DNS search list to advertise"
msgstr "DNS search list to advertise"
-#: ../../configuration/service/dhcp-server.rst:294
+#: ../../configuration/service/dhcp-server.rst:261
msgid "DNS server IPv4 address"
msgstr "DNS server IPv4 address"
-#: ../../configuration/service/dhcp-server.rst:661
+#: ../../configuration/service/dhcp-server.rst:591
msgid "DNS server is located at ``2001:db8::ffff``"
msgstr "DNS server is located at ``2001:db8::ffff``"
@@ -3925,8 +3903,8 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:"
msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
-#: ../../configuration/firewall/general.rst:714
-#: ../../configuration/firewall/general-legacy.rst:480
+#: ../../configuration/firewall/ipv4.rst:444
+#: ../../configuration/firewall/ipv6.rst:451
msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
@@ -3943,28 +3921,13 @@ msgid "Default"
msgstr "Default"
#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
msgid "Default: 1"
msgstr "Default: 1"
+#: ../../configuration/service/https.rst:42
+msgid "Default: 443"
+msgstr "Default: 443"
+
#: ../../configuration/protocols/failover.rst:58
msgid "Default 1."
msgstr "Default 1."
@@ -3977,11 +3940,11 @@ msgstr "Default Gateway/Route"
msgid "Default Router Preference"
msgstr "Default Router Preference"
-#: ../../configuration/vpn/sstp.rst:190
+#: ../../configuration/vpn/sstp.rst:201
msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
-#: ../../configuration/service/dhcp-server.rst:433
+#: ../../configuration/service/dhcp-server.rst:374
msgid "Default gateway and DNS server is at `192.0.2.254`"
msgstr "Default gateway and DNS server is at `192.0.2.254`"
@@ -3998,25 +3961,6 @@ msgid "Default is ``icmp``."
msgstr "Default is ``icmp``."
#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
msgid "Default is to detects physical link state changes."
msgstr "Default is to detects physical link state changes."
@@ -4044,36 +3988,31 @@ msgstr "Define Conection Timeouts"
msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
-#: ../../configuration/firewall/general.rst:225
-#: ../../configuration/firewall/general-legacy.rst:201
+#: ../../configuration/firewall/groups.rst:52
msgid "Define a IPv4 or IPv6 Network group."
msgstr "Define a IPv4 or IPv6 Network group."
-#: ../../configuration/firewall/general.rst:201
-#: ../../configuration/firewall/general-legacy.rst:177
+#: ../../configuration/firewall/groups.rst:28
msgid "Define a IPv4 or a IPv6 address group"
msgstr "Define a IPv4 or a IPv6 address group"
-#: ../../configuration/firewall/zone.rst:59
+#: ../../configuration/firewall/zone.rst:78
msgid "Define a Zone"
msgstr "Define a Zone"
-#: ../../configuration/nat/nat44.rst:246
+#: ../../configuration/nat/nat44.rst:258
msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
-#: ../../configuration/firewall/general.rst:306
-#: ../../configuration/firewall/general-legacy.rst:261
+#: ../../configuration/firewall/groups.rst:133
msgid "Define a domain group."
msgstr "Define a domain group."
-#: ../../configuration/firewall/general.rst:288
-#: ../../configuration/firewall/general-legacy.rst:246
+#: ../../configuration/firewall/groups.rst:115
msgid "Define a mac group."
msgstr "Define a mac group."
-#: ../../configuration/firewall/general.rst:268
-#: ../../configuration/firewall/general-legacy.rst:226
+#: ../../configuration/firewall/groups.rst:95
msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
@@ -4081,119 +4020,51 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service
msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
-#: ../../configuration/firewall/general.rst:245
+#: ../../configuration/firewall/groups.rst:72
msgid "Define an interface group. Wildcard are accepted too."
msgstr "Define an interface group. Wildcard are accepted too."
#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
msgstr "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
-#: ../../configuration/firewall/general.rst:476
-#: ../../configuration/firewall/general-legacy.rst:361
+#: ../../configuration/firewall/flowtables.rst:71
+msgid "Define interfaces to be used in the flowtable."
+msgstr "Define interfaces to be used in the flowtable."
+
+#: ../../configuration/firewall/bridge.rst:187
+#: ../../configuration/firewall/ipv4.rst:252
+#: ../../configuration/firewall/ipv6.rst:252
msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
-#: ../../configuration/firewall/general.rst:450
-#: ../../configuration/firewall/general-legacy.rst:347
+#: ../../configuration/firewall/bridge.rst:173
+#: ../../configuration/firewall/ipv4.rst:230
+#: ../../configuration/firewall/ipv6.rst:230
msgid "Define log-level. Only applicable if rule log is enable."
msgstr "Define log-level. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:463
-#: ../../configuration/firewall/general-legacy.rst:354
+#: ../../configuration/firewall/bridge.rst:180
+#: ../../configuration/firewall/ipv4.rst:241
+#: ../../configuration/firewall/ipv6.rst:241
msgid "Define log group to send message to. Only applicable if rule log is enable."
msgstr "Define log group to send message to. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:490
-#: ../../configuration/firewall/general-legacy.rst:369
+#: ../../configuration/firewall/bridge.rst:195
+#: ../../configuration/firewall/ipv4.rst:264
+#: ../../configuration/firewall/ipv6.rst:264
msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
@@ -4201,15 +4072,19 @@ msgstr "Define number of packets to queue inside the kernel before sending them
msgid "Define the time interval to update the local cache"
msgstr "Define the time interval to update the local cache"
-#: ../../configuration/firewall/zone.rst:70
+#: ../../configuration/firewall/zone.rst:89
msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
+#: ../../configuration/firewall/flowtables.rst:80
+msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+
#: ../../configuration/protocols/rpki.rst:114
msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
-#: ../../configuration/protocols/igmp.rst:202
+#: ../../configuration/protocols/igmp-proxy.rst:30
msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
msgstr "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
@@ -4233,7 +4108,7 @@ msgstr "Defines next-hop distance for this route, routes with smaller administra
msgid "Defines protocols for checking ARP, ICMP, TCP"
msgstr "Defines protocols for checking ARP, ICMP, TCP"
-#: ../../configuration/vpn/sstp.rst:167
+#: ../../configuration/vpn/sstp.rst:178
msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
@@ -4245,7 +4120,7 @@ msgstr "Defines the specified device as a system console. Available console devi
msgid "Defining Peers"
msgstr "Defining Peers"
-#: ../../configuration/service/dhcp-server.rst:649
+#: ../../configuration/service/dhcp-server.rst:579
msgid "Delegate prefixes from the range indicated by the start and stop qualifier."
msgstr "Delegate prefixes from the range indicated by the start and stop qualifier."
@@ -4282,7 +4157,6 @@ msgid "Depending on the location, not all of these channels may be available for
msgstr "Depending on the location, not all of these channels may be available for use!"
#: ../../configuration/service/router-advert.rst:1
-#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/system/syslog.rst:107
#: ../../configuration/system/syslog.rst:167
#: ../../configuration/trafficpolicy/index.rst:262
@@ -4297,11 +4171,11 @@ msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets
msgid "Despite the fact that AD is a superset of LDAP"
msgstr "Despite the fact that AD is a superset of LDAP"
-#: ../../configuration/nat/nat44.rst:261
+#: ../../configuration/nat/nat44.rst:273
msgid "Destination Address"
msgstr "Destination Address"
-#: ../../configuration/nat/nat44.rst:492
+#: ../../configuration/nat/nat44.rst:512
msgid "Destination NAT"
msgstr "Destination NAT"
@@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r
msgstr "Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6."
#: ../../configuration/nat/nat44.rst:71
+#: ../../configuration/nat/nat64.rst:21
#: ../../configuration/nat/nat66.rst:18
msgid "Different NAT Types"
msgstr "Different NAT Types"
@@ -4350,7 +4225,8 @@ msgstr "Disable a BFD peer"
msgid "Disable a container."
msgstr "Disable a container."
-#: ../../configuration/firewall/general.rst:1283
+#: ../../configuration/firewall/ipv4.rst:930
+#: ../../configuration/firewall/ipv6.rst:939
msgid "Disable conntrack loose track option"
msgstr "Disable conntrack loose track option"
@@ -4363,29 +4239,6 @@ msgid "Disable dhcpv6-relay service."
msgstr "Disable dhcpv6-relay service."
#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
@@ -4397,6 +4250,10 @@ msgstr "Disable immediate session reset if peer's connected link goes down."
msgid "Disable password based authentication. Login via SSH keys only. This hardens security!"
msgstr "Disable password based authentication. Login via SSH keys only. This hardens security!"
+#: ../../configuration/protocols/pim.rst:167
+msgid "Disable sending and receiving PIM control packets on the interface."
+msgstr "Disable sending and receiving PIM control packets on the interface."
+
#: ../../configuration/service/ssh.rst:64
msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
@@ -4413,7 +4270,7 @@ msgstr "Disable this IPv4 static route entry."
msgid "Disable this IPv6 static route entry."
msgstr "Disable this IPv6 static route entry."
-#: ../../configuration/protocols/igmp.rst:228
+#: ../../configuration/protocols/igmp-proxy.rst:56
msgid "Disable this service."
msgstr "Disable this service."
@@ -4437,7 +4294,7 @@ msgstr "Disables interface-based IPv4 static route."
msgid "Disables interface-based IPv6 static route."
msgstr "Disables interface-based IPv6 static route."
-#: ../../configuration/protocols/igmp.rst:215
+#: ../../configuration/protocols/igmp-proxy.rst:43
msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
msgstr "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
@@ -4534,25 +4391,6 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege
msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows."
#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
msgid "Do not assign a link-local IPv6 address to this interface."
msgstr "Do not assign a link-local IPv6 address to this interface."
@@ -4565,25 +4403,6 @@ msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP se
msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses."
#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
msgid "Does not need to be used together with proxy_arp."
msgstr "Does not need to be used together with proxy_arp."
@@ -4591,8 +4410,7 @@ msgstr "Does not need to be used together with proxy_arp."
msgid "Domain"
msgstr "Domain"
-#: ../../configuration/firewall/general.rst:300
-#: ../../configuration/firewall/general-legacy.rst:255
+#: ../../configuration/firewall/groups.rst:127
msgid "Domain Groups"
msgstr "Domain Groups"
@@ -4600,7 +4418,7 @@ msgstr "Domain Groups"
msgid "Domain Name"
msgstr "Domain Name"
-#: ../../configuration/service/https.rst:59
+#: ../../configuration/service/https.rst:50
msgid "Domain name(s) for which to obtain certificate"
msgstr "Domain name(s) for which to obtain certificate"
@@ -4608,6 +4426,10 @@ msgstr "Domain name(s) for which to obtain certificate"
msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
+#: ../../configuration/pki/index.rst:259
+msgid "Domain names to apply, multiple domain-names can be specified."
+msgstr "Domain names to apply, multiple domain-names can be specified."
+
#: ../../configuration/system/name-server.rst:13
#: ../../configuration/system/name-server.rst:45
msgid "Domain search order"
@@ -4617,15 +4439,15 @@ msgstr "Domain search order"
msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
-#: ../../configuration/protocols/bgp.rst:1171
+#: ../../configuration/protocols/bgp.rst:1172
msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/protocols/bgp.rst:1125
+#: ../../configuration/protocols/bgp.rst:1126
msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/vpn/site2site_ipsec.rst:295
+#: ../../configuration/vpn/site2site_ipsec.rst:299
msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
@@ -4657,7 +4479,7 @@ msgstr "Drop rate"
msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
-#: ../../configuration/service/pppoe-server.rst:380
+#: ../../configuration/service/pppoe-server.rst:367
msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
@@ -4665,7 +4487,7 @@ msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgid "Dummy"
msgstr "Dummy"
-#: ../../configuration/nat/nat44.rst:692
+#: ../../configuration/nat/nat44.rst:716
msgid "Dummy interface"
msgstr "Dummy interface"
@@ -4677,11 +4499,15 @@ msgstr "Dummy interfaces can be used as interfaces that always stay up (in the s
msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
+#: ../../configuration/pki/index.rst:285
+msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/service/ssh.rst:113
msgid "Dynamic-protection"
msgstr "Dynamic-protection"
-#: ../../configuration/service/dns.rst:199
+#: ../../configuration/service/dns.rst:212
msgid "Dynamic DNS"
msgstr "Dynamic DNS"
@@ -4689,7 +4515,7 @@ msgstr "Dynamic DNS"
msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
-#: ../../configuration/nat/nat44.rst:731
+#: ../../configuration/nat/nat44.rst:753
msgid "ESP Phase:"
msgstr "ESP Phase:"
@@ -4757,10 +4583,14 @@ msgstr "Each site-to-site peer has the next options:"
msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
-#: ../../configuration/service/https.rst:63
+#: ../../configuration/service/https.rst:54
msgid "Email address to associate with certificate"
msgstr "Email address to associate with certificate"
+#: ../../configuration/pki/index.rst:265
+msgid "Email used for registration and recovery contact."
+msgstr "Email used for registration and recovery contact."
+
#: ../../configuration/trafficpolicy/index.rst:300
msgid "Embedding one policy into another one"
msgstr "Embedding one policy into another one"
@@ -4809,6 +4639,10 @@ msgstr "Enable DHCP failover configuration for this address pool."
msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
+#: ../../configuration/system/frr.rst:24
+msgid "Enable ICMP Router Discovery Protocol support"
+msgstr "Enable ICMP Router Discovery Protocol support"
+
#: ../../configuration/interfaces/bridge.rst:81
msgid "Enable IGMP and MLD querier."
msgstr "Enable IGMP and MLD querier."
@@ -4817,23 +4651,23 @@ msgstr "Enable IGMP and MLD querier."
msgid "Enable IGMP and MLD snooping."
msgstr "Enable IGMP and MLD snooping."
-#: ../../configuration/service/dhcp-server.rst:304
+#: ../../configuration/service/dhcp-server.rst:271
msgid "Enable IP forwarding on client"
msgstr "Enable IP forwarding on client"
-#: ../../configuration/protocols/isis.rst:311
+#: ../../configuration/protocols/isis.rst:339
msgid "Enable IS-IS"
msgstr "Enable IS-IS"
-#: ../../configuration/protocols/isis.rst:427
+#: ../../configuration/protocols/isis.rst:455
msgid "Enable IS-IS and IGP-LDP synchronization"
msgstr "Enable IS-IS and IGP-LDP synchronization"
-#: ../../configuration/protocols/isis.rst:386
+#: ../../configuration/protocols/isis.rst:414
msgid "Enable IS-IS and redistribute routes not natively in IS-IS"
msgstr "Enable IS-IS and redistribute routes not natively in IS-IS"
-#: ../../configuration/protocols/isis.rst:465
+#: ../../configuration/protocols/isis.rst:493
#: ../../configuration/protocols/segment-routing.rst:193
msgid "Enable IS-IS with Segment Routing (Experimental)"
msgstr "Enable IS-IS with Segment Routing (Experimental)"
@@ -4883,6 +4717,10 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k
msgid "Enable SNMP queries of the LLDP database"
msgstr "Enable SNMP queries of the LLDP database"
+#: ../../configuration/system/frr.rst:28
+msgid "Enable SNMP support for an individual routing daemon."
+msgstr "Enable SNMP support for an individual routing daemon."
+
#: ../../configuration/interfaces/bridge.rst:197
#: ../../configuration/interfaces/bridge.rst:232
msgid "Enable STP"
@@ -4900,6 +4738,14 @@ msgstr "Enable VHT TXOP Power Save Mode"
msgid "Enable VLAN-Aware Bridge"
msgstr "Enable VLAN-Aware Bridge"
+#: ../../configuration/system/frr.rst:13
+msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+
+#: ../../configuration/service/https.rst:46
+msgid "Enable automatic redirect from http to https."
+msgstr "Enable automatic redirect from http to https."
+
#: ../../configuration/vpn/dmvpn.rst:132
msgid "Enable creation of shortcut routes."
msgstr "Enable creation of shortcut routes."
@@ -4916,18 +4762,22 @@ msgstr "Enable given legacy protocol on this LLDP instance. Legacy protocols inc
msgid "Enable layer 7 HTTP health check"
msgstr "Enable layer 7 HTTP health check"
-#: ../../configuration/firewall/general.rst:177
-#: ../../configuration/firewall/general-legacy.rst:126
+#: ../../configuration/firewall/bridge.rst:157
+#: ../../configuration/firewall/ipv4.rst:206
+#: ../../configuration/firewall/ipv6.rst:206
+msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+
+#: ../../configuration/firewall/global-options.rst:114
msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:169
-#: ../../configuration/firewall/general-legacy.rst:119
+#: ../../configuration/firewall/global-options.rst:106
msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:426
-#: ../../configuration/firewall/general-legacy.rst:340
+#: ../../configuration/firewall/ipv4.rst:173
+#: ../../configuration/firewall/ipv6.rst:173
msgid "Enable or disable logging for the matched packet."
msgstr "Enable or disable logging for the matched packet."
@@ -4935,28 +4785,9 @@ msgstr "Enable or disable logging for the matched packet."
msgid "Enable ospf on an interface and set associated area."
msgstr "Enable ospf on an interface and set associated area."
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/pppoe.rst:228
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/sstp-client.rst:100
#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
@@ -5002,18 +4833,22 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic
msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
-#: ../../configuration/vrf/index.rst:459
+#: ../../configuration/vrf/index.rst:461
msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
-#: ../../configuration/vpn/sstp.rst:266
+#: ../../configuration/vpn/sstp.rst:277
msgid "Enables bandwidth shaping via RADIUS."
msgstr "Enables bandwidth shaping via RADIUS."
-#: ../../configuration/vrf/index.rst:481
+#: ../../configuration/vrf/index.rst:483
msgid "Enables import or export of routes between the current unicast VRF and VPN."
msgstr "Enables import or export of routes between the current unicast VRF and VPN."
+#: ../../configuration/interfaces/vxlan.rst:72
+msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+
#: ../../configuration/protocols/bfd.rst:30
msgid "Enables the echo transmission mode"
msgstr "Enables the echo transmission mode"
@@ -5022,7 +4857,7 @@ msgstr "Enables the echo transmission mode"
msgid "Enabling Advertisments"
msgstr "Enabling Advertisments"
-#: ../../configuration/interfaces/openvpn.rst:627
+#: ../../configuration/interfaces/openvpn.rst:679
msgid "Enabling OpenVPN DCO"
msgstr "Enabling OpenVPN DCO"
@@ -5030,11 +4865,11 @@ msgstr "Enabling OpenVPN DCO"
msgid "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
msgstr "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
-#: ../../configuration/protocols/igmp.rst:224
+#: ../../configuration/protocols/igmp-proxy.rst:52
msgid "Enabling this function increases the risk of bandwidth saturation."
msgstr "Enabling this function increases the risk of bandwidth saturation."
-#: ../../configuration/service/https.rst:37
+#: ../../configuration/service/https.rst:73
msgid "Enforce strict path checking"
msgstr "Enforce strict path checking"
@@ -5051,25 +4886,6 @@ msgid "Enterprise installations usually ship a kind of directory service which i
msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend."
#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
@@ -5090,15 +4906,6 @@ msgid "Ethernet"
msgstr "Ethernet"
#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
msgstr "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
@@ -5130,7 +4937,7 @@ msgstr "Event handler script"
msgid "Event handler that monitors the state of interface eth0."
msgstr "Event handler that monitors the state of interface eth0."
-#: ../../configuration/nat/nat44.rst:221
+#: ../../configuration/nat/nat44.rst:233
msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
msgstr "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
@@ -5162,441 +4969,90 @@ msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which
msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
+#: ../../configuration/firewall/bridge.rst:321
#: ../../configuration/highavailability/index.rst:397
#: ../../configuration/interfaces/bonding.rst:291
#: ../../configuration/interfaces/l2tpv3.rst:86
#: ../../configuration/interfaces/pppoe.rst:323
#: ../../configuration/interfaces/virtual-ethernet.rst:92
-#: ../../configuration/interfaces/vxlan.rst:166
+#: ../../configuration/interfaces/vxlan.rst:187
#: ../../configuration/interfaces/wwan.rst:294
#: ../../configuration/protocols/failover.rst:63
-#: ../../configuration/protocols/igmp.rst:35
-#: ../../configuration/protocols/igmp.rst:233
+#: ../../configuration/protocols/igmp-proxy.rst:61
+#: ../../configuration/protocols/pim.rst:217
#: ../../configuration/protocols/rpki.rst:156
#: ../../configuration/service/broadcast-relay.rst:55
#: ../../configuration/service/conntrack-sync.rst:186
#: ../../configuration/service/dhcp-relay.rst:85
-#: ../../configuration/service/dhcp-relay.rst:172
-#: ../../configuration/service/dhcp-server.rst:421
-#: ../../configuration/service/dns.rst:147
-#: ../../configuration/service/dns.rst:263
+#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:276
#: ../../configuration/service/eventhandler.rst:83
#: ../../configuration/service/ipoe-server.rst:150
-#: ../../configuration/service/mdns.rst:34
+#: ../../configuration/service/mdns.rst:50
#: ../../configuration/service/monitoring.rst:134
#: ../../configuration/service/snmp.rst:94
#: ../../configuration/service/snmp.rst:145
#: ../../configuration/service/tftp-server.rst:47
#: ../../configuration/system/acceleration.rst:58
-#: ../../configuration/system/login.rst:395
+#: ../../configuration/system/login.rst:397
#: ../../configuration/system/name-server.rst:28
#: ../../configuration/system/name-server.rst:63
#: ../../configuration/system/sflow.rst:49
+#: ../../configuration/system/updates.rst:21
#: ../../configuration/trafficpolicy/index.rst:530
#: ../../configuration/trafficpolicy/index.rst:1122
#: ../../configuration/vpn/dmvpn.rst:161
#: ../../configuration/vpn/openconnect.rst:97
-#: ../../configuration/vpn/sstp.rst:275
+#: ../../configuration/vpn/sstp.rst:286
#: ../../configuration/vrf/index.rst:99
#: ../../configuration/vrf/index.rst:232
msgid "Example"
msgstr "Example"
-#: ../../configuration/service/pppoe-server.rst:144
+#: ../../configuration/service/pppoe-server.rst:131
msgid "Example, from radius-server send command for disconnect client with username test"
msgstr "Example, from radius-server send command for disconnect client with username test"
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-eapol.txt:18
-#: ../../_include/interface-eapol.txt:33
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/pppoe.rst:127
#: ../../configuration/interfaces/pppoe.rst:140
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/sstp-client.rst:49
#: ../../configuration/interfaces/sstp-client.rst:62
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
+#: ../../configuration/nat/nat44.rst:170
+#: ../../configuration/nat/nat44.rst:185
+#: ../../configuration/nat/nat44.rst:199
+#: ../../configuration/nat/nat44.rst:220
+#: ../../configuration/nat/nat44.rst:256
+#: ../../configuration/nat/nat44.rst:278
+#: ../../configuration/nat/nat44.rst:425
+#: ../../configuration/nat/nat66.rst:78
+#: ../../configuration/nat/nat66.rst:96
+#: ../../configuration/protocols/static.rst:174
+#: ../../configuration/service/dns.rst:363
+#: ../../configuration/service/monitoring.rst:69
+#: ../../configuration/service/monitoring.rst:98
+#: ../../configuration/service/ssh.rst:165
+#: ../../configuration/service/ssh.rst:200
+#: ../../configuration/system/flow-accounting.rst:164
+#: ../../configuration/vpn/l2tp.rst:41
+#: ../../configuration/vpn/site2site_ipsec.rst:162
+#: ../../configuration/vpn/site2site_ipsec.rst:273
#: ../../_include/interface-address-with-dhcp.txt:22
+#: ../../_include/interface-address.txt:9
#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
#: ../../_include/interface-dhcp-options.txt:10
#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
+#: ../../_include/interface-dhcp-options.txt:39
+#: ../../_include/interface-dhcp-options.txt:51
+#: ../../_include/interface-dhcp-options.txt:62
+#: ../../_include/interface-dhcp-options.txt:77
+#: ../../_include/interface-dhcp-options.txt:91
#: ../../_include/interface-disable-flow-control.txt:19
#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
+#: ../../_include/interface-eapol.txt:18
+#: ../../_include/interface-eapol.txt:33
#: ../../_include/interface-ip.txt:27
#: ../../_include/interface-ip.txt:50
#: ../../_include/interface-ip.txt:144
@@ -5606,120 +5062,22 @@ msgstr "Example, from radius-server send command for disconnect client with user
#: ../../_include/interface-ipv6.txt:51
#: ../../_include/interface-ipv6.txt:83
#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
#: ../../_include/interface-mac.txt:7
#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
+#: ../../_include/interface-per-client-thread.txt:10
#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../configuration/nat/nat44.rst:153
-#: ../../configuration/nat/nat44.rst:163
-#: ../../configuration/nat/nat44.rst:173
-#: ../../configuration/nat/nat44.rst:187
-#: ../../configuration/nat/nat44.rst:208
-#: ../../configuration/nat/nat44.rst:244
-#: ../../configuration/nat/nat44.rst:266
-#: ../../configuration/nat/nat44.rst:411
-#: ../../configuration/nat/nat66.rst:78
-#: ../../configuration/nat/nat66.rst:96
-#: ../../configuration/protocols/static.rst:174
-#: ../../configuration/service/dns.rst:350
-#: ../../configuration/service/monitoring.rst:69
-#: ../../configuration/service/monitoring.rst:98
-#: ../../configuration/service/ssh.rst:165
-#: ../../configuration/service/ssh.rst:200
-#: ../../configuration/system/flow-accounting.rst:164
-#: ../../configuration/vpn/l2tp.rst:41
-#: ../../configuration/vpn/site2site_ipsec.rst:158
-#: ../../configuration/vpn/site2site_ipsec.rst:269
msgid "Example:"
msgstr "Example:"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
-#: ../../configuration/nat/nat44.rst:357
+#: ../../configuration/nat/nat44.rst:371
msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
msgstr "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
msgstr "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
@@ -5769,24 +5127,24 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is `
msgid "Example Configuration"
msgstr "Example Configuration"
-#: ../../configuration/service/dns.rst:365
+#: ../../configuration/service/dns.rst:378
msgid "Example IPv6 only:"
msgstr "Example IPv6 only:"
-#: ../../configuration/nat/nat44.rst:666
+#: ../../configuration/nat/nat44.rst:690
msgid "Example Network"
msgstr "Example Network"
-#: ../../configuration/firewall/general.rst:1495
-#: ../../configuration/firewall/general-legacy.rst:979
+#: ../../configuration/firewall/ipv4.rst:1130
+#: ../../configuration/firewall/ipv6.rst:1153
msgid "Example Partial Config"
msgstr "Example Partial Config"
-#: ../../configuration/protocols/ospf.rst:1346
+#: ../../configuration/protocols/ospf.rst:1348
msgid "Example configuration for WireGuard interfaces:"
msgstr "Example configuration for WireGuard interfaces:"
-#: ../../configuration/service/pppoe-server.rst:160
+#: ../../configuration/service/pppoe-server.rst:147
msgid "Example for changing rate-limit via RADIUS CoA."
msgstr "Example for changing rate-limit via RADIUS CoA."
@@ -5794,28 +5152,31 @@ msgstr "Example for changing rate-limit via RADIUS CoA."
msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
-#: ../../configuration/nat/nat44.rst:280
+#: ../../configuration/nat/nat44.rst:292
msgid "Example of redirection:"
msgstr "Example of redirection:"
-#: ../../configuration/firewall/general.rst:1278
+#: ../../configuration/firewall/ipv4.rst:925
+#: ../../configuration/firewall/ipv6.rst:934
msgid "Example synproxy"
msgstr "Example synproxy"
+#: ../../configuration/firewall/groups.rst:145
#: ../../configuration/interfaces/bridge.rst:187
#: ../../configuration/interfaces/macsec.rst:153
#: ../../configuration/interfaces/wireless.rst:541
#: ../../configuration/loadbalancing/reverse-proxy.rst:187
#: ../../configuration/policy/index.rst:46
-#: ../../configuration/protocols/bgp.rst:1095
-#: ../../configuration/protocols/isis.rst:308
+#: ../../configuration/protocols/bgp.rst:1096
+#: ../../configuration/protocols/isis.rst:336
#: ../../configuration/protocols/ospf.rst:834
-#: ../../configuration/service/pppoe-server.rst:356
+#: ../../configuration/service/pppoe-server.rst:343
#: ../../configuration/service/webproxy.rst:419
msgid "Examples"
msgstr "Examples"
-#: ../../configuration/vpn/site2site_ipsec.rst:153
+#: ../../configuration/nat/nat44.rst:154
+#: ../../configuration/vpn/site2site_ipsec.rst:157
msgid "Examples:"
msgstr "Examples:"
@@ -5847,11 +5208,15 @@ msgstr "Exit policy on match: go to rule <1-65535>"
msgid "Expedited forwarding (EF)"
msgstr "Expedited forwarding (EF)"
+#: ../../configuration/firewall/flowtables.rst:140
+msgid "Explanation"
+msgstr "Explanation"
+
#: ../../configuration/service/salt-minion.rst:33
msgid "Explicitly declare ID for this minion to use (default: hostname)"
msgstr "Explicitly declare ID for this minion to use (default: hostname)"
-#: ../../configuration/service/dhcp-relay.rst:176
+#: ../../configuration/service/dhcp-relay.rst:178
msgid "External DHCPv6 server is at 2001:db8::4"
msgstr "External DHCPv6 server is at 2001:db8::4"
@@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds
msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
+#: ../../configuration/system/frr.rst:5
+msgid "FRR"
+msgstr "FRR"
+
#: ../../configuration/protocols/ospf.rst:213
msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
msgstr "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
-#: ../../configuration/interfaces/vxlan.rst:138
+#: ../../configuration/interfaces/vxlan.rst:159
msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
@@ -5905,8 +5274,8 @@ msgstr "Facility Code"
#: ../../configuration/loadbalancing/wan.rst:218
#: ../../configuration/protocols/failover.rst:3
-#: ../../configuration/service/dhcp-server.rst:171
-#: ../../configuration/service/dhcp-server.rst:428
+#: ../../configuration/service/dhcp-server.rst:136
+#: ../../configuration/service/dhcp-server.rst:369
msgid "Failover"
msgstr "Failover"
@@ -5942,15 +5311,15 @@ msgstr "Features of the Current Implementation"
msgid "Field"
msgstr "Field"
-#: ../../configuration/service/dns.rst:228
+#: ../../configuration/service/dns.rst:241
msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
-#: ../../configuration/service/pppoe-server.rst:241
+#: ../../configuration/service/pppoe-server.rst:228
msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
-#: ../../configuration/service/pppoe-server.rst:167
+#: ../../configuration/service/pppoe-server.rst:154
msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
@@ -5982,6 +5351,14 @@ msgstr "Firewall"
msgid "Firewall-Legacy"
msgstr "Firewall-Legacy"
+#: ../../configuration/firewall/ipv4.rst:72
+msgid "Firewall - IPv4 Rules"
+msgstr "Firewall - IPv4 Rules"
+
+#: ../../configuration/firewall/ipv6.rst:72
+msgid "Firewall - IPv6 Rules"
+msgstr "Firewall - IPv6 Rules"
+
#: ../../configuration/firewall/general.rst:7
msgid "Firewall Configuration"
msgstr "Firewall Configuration"
@@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration"
msgid "Firewall Configuration (Deprecated)"
msgstr "Firewall Configuration (Deprecated)"
-#: ../../configuration/firewall/general.rst:495
+#: ../../configuration/firewall/bridge.rst:199
+#: ../../configuration/firewall/ipv4.rst:268
+#: ../../configuration/firewall/ipv6.rst:268
msgid "Firewall Description"
msgstr "Firewall Description"
@@ -5999,7 +5378,9 @@ msgstr "Firewall Description"
msgid "Firewall Exceptions"
msgstr "Firewall Exceptions"
-#: ../../configuration/firewall/general.rst:410
+#: ../../configuration/firewall/bridge.rst:149
+#: ../../configuration/firewall/ipv4.rst:196
+#: ../../configuration/firewall/ipv6.rst:196
msgid "Firewall Logs"
msgstr "Firewall Logs"
@@ -6007,6 +5388,14 @@ msgstr "Firewall Logs"
msgid "Firewall Rules"
msgstr "Firewall Rules"
+#: ../../configuration/firewall/groups.rst:7
+msgid "Firewall groups"
+msgstr "Firewall groups"
+
+#: ../../configuration/firewall/groups.rst:13
+msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+
#: ../../configuration/firewall/general.rst:186
msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
@@ -6023,10 +5412,14 @@ msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark``
msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
-#: ../../configuration/nat/nat44.rst:620
+#: ../../configuration/nat/nat44.rst:644
msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
msgstr "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
+#: ../../configuration/nat/nat44.rst:572
+msgid "Firewall rules for Destination NAT"
+msgstr "Firewall rules for Destination NAT"
+
#: ../../configuration/interfaces/wwan.rst:321
msgid "Firmware Update"
msgstr "Firmware Update"
@@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi
msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
msgstr "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
-#: ../../configuration/nat/nat44.rst:635
+#: ../../configuration/nat/nat44.rst:659
msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
@@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu
msgid "First steps"
msgstr "First steps"
-#: ../../configuration/vpn/openconnect.rst:171
+#: ../../configuration/vpn/openconnect.rst:178
msgid "First the OTP keys must be generated and sent to the user and to the configuration:"
msgstr "First the OTP keys must be generated and sent to the user and to the configuration:"
@@ -6103,10 +5496,30 @@ msgstr "Flow and packet-based balancing"
msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
+#: ../../configuration/firewall/flowtables.rst:57
+msgid "Flowtable Configuration"
+msgstr "Flowtable Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:7
+msgid "Flowtables Firewall Configuration"
+msgstr "Flowtables Firewall Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:32
+msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+
#: ../../configuration/loadbalancing/wan.rst:244
msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
+#: ../../configuration/service/ssh.rst:236
+msgid "Follow the SSH dynamic-protection log."
+msgstr "Follow the SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:228
+msgid "Follow the SSH server log."
+msgstr "Follow the SSH server log."
+
#: ../../configuration/vpn/openconnect.rst:102
msgid "Follow the instructions to generate CA cert (in configuration mode):"
msgstr "Follow the instructions to generate CA cert (in configuration mode):"
@@ -6115,6 +5528,10 @@ msgstr "Follow the instructions to generate CA cert (in configuration mode):"
msgid "Follow the instructions to generate server cert (in configuration mode):"
msgstr "Follow the instructions to generate server cert (in configuration mode):"
+#: ../../configuration/service/mdns.rst:91
+msgid "Follow the logs for mDNS repeater service."
+msgstr "Follow the logs for mDNS repeater service."
+
#: ../../configuration/interfaces/openvpn.rst:258
msgid "For Encryption:"
msgstr "For Encryption:"
@@ -6131,11 +5548,11 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router
msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
-#: ../../configuration/service/pppoe-server.rst:201
+#: ../../configuration/service/pppoe-server.rst:188
msgid "For Local Users"
msgstr "For Local Users"
-#: ../../configuration/service/pppoe-server.rst:236
+#: ../../configuration/service/pppoe-server.rst:223
msgid "For RADIUS users"
msgstr "For RADIUS users"
@@ -6147,11 +5564,11 @@ msgstr "For USB port information please refor to: :ref:`hardware_usb`."
msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
msgstr "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
-#: ../../configuration/nat/nat44.rst:263
+#: ../../configuration/nat/nat44.rst:275
msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
msgstr "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
-#: ../../configuration/nat/nat44.rst:228
+#: ../../configuration/nat/nat44.rst:240
msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
@@ -6163,7 +5580,7 @@ msgstr "For a headstart you can use the below example on how to build a bond,por
msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
-#: ../../configuration/nat/nat44.rst:248
+#: ../../configuration/nat/nat44.rst:260
msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
msgstr "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
@@ -6187,7 +5604,9 @@ msgstr "For example:"
msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
-#: ../../configuration/firewall/general.rst:320
+#: ../../configuration/firewall/bridge.rst:58
+#: ../../configuration/firewall/ipv4.rst:74
+#: ../../configuration/firewall/ipv6.rst:74
msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
@@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc
msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
msgstr "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
-#: ../../configuration/service/pppoe-server.rst:312
+#: ../../configuration/service/pppoe-server.rst:299
msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
-#: ../../configuration/interfaces/vxlan.rst:131
+#: ../../configuration/interfaces/vxlan.rst:152
msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
@@ -6235,7 +5654,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead
msgid "For outbound updates the order of preference is:"
msgstr "For outbound updates the order of preference is:"
-#: ../../configuration/firewall/general.rst:497
+#: ../../configuration/firewall/bridge.rst:201
+msgid "For reference, a description can be defined for every defined custom chain."
+msgstr "For reference, a description can be defined for every defined custom chain."
+
+#: ../../configuration/firewall/ipv4.rst:270
+#: ../../configuration/firewall/ipv6.rst:270
msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."
msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain."
@@ -6279,10 +5703,28 @@ msgstr "For the sake of demonstration, `example #1 in the official documentation
msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+
+#: ../../configuration/firewall/ipv4.rst:46
+#: ../../configuration/firewall/ipv6.rst:46
+msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+
#: ../../configuration/firewall/general.rst:69
msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
+#: ../../configuration/firewall/ipv4.rst:36
+#: ../../configuration/firewall/ipv6.rst:36
+msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+
#: ../../configuration/firewall/general.rst:62
msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
@@ -6315,6 +5757,14 @@ msgstr "From :rfc:`1930`:"
msgid "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
msgstr "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
+#: ../../configuration/firewall/bridge.rst:21
+#: ../../configuration/firewall/flowtables.rst:20
+#: ../../configuration/firewall/ipv4.rst:19
+#: ../../configuration/firewall/ipv6.rst:19
+#: ../../configuration/firewall/zone.rst:31
+msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+
#: ../../configuration/highavailability/index.rst:380
msgid "Fwmark"
msgstr "Fwmark"
@@ -6369,6 +5819,10 @@ msgstr "General"
msgid "General Configuration"
msgstr "General Configuration"
+#: ../../configuration/firewall/bridge.rst:291
+msgid "General commands for firewall configuration, counter and statiscits:"
+msgstr "General commands for firewall configuration, counter and statiscits:"
+
#: ../../configuration/interfaces/wireguard.rst:29
msgid "Generate Keypair"
msgstr "Generate Keypair"
@@ -6424,6 +5878,10 @@ msgstr "Get an overview over the encryption counters."
msgid "Get detailed information about LLDP neighbors."
msgstr "Get detailed information about LLDP neighbors."
+#: ../../configuration/nat/nat66.rst:160
+msgid "Get the DHCPv6-PD prefixes from both routers:"
+msgstr "Get the DHCPv6-PD prefixes from both routers:"
+
#: ../../configuration/protocols/rpki.rst:39
msgid "Getting started"
msgstr "Getting started"
@@ -6444,6 +5902,10 @@ msgstr "Gloabal"
msgid "Global Options"
msgstr "Global Options"
+#: ../../configuration/firewall/global-options.rst:7
+msgid "Global Options Firewall Configuration"
+msgstr "Global Options Firewall Configuration"
+
#: ../../configuration/highavailability/index.rst:224
msgid "Global options"
msgstr "Global options"
@@ -6465,7 +5927,6 @@ msgstr "Graceful Restart"
msgid "Gratuitous ARP"
msgstr "Gratuitous ARP"
-#: ../../configuration/firewall/general.rst:184
#: ../../configuration/firewall/general-legacy.rst:153
msgid "Groups"
msgstr "Groups"
@@ -6482,7 +5943,11 @@ msgstr "HQ's router requires the following steps to generate crypto materials fo
msgid "HTTP-API"
msgstr "HTTP-API"
-#: ../../configuration/service/dns.rst:304
+#: ../../configuration/service/https.rst:5
+msgid "HTTP API"
+msgstr "HTTP API"
+
+#: ../../configuration/service/dns.rst:317
msgid "HTTP based services"
msgstr "HTTP based services"
@@ -6499,11 +5964,11 @@ msgstr "HTTP client"
msgid "HT (High Throughput) capabilities (802.11n)"
msgstr "HT (High Throughput) capabilities (802.11n)"
-#: ../../configuration/nat/nat44.rst:398
+#: ../../configuration/nat/nat44.rst:412
msgid "Hairpin NAT/NAT Reflection"
msgstr "Hairpin NAT/NAT Reflection"
-#: ../../configuration/service/dhcp-server.rst:643
+#: ../../configuration/service/dhcp-server.rst:573
msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
@@ -6511,7 +5976,7 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe
msgid "Handling and monitoring"
msgstr "Handling and monitoring"
-#: ../../configuration/nat/nat44.rst:389
+#: ../../configuration/nat/nat44.rst:403
msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
@@ -6527,15 +5992,15 @@ msgstr "Health check scripts"
msgid "Health checks"
msgstr "Health checks"
-#: ../../configuration/nat/nat44.rst:602
+#: ../../configuration/nat/nat44.rst:626
msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
-#: ../../configuration/nat/nat44.rst:668
+#: ../../configuration/nat/nat44.rst:692
msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
msgstr "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
-#: ../../configuration/protocols/isis.rst:357
+#: ../../configuration/protocols/isis.rst:385
msgid "Here's the IP routes that are populated. Just the loopback:"
msgstr "Here's the IP routes that are populated. Just the loopback:"
@@ -6563,37 +6028,22 @@ msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:"
msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
-#: ../../configuration/protocols/isis.rst:523
+#: ../../configuration/firewall/groups.rst:150
+msgid "Here is an example were multiple groups are created:"
+msgstr "Here is an example were multiple groups are created:"
+
+#: ../../configuration/protocols/isis.rst:551
#: ../../configuration/protocols/ospf.rst:1036
#: ../../configuration/protocols/segment-routing.rst:251
#: ../../configuration/protocols/segment-routing.rst:330
msgid "Here is the routing tables showing the MPLS segment routing label operations:"
msgstr "Here is the routing tables showing the MPLS segment routing label operations:"
-#: ../../configuration/nat/nat44.rst:633
+#: ../../configuration/nat/nat44.rst:657
msgid "Here we provide two examples on how to apply NAT Load Balance."
msgstr "Here we provide two examples on how to apply NAT Load Balance."
#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
msgid "Hewlett-Packard call it Source-Port filtering or port-isolation"
msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation"
@@ -6624,7 +6074,7 @@ msgstr "Host Information"
msgid "Host name"
msgstr "Host name"
-#: ../../configuration/service/dhcp-server.rst:698
+#: ../../configuration/service/dhcp-server.rst:630
msgid "Host specific mapping shall be named ``client1``"
msgstr "Host specific mapping shall be named ``client1``"
@@ -6677,17 +6127,10 @@ msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in
msgstr "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network."
#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
msgstr "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
@@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard tha
msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
msgstr "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
-#: ../../configuration/protocols/igmp.rst:179
+#: ../../configuration/protocols/pim.rst:176
+msgid "IGMP - Internet Group Management Protocol)"
+msgstr "IGMP - Internet Group Management Protocol)"
+
+#: ../../configuration/protocols/igmp-proxy.rst:7
msgid "IGMP Proxy"
msgstr "IGMP Proxy"
-#: ../../configuration/nat/nat44.rst:726
+#: ../../configuration/nat/nat44.rst:748
msgid "IKE Phase:"
msgstr "IKE Phase:"
@@ -6711,11 +6158,11 @@ msgstr "IKE (Internet Key Exchange) Attributes"
msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
-#: ../../configuration/vpn/site2site_ipsec.rst:156
+#: ../../configuration/vpn/site2site_ipsec.rst:160
msgid "IKEv1"
msgstr "IKEv1"
-#: ../../configuration/vpn/site2site_ipsec.rst:267
+#: ../../configuration/vpn/site2site_ipsec.rst:271
msgid "IKEv2"
msgstr "IKEv2"
@@ -6739,11 +6186,11 @@ msgstr "IPIP6"
msgid "IPSec:"
msgstr "IPSec:"
-#: ../../configuration/nat/nat44.rst:722
+#: ../../configuration/nat/nat44.rst:744
msgid "IPSec IKE and ESP"
msgstr "IPSec IKE and ESP"
-#: ../../configuration/nat/nat44.rst:687
+#: ../../configuration/nat/nat44.rst:711
msgid "IPSec IKE and ESP Groups;"
msgstr "IPSec IKE and ESP Groups;"
@@ -6751,19 +6198,19 @@ msgstr "IPSec IKE and ESP Groups;"
msgid "IPSec IKEv2 Remote Access VPN"
msgstr "IPSec IKEv2 Remote Access VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN"
msgstr "IPSec IKEv2 site2site VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
-#: ../../configuration/nat/nat44.rst:758
+#: ../../configuration/nat/nat44.rst:780
msgid "IPSec VPN Tunnels"
msgstr "IPSec VPN Tunnels"
-#: ../../configuration/nat/nat44.rst:688
+#: ../../configuration/nat/nat44.rst:712
msgid "IPSec VPN tunnels."
msgstr "IPSec VPN tunnels."
@@ -6771,7 +6218,7 @@ msgstr "IPSec VPN tunnels."
msgid "IP address"
msgstr "IP address"
-#: ../../configuration/service/dhcp-server.rst:237
+#: ../../configuration/service/dhcp-server.rst:202
msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
@@ -6780,19 +6227,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named
msgid "IP address ``192.168.2.1/24``"
msgstr "IP address ``192.168.2.1/24``"
-#: ../../configuration/service/dhcp-server.rst:319
+#: ../../configuration/service/dhcp-server.rst:286
msgid "IP address for DHCP server identifier"
msgstr "IP address for DHCP server identifier"
-#: ../../configuration/service/dhcp-server.rst:309
+#: ../../configuration/service/dhcp-server.rst:276
msgid "IP address of NTP server"
msgstr "IP address of NTP server"
-#: ../../configuration/service/dhcp-server.rst:349
+#: ../../configuration/service/dhcp-server.rst:316
msgid "IP address of POP3 server"
msgstr "IP address of POP3 server"
-#: ../../configuration/service/dhcp-server.rst:344
+#: ../../configuration/service/dhcp-server.rst:311
msgid "IP address of SMTP server"
msgstr "IP address of SMTP server"
@@ -6808,7 +6255,7 @@ msgstr "IP address of route to match, based on prefix-list."
msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/dhcp-server.rst:379
+#: ../../configuration/service/dhcp-server.rst:346
msgid "IP address to exclude from DHCP lease range"
msgstr "IP address to exclude from DHCP lease range"
@@ -6884,19 +6331,23 @@ msgstr "IPsec"
msgid "IPsec policy matching GRE"
msgstr "IPsec policy matching GRE"
-#: ../../configuration/service/pppoe-server.rst:359
+#: ../../configuration/service/pppoe-server.rst:346
msgid "IPv4"
msgstr "IPv4"
-#: ../../configuration/interfaces/vxlan.rst:85
+#: ../../configuration/interfaces/vxlan.rst:106
msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
-#: ../../configuration/service/dhcp-server.rst:324
+#: ../../configuration/firewall/ipv4.rst:7
+msgid "IPv4 Firewall Configuration"
+msgstr "IPv4 Firewall Configuration"
+
+#: ../../configuration/service/dhcp-server.rst:291
msgid "IPv4 address of next bootstrap server"
msgstr "IPv4 address of next bootstrap server"
-#: ../../configuration/service/dhcp-server.rst:284
+#: ../../configuration/service/dhcp-server.rst:251
msgid "IPv4 address of router on the client's subnet"
msgstr "IPv4 address of router on the client's subnet"
@@ -6904,7 +6355,7 @@ msgstr "IPv4 address of router on the client's subnet"
msgid "IPv4 or IPv6 source address of NetFlow packets"
msgstr "IPv4 or IPv6 source address of NetFlow packets"
-#: ../../configuration/protocols/bgp.rst:1098
+#: ../../configuration/protocols/bgp.rst:1099
msgid "IPv4 peering"
msgstr "IPv4 peering"
@@ -6925,7 +6376,7 @@ msgid "IPv4 server"
msgstr "IPv4 server"
#: ../../configuration/interfaces/pppoe.rst:244
-#: ../../configuration/service/pppoe-server.rst:280
+#: ../../configuration/service/pppoe-server.rst:267
#: ../../configuration/system/ipv6.rst:3
msgid "IPv6"
msgstr "IPv6"
@@ -6942,11 +6393,15 @@ msgstr "IPv6 DHCPv6-PD Example"
msgid "IPv6 DNS addresses are optional."
msgstr "IPv6 DNS addresses are optional."
+#: ../../configuration/firewall/ipv6.rst:7
+msgid "IPv6 Firewall Configuration"
+msgstr "IPv6 Firewall Configuration"
+
#: ../../configuration/protocols/pim6.rst:5
msgid "IPv6 Multicast"
msgstr "IPv6 Multicast"
-#: ../../configuration/service/pppoe-server.rst:295
+#: ../../configuration/service/pppoe-server.rst:282
msgid "IPv6 Prefix Delegation"
msgstr "IPv6 Prefix Delegation"
@@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC and IA-PD"
msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
-#: ../../configuration/service/dhcp-server.rst:696
+#: ../../configuration/service/dhcp-server.rst:628
msgid "IPv6 address ``2001:db8::101`` shall be statically mapped"
msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped"
@@ -6978,11 +6433,11 @@ msgstr "IPv6 address of route to match, based on IPv6 prefix-list."
msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/pppoe-server.rst:283
+#: ../../configuration/service/pppoe-server.rst:270
msgid "IPv6 client's prefix assignment"
msgstr "IPv6 client's prefix assignment"
-#: ../../configuration/protocols/bgp.rst:1143
+#: ../../configuration/protocols/bgp.rst:1144
msgid "IPv6 peering"
msgstr "IPv6 peering"
@@ -6990,7 +6445,7 @@ msgstr "IPv6 peering"
msgid "IPv6 prefix."
msgstr "IPv6 prefix."
-#: ../../configuration/service/dhcp-server.rst:697
+#: ../../configuration/service/dhcp-server.rst:629
msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
@@ -7002,7 +6457,7 @@ msgstr "IPv6 relay"
msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
-#: ../../configuration/service/dhcp-server.rst:578
+#: ../../configuration/service/dhcp-server.rst:502
msgid "IPv6 server"
msgstr "IPv6 server"
@@ -7022,11 +6477,11 @@ msgstr "IS-IS Global Configuration"
msgid "IS-IS SR Configuration"
msgstr "IS-IS SR Configuration"
-#: ../../configuration/service/dhcp-server.rst:266
+#: ../../configuration/service/dhcp-server.rst:233
msgid "ISC-DHCP Option name"
msgstr "ISC-DHCP Option name"
-#: ../../configuration/vpn/openconnect.rst:226
+#: ../../configuration/vpn/openconnect.rst:233
msgid "Identity Based Configuration"
msgstr "Identity Based Configuration"
@@ -7043,10 +6498,17 @@ msgid "If CA is present, this certificate will be included in generated CRLs"
msgstr "If CA is present, this certificate will be included in generated CRLs"
#: ../../_include/interface-per-client-thread.txt:8
-#: ../../_include/interface-per-client-thread.txt:8
msgid "If CLI option is not specified, this feature is disabled."
msgstr "If CLI option is not specified, this feature is disabled."
+#: ../../configuration/protocols/pim.rst:35
+msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+
+#: ../../configuration/protocols/pim.rst:42
+msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+
#: ../../configuration/protocols/bgp.rst:225
msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
@@ -7072,7 +6534,9 @@ msgstr "If a response is heard, the lease is abandoned, and the server does not
msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
-#: ../../configuration/firewall/general.rst:329
+#: ../../configuration/firewall/bridge.rst:67
+#: ../../configuration/firewall/ipv4.rst:83
+#: ../../configuration/firewall/ipv6.rst:83
msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
@@ -7088,72 +6552,19 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918
msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
+#: ../../configuration/protocols/pim.rst:106
+msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
#: ../../_include/interface-ip.txt:72
msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
msgstr "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
msgid "If configured, reply only if the target IP address is local address configured on the incoming interface."
msgstr "If configured, reply only if the target IP address is local address configured on the incoming interface."
#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
msgstr "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
@@ -7161,7 +6572,7 @@ msgstr "If configured, try to avoid local addresses that are not in the target's
msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
-#: ../../configuration/nat/nat44.rst:542
+#: ../../configuration/nat/nat44.rst:564
msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
@@ -7169,7 +6580,15 @@ msgstr "If forwarding traffic to a different port than it is arriving on, you ma
msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
-#: ../../configuration/protocols/igmp.rst:221
+#: ../../configuration/firewall/index.rst:82
+msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:25
+msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+
+#: ../../configuration/protocols/igmp-proxy.rst:49
msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
@@ -7193,7 +6612,7 @@ msgstr "If multi-pathing is enabled, then check whether the routes not yet disti
msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
-#: ../../configuration/nat/nat44.rst:205
+#: ../../configuration/nat/nat44.rst:217
msgid "If no destination is specified the rule will match on any destination address and port."
msgstr "If no destination is specified the rule will match on any destination address and port."
@@ -7206,52 +6625,18 @@ msgid "If no option is specified, this defaults to `all`."
msgstr "If no option is specified, this defaults to `all`."
#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
msgstr "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
+#: ../../configuration/protocols/pim.rst:142
+msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+
#: ../../configuration/system/ip.rst:17
msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
@@ -7260,25 +6645,6 @@ msgid "If suffix is omitted, minutes are implied."
msgstr "If suffix is omitted, minutes are implied."
#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
msgstr "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
@@ -7318,6 +6684,14 @@ msgstr "If the average queue size is lower than the **min-threshold**, an arrivi
msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
+#: ../../configuration/firewall/index.rst:83
+msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:26
+msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+
#: ../../configuration/interfaces/bonding.rst:187
#: ../../configuration/interfaces/bonding.rst:216
msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash."
@@ -7339,7 +6713,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack
msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
-#: ../../configuration/vpn/site2site_ipsec.rst:237
+#: ../../configuration/vpn/site2site_ipsec.rst:241
msgid "If there is SNAT rules on eth1, need to add exclude rule"
msgstr "If there is SNAT rules on eth1, need to add exclude rule"
@@ -7348,7 +6722,7 @@ msgstr "If there is SNAT rules on eth1, need to add exclude rule"
msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
msgstr "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
-#: ../../configuration/service/dhcp-relay.rst:166
+#: ../../configuration/service/dhcp-relay.rst:168
msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
@@ -7356,53 +6730,15 @@ msgstr "If this is set the relay agent will insert the interface ID. This option
msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
-#: ../../configuration/vpn/sstp.rst:172
+#: ../../configuration/vpn/sstp.rst:183
msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
msgid "If this option is unset (default), reply for any local target IP address, configured on any interface."
msgstr "If this option is unset (default), reply for any local target IP address, configured on any interface."
@@ -7422,7 +6758,7 @@ msgstr "If unset, incoming connections to the RADIUS server will use the nearest
msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
-#: ../../configuration/nat/nat44.rst:788
+#: ../../configuration/nat/nat44.rst:810
msgid "If you've completed all the above steps you no doubt want to see if it's all working."
msgstr "If you've completed all the above steps you no doubt want to see if it's all working."
@@ -7473,6 +6809,10 @@ msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceilin
msgid "If you enable this, you will probably want to set diversity-factor and channel below."
msgstr "If you enable this, you will probably want to set diversity-factor and channel below."
+#: ../../configuration/protocols/pim.rst:54
+msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+
#: ../../configuration/interfaces/bonding.rst:312
msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
@@ -7493,6 +6833,10 @@ msgstr "If you have a lot of interfaces, and/or a lot of subnets, then enabling
msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
+#: ../../configuration/protocols/pim.rst:171
+msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+
#: ../../configuration/system/flow-accounting.rst:65
msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
@@ -7541,7 +6885,7 @@ msgstr "Ignore VRRP main interface faults"
msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
-#: ../../configuration/vpn/site2site_ipsec.rst:275
+#: ../../configuration/vpn/site2site_ipsec.rst:279
msgid "Imagine the following topology"
msgstr "Imagine the following topology"
@@ -7574,35 +6918,14 @@ msgid "In VyOS, a class is identified by a number you can choose when configurin
msgstr "In VyOS, a class is identified by a number you can choose when configuring it."
#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
msgid "In :rfc:`3069` it is called VLAN Aggregation"
msgstr "In :rfc:`3069` it is called VLAN Aggregation"
-#: ../../configuration/firewall/zone.rst:41
+#: ../../configuration/firewall/zone.rst:60
msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
@@ -7611,8 +6934,6 @@ msgid "In a minimal configuration, the following must be provided:"
msgstr "In a minimal configuration, the following must be provided:"
#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
@@ -7632,15 +6953,9 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service
msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
#: ../../configuration/pki/index.rst:144
#: ../../configuration/pki/index.rst:159
+#: ../../configuration/pki/pki_cli_import_help.txt:1
msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
@@ -7656,8 +6971,7 @@ msgstr "In addition you will specifiy the IP address or FQDN for the client wher
msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
-#: ../../configuration/firewall/general.rst:194
-#: ../../configuration/firewall/general-legacy.rst:170
+#: ../../configuration/firewall/groups.rst:21
msgid "In an **address group** a single IP address or IP address ranges are defined."
msgstr "In an **address group** a single IP address or IP address ranges are defined."
@@ -7681,6 +6995,10 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random
msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
+#: ../../configuration/firewall/bridge.rst:70
+msgid "In firewall bridge rules, the action can be:"
+msgstr "In firewall bridge rules, the action can be:"
+
#: ../../configuration/protocols/ospf.rst:339
msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
@@ -7693,7 +7011,7 @@ msgstr "In large deployments it is not reasonable to configure each user individ
msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
-#: ../../configuration/service/dhcp-server.rst:196
+#: ../../configuration/service/dhcp-server.rst:161
msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
msgstr "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
@@ -7721,42 +7039,35 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps
msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
-#: ../../configuration/service/dhcp-server.rst:691
+#: ../../configuration/service/dhcp-server.rst:623
msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
+#: ../../configuration/interfaces/vxlan.rst:82
+msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+
#: ../../configuration/trafficpolicy/index.rst:402
msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
+#: ../../configuration/protocols/pim.rst:87
+msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+
#: ../../configuration/interfaces/ethernet.rst:95
msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
-#: ../../configuration/nat/nat44.rst:382
+#: ../../configuration/firewall/flowtables.rst:59
+msgid "In order to use flowtables, the minimal configuration needed includes:"
+msgstr "In order to use flowtables, the minimal configuration needed includes:"
+
+#: ../../configuration/nat/nat44.rst:396
msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
msgstr "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
msgid "In other words it allows control of which cards (usually 1) will respond to an arp request."
msgstr "In other words it allows control of which cards (usually 1) will respond to an arp request."
@@ -7764,7 +7075,7 @@ msgstr "In other words it allows control of which cards (usually 1) will respond
msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
msgstr "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
-#: ../../configuration/nat/nat44.rst:507
+#: ../../configuration/nat/nat44.rst:527
msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
@@ -7812,15 +7123,15 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound
msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
-#: ../../configuration/service/pppoe-server.rst:272
+#: ../../configuration/service/pppoe-server.rst:259
msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
-#: ../../configuration/nat/nat44.rst:321
+#: ../../configuration/nat/nat44.rst:333
msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
-#: ../../configuration/system/login.rst:397
+#: ../../configuration/system/login.rst:399
msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
@@ -7832,7 +7143,7 @@ msgstr "In the following example, the IPs for the remote clients are defined in
msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
msgstr "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
-#: ../../configuration/protocols/igmp.rst:37
+#: ../../configuration/protocols/pim.rst:219
msgid "In the following example we can see a basic multicast setup:"
msgstr "In the following example we can see a basic multicast setup:"
@@ -7856,11 +7167,11 @@ msgstr "In this command tree, all hardware acceleration options will be handled.
msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
-#: ../../configuration/nat/nat44.rst:344
+#: ../../configuration/nat/nat44.rst:358
msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
-#: ../../configuration/nat/nat44.rst:498
+#: ../../configuration/nat/nat44.rst:518
msgid "In this example, we will be using the example Quick Start configuration above as a starting point."
msgstr "In this example, we will be using the example Quick Start configuration above as a starting point."
@@ -7880,10 +7191,38 @@ msgstr "In this example we will use the most complicated case: a setup where eac
msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
-#: ../../configuration/service/dns.rst:152
+#: ../../configuration/service/dns.rst:165
msgid "In this scenario:"
msgstr "In this scenario:"
+#: ../../configuration/firewall/ipv4.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/ipv6.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+
+#: ../../configuration/firewall/zone.rst:25
+msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:289
+msgid "In this section you can find all useful firewall op-mode commands."
+msgstr "In this section you can find all useful firewall op-mode commands."
+
#: ../../configuration/service/webproxy.rst:95
msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
msgstr "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
@@ -7896,7 +7235,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
-#: ../../configuration/firewall/zone.rst:24
+#: ../../configuration/firewall/zone.rst:43
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
@@ -7916,11 +7255,11 @@ msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octet
msgid "Indication"
msgstr "Indication"
-#: ../../configuration/service/dhcp-server.rst:84
+#: ../../configuration/service/dhcp-server.rst:64
msgid "Individual Client Subnet"
msgstr "Individual Client Subnet"
-#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:49
msgid "Inform client that the DNS server can be found at `<address>`."
msgstr "Inform client that the DNS server can be found at `<address>`."
@@ -7940,53 +7279,19 @@ msgstr "Informational messages"
msgid "Input from `eth0` network interface"
msgstr "Input from `eth0` network interface"
+#: ../../configuration/firewall/bridge.rst:390
+msgid "Inspect logs:"
+msgstr "Inspect logs:"
+
#: ../../configuration/vpn/pptp.rst:32
msgid "Install the client software via apt and execute pptpsetup to generate the configuration."
msgstr "Install the client software via apt and execute pptpsetup to generate the configuration."
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/pppoe.rst:218
#: ../../configuration/interfaces/pppoe.rst:264
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/sstp-client.rst:90
#: ../../_include/interface-ip.txt:15
#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
@@ -7995,21 +7300,6 @@ msgid "Instead of password only authentication, 2FA password authentication + OT
msgstr "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:"
#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
msgstr "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
@@ -8035,7 +7325,7 @@ msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 1
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../configuration/firewall/general.rst:239
+#: ../../configuration/firewall/groups.rst:66
msgid "Interface Groups"
msgstr "Interface Groups"
@@ -8043,7 +7333,7 @@ msgstr "Interface Groups"
msgid "Interface Routes"
msgstr "Interface Routes"
-#: ../../configuration/protocols/igmp.rst:235
+#: ../../configuration/protocols/igmp-proxy.rst:63
msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
msgstr "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
@@ -8059,11 +7349,16 @@ msgstr "Interface for DHCP Relay Agent to forward requests out."
msgid "Interface for DHCP Relay Agent to listen for requests."
msgstr "Interface for DHCP Relay Agent to listen for requests."
+#: ../../configuration/protocols/pim.rst:133
+#: ../../configuration/protocols/pim.rst:186
+msgid "Interface specific commands"
+msgstr "Interface specific commands"
+
#: ../../configuration/service/conntrack-sync.rst:71
msgid "Interface to use for syncing conntrack entries."
msgstr "Interface to use for syncing conntrack entries."
-#: ../../configuration/interfaces/vxlan.rst:93
+#: ../../configuration/interfaces/vxlan.rst:114
msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
msgstr "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
@@ -8133,6 +7428,10 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis
msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
+#: ../../configuration/firewall/flowtables.rst:167
+msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+
#: ../../configuration/system/option.rst:111
msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
@@ -8150,7 +7449,7 @@ msgstr "It generates the keypair, which includes the public and private parts. T
msgid "It helps to support as HELPER only for planned restarts."
msgstr "It helps to support as HELPER only for planned restarts."
-#: ../../configuration/firewall/zone.rst:87
+#: ../../configuration/firewall/zone.rst:106
msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
@@ -8158,7 +7457,7 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b
msgid "It is compatible with Cisco (R) AnyConnect (R) clients."
msgstr "It is compatible with Cisco (R) AnyConnect (R) clients."
-#: ../../configuration/service/dhcp-server.rst:660
+#: ../../configuration/service/dhcp-server.rst:590
msgid "It is connected to ``eth1``"
msgstr "It is connected to ``eth1``"
@@ -8170,11 +7469,15 @@ msgstr "It is highly recommended to use SSH key authentication. By default there
msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
msgstr "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
+#: ../../configuration/nat/nat44.rst:574
+msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+
#: ../../configuration/nat/nat44.rst:549
msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
-#: ../../configuration/vrf/index.rst:503
+#: ../../configuration/vrf/index.rst:505
msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
@@ -8190,7 +7493,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because
msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
-#: ../../configuration/vrf/index.rst:494
+#: ../../configuration/vrf/index.rst:496
msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
@@ -8211,22 +7514,6 @@ msgid "It uses a stochastic model to classify incoming packets into different fl
msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
@@ -8258,11 +7545,11 @@ msgstr "Key Generation"
msgid "Key Management"
msgstr "Key Management"
-#: ../../configuration/vpn/site2site_ipsec.rst:374
+#: ../../configuration/vpn/site2site_ipsec.rst:383
msgid "Key Parameters:"
msgstr "Key Parameters:"
-#: ../../configuration/firewall/zone.rst:31
+#: ../../configuration/firewall/zone.rst:50
msgid "Key Points:"
msgstr "Key Points:"
@@ -8319,7 +7606,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`."
msgid "L2TPv3 options"
msgstr "L2TPv3 options"
-#: ../../configuration/vrf/index.rst:397
+#: ../../configuration/vrf/index.rst:399
msgid "L3VPN VRFs"
msgstr "L3VPN VRFs"
@@ -8360,19 +7647,19 @@ msgstr "Label Distribution Protocol"
msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
-#: ../../configuration/service/dhcp-server.rst:663
+#: ../../configuration/service/dhcp-server.rst:593
msgid "Lease time will be left at the default value which is 24 hours"
msgstr "Lease time will be left at the default value which is 24 hours"
-#: ../../configuration/service/dhcp-server.rst:369
+#: ../../configuration/service/dhcp-server.rst:336
msgid "Lease timeout in seconds (default: 86400)"
msgstr "Lease timeout in seconds (default: 86400)"
-#: ../../configuration/firewall/index.rst:47
+#: ../../configuration/firewall/index.rst:167
msgid "Legacy Firewall"
msgstr "Legacy Firewall"
-#: ../../configuration/interfaces/vxlan.rst:112
+#: ../../configuration/interfaces/vxlan.rst:133
msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
@@ -8404,7 +7691,7 @@ msgstr "Level 4 balancing"
msgid "Lifetime associated with the default router in units of seconds"
msgstr "Lifetime associated with the default router in units of seconds"
-#: ../../configuration/service/https.rst:72
+#: ../../configuration/service/https.rst:63
msgid "Lifetime in days; default is 365"
msgstr "Lifetime in days; default is 365"
@@ -8436,7 +7723,7 @@ msgstr "Limiter"
msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
-#: ../../configuration/system/login.rst:379
+#: ../../configuration/system/login.rst:381
msgid "Limits"
msgstr "Limits"
@@ -8452,7 +7739,7 @@ msgstr "Link MTU value placed in RAs, exluded in RAs if unset"
msgid "Link aggregation"
msgstr "Link aggregation"
-#: ../../configuration/nat/nat44.rst:372
+#: ../../configuration/nat/nat44.rst:386
msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
@@ -8480,7 +7767,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h
msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
-#: ../../configuration/policy/route-map.rst:360
+#: ../../configuration/policy/route-map.rst:362
msgid "List of well-known communities"
msgstr "List of well-known communities"
@@ -8504,15 +7791,15 @@ msgstr "Load-balancing algorithms to be used for distributind requests among the
msgid "Load-balancing schedule algorithm:"
msgstr "Load-balancing schedule algorithm:"
-#: ../../configuration/nat/nat44.rst:632
+#: ../../configuration/nat/nat44.rst:656
msgid "Load Balance"
msgstr "Load Balance"
-#: ../../configuration/service/pppoe-server.rst:256
+#: ../../configuration/service/pppoe-server.rst:243
msgid "Load Balancing"
msgstr "Load Balancing"
-#: ../../configuration/system/login.rst:420
+#: ../../configuration/system/login.rst:422
msgid "Load the container image in op-mode."
msgstr "Load the container image in op-mode."
@@ -8529,7 +7816,7 @@ msgstr "Local Configuration:"
msgid "Local Configuration - Annotated:"
msgstr "Local Configuration - Annotated:"
-#: ../../configuration/service/dhcp-server.rst:178
+#: ../../configuration/service/dhcp-server.rst:143
msgid "Local IP `<address>` used when communicating to the failover peer."
msgstr "Local IP `<address>` used when communicating to the failover peer."
@@ -8609,7 +7896,7 @@ msgstr "Log syslog messages to file specified via `<filename>`, for an explanati
msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
-#: ../../configuration/system/conntrack.rst:187
+#: ../../configuration/system/conntrack.rst:224
msgid "Log the connection tracking events per protocol."
msgstr "Log the connection tracking events per protocol."
@@ -8617,7 +7904,9 @@ msgstr "Log the connection tracking events per protocol."
msgid "Logging"
msgstr "Logging"
-#: ../../configuration/firewall/general.rst:412
+#: ../../configuration/firewall/bridge.rst:151
+#: ../../configuration/firewall/ipv4.rst:198
+#: ../../configuration/firewall/ipv6.rst:198
msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
@@ -8629,14 +7918,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact,
msgid "Login/User Management"
msgstr "Login/User Management"
-#: ../../configuration/system/login.rst:361
+#: ../../configuration/system/login.rst:363
msgid "Login Banner"
msgstr "Login Banner"
-#: ../../configuration/system/login.rst:381
+#: ../../configuration/system/login.rst:383
msgid "Login limits"
msgstr "Login limits"
+#: ../../configuration/protocols/isis.rst:306
+msgid "Loop Free Alternate (LFA)"
+msgstr "Loop Free Alternate (LFA)"
+
#: ../../configuration/interfaces/loopback.rst:7
msgid "Loopback"
msgstr "Loopback"
@@ -8660,8 +7953,7 @@ msgstr "MAC/PHY information"
msgid "MACVLAN - Pseudo Ethernet"
msgstr "MACVLAN - Pseudo Ethernet"
-#: ../../configuration/firewall/general.rst:282
-#: ../../configuration/firewall/general-legacy.rst:240
+#: ../../configuration/firewall/groups.rst:109
msgid "MAC Groups"
msgstr "MAC Groups"
@@ -8701,52 +7993,14 @@ msgstr "MPLS"
msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
msgstr "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/pppoe.rst:215
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/sstp-client.rst:87
#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
#: ../../configuration/interfaces/pppoe.rst:261
#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
@@ -8758,11 +8012,19 @@ msgstr "MTU"
msgid "Mail system"
msgstr "Mail system"
+#: ../../configuration/firewall/index.rst:20
+msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+
+#: ../../configuration/firewall/index.rst:91
+msgid "Main structure VyOS firewall cli is shown next:"
+msgstr "Main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/firewall/general.rst:20
msgid "Main structure is shown next:"
msgstr "Main structure is shown next:"
-#: ../../configuration/service/pppoe-server.rst:308
+#: ../../configuration/service/pppoe-server.rst:295
msgid "Maintenance mode"
msgstr "Maintenance mode"
@@ -8786,11 +8048,15 @@ msgstr "Mandatory Settings"
msgid "Manual Neighbor Configuration"
msgstr "Manual Neighbor Configuration"
-#: ../../configuration/interfaces/vxlan.rst:150
+#: ../../configuration/pki/index.rst:336
+msgid "Manually trigger certificate renewal. This will be done twice a day."
+msgstr "Manually trigger certificate renewal. This will be done twice a day."
+
+#: ../../configuration/interfaces/vxlan.rst:171
msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
-#: ../../configuration/vpn/sstp.rst:212
+#: ../../configuration/vpn/sstp.rst:223
msgid "Mark RADIUS server as offline for this given `<time>` in seconds."
msgstr "Mark RADIUS server as offline for this given `<time>` in seconds."
@@ -8810,7 +8076,8 @@ msgstr "Match BGP large communities."
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
-#: ../../configuration/firewall/general.rst:710
+#: ../../configuration/firewall/ipv4.rst:440
+#: ../../configuration/firewall/ipv6.rst:447
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
@@ -8822,18 +8089,18 @@ msgstr "Match RPKI validation result."
msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
-#: ../../configuration/firewall/general.rst:1091
-#: ../../configuration/firewall/general-legacy.rst:671
+#: ../../configuration/firewall/ipv4.rst:773
+#: ../../configuration/firewall/ipv6.rst:783
msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
-#: ../../configuration/firewall/general.rst:1158
-#: ../../configuration/firewall/general-legacy.rst:709
+#: ../../configuration/firewall/ipv4.rst:831
+#: ../../configuration/firewall/ipv6.rst:840
msgid "Match against the state of a packet."
msgstr "Match against the state of a packet."
-#: ../../configuration/firewall/general.rst:924
-#: ../../configuration/firewall/general-legacy.rst:590
+#: ../../configuration/firewall/ipv4.rst:620
+#: ../../configuration/firewall/ipv6.rst:630
msgid "Match based on dscp value."
msgstr "Match based on dscp value."
@@ -8841,18 +8108,28 @@ msgstr "Match based on dscp value."
msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
-#: ../../configuration/firewall/general.rst:937
-#: ../../configuration/firewall/general-legacy.rst:597
+#: ../../configuration/firewall/ipv4.rst:631
+#: ../../configuration/firewall/ipv6.rst:641
msgid "Match based on fragment criteria."
msgstr "Match based on fragment criteria."
-#: ../../configuration/firewall/general.rst:956
-#: ../../configuration/firewall/general-legacy.rst:604
+#: ../../configuration/firewall/ipv4.rst:642
+msgid "Match based on icmp code and type."
+msgstr "Match based on icmp code and type."
+
+#: ../../configuration/firewall/ipv4.rst:653
+msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:663
+msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:652
#: ../../configuration/policy/route.rst:131
msgid "Match based on icmp|icmpv6 code and type."
msgstr "Match based on icmp|icmpv6 code and type."
-#: ../../configuration/firewall/general.rst:975
#: ../../configuration/firewall/general-legacy.rst:610
msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
@@ -8869,8 +8146,20 @@ msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. Fo
msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1013
-#: ../../configuration/firewall/general-legacy.rst:630
+#: ../../configuration/firewall/bridge.rst:239
+#: ../../configuration/firewall/ipv4.rst:663
+#: ../../configuration/firewall/ipv6.rst:673
+msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:248
+#: ../../configuration/firewall/ipv4.rst:674
+#: ../../configuration/firewall/ipv6.rst:684
+msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:707
+#: ../../configuration/firewall/ipv6.rst:717
msgid "Match based on ipsec criteria."
msgstr "Match based on ipsec criteria."
@@ -8878,53 +8167,77 @@ msgstr "Match based on ipsec criteria."
msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1064
-#: ../../configuration/firewall/general-legacy.rst:656
+#: ../../configuration/firewall/bridge.rst:256
+#: ../../configuration/firewall/ipv4.rst:684
+#: ../../configuration/firewall/ipv6.rst:694
+msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:265
+#: ../../configuration/firewall/ipv4.rst:695
+#: ../../configuration/firewall/ipv6.rst:705
+msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:750
+#: ../../configuration/firewall/ipv6.rst:760
#: ../../configuration/policy/route.rst:176
msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
-#: ../../configuration/firewall/general.rst:1078
-#: ../../configuration/firewall/general-legacy.rst:664
+#: ../../configuration/firewall/ipv4.rst:762
+#: ../../configuration/firewall/ipv6.rst:772
#: ../../configuration/policy/route.rst:184
msgid "Match based on packet type criteria."
msgstr "Match based on packet type criteria."
-#: ../../configuration/firewall/general.rst:1039
-#: ../../configuration/firewall/general-legacy.rst:644
+#: ../../configuration/firewall/ipv4.rst:729
+#: ../../configuration/firewall/ipv6.rst:739
msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
-#: ../../configuration/firewall/general.rst:1026
-#: ../../configuration/firewall/general-legacy.rst:637
+#: ../../configuration/firewall/ipv4.rst:718
+#: ../../configuration/firewall/ipv6.rst:728
msgid "Match based on the maximum number of packets to allow in excess of rate."
msgstr "Match based on the maximum number of packets to allow in excess of rate."
-#: ../../configuration/firewall/general.rst:1124
-#: ../../configuration/firewall/general-legacy.rst:689
+#: ../../configuration/firewall/bridge.rst:273
+msgid "Match based on vlan ID. Range is also supported."
+msgstr "Match based on vlan ID. Range is also supported."
+
+#: ../../configuration/firewall/bridge.rst:280
+msgid "Match based on vlan priority(pcp). Range is also supported."
+msgstr "Match based on vlan priority(pcp). Range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:801
+#: ../../configuration/firewall/ipv6.rst:810
msgid "Match bases on recently seen sources."
msgstr "Match bases on recently seen sources."
-#: ../../configuration/firewall/general.rst:562
-#: ../../configuration/firewall/general-legacy.rst:394
+#: ../../configuration/firewall/ipv4.rst:325
+#: ../../configuration/firewall/ipv6.rst:325
msgid "Match criteria based on connection mark."
msgstr "Match criteria based on connection mark."
-#: ../../configuration/firewall/general.rst:549
-#: ../../configuration/firewall/general-legacy.rst:387
+#: ../../configuration/firewall/ipv4.rst:314
+#: ../../configuration/firewall/ipv6.rst:314
msgid "Match criteria based on nat connection status."
msgstr "Match criteria based on nat connection status."
-#: ../../configuration/firewall/general.rst:586
+#: ../../configuration/firewall/ipv4.rst:345
+#: ../../configuration/firewall/ipv6.rst:345
msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
+#: ../../configuration/firewall/bridge.rst:232
+msgid "Match criteria based on source and/or destination mac-address."
+msgstr "Match criteria based on source and/or destination mac-address."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:58
msgid "Match domain name"
msgstr "Match domain name"
-#: ../../configuration/firewall/general.rst:1234
-#: ../../configuration/firewall/general-legacy.rst:732
+#: ../../configuration/firewall/ipv6.rst:894
#: ../../configuration/policy/route.rst:234
msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
@@ -8937,19 +8250,19 @@ msgstr "Match local preference."
msgid "Match route metric."
msgstr "Match route metric."
-#: ../../configuration/firewall/general.rst:1222
-#: ../../configuration/firewall/general-legacy.rst:726
+#: ../../configuration/firewall/ipv4.rst:885
#: ../../configuration/policy/route.rst:229
msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
-#: ../../configuration/firewall/general.rst:1259
-#: ../../configuration/firewall/general-legacy.rst:742
+#: ../../configuration/firewall/ipv4.rst:906
+#: ../../configuration/firewall/ipv6.rst:915
msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
-#: ../../configuration/firewall/general.rst:534
-#: ../../configuration/firewall/general-legacy.rst:378
+#: ../../configuration/firewall/bridge.rst:219
+#: ../../configuration/firewall/ipv4.rst:301
+#: ../../configuration/firewall/ipv6.rst:301
#: ../../configuration/policy/route.rst:38
msgid "Matching criteria"
msgstr "Matching criteria"
@@ -8966,7 +8279,7 @@ msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets"
msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
-#: ../../configuration/vpn/sstp.rst:148
+#: ../../configuration/vpn/sstp.rst:159
msgid "Maximum number of IPv4 nameservers"
msgstr "Maximum number of IPv4 nameservers"
@@ -8978,7 +8291,11 @@ msgstr "Maximum number of authenticator processes to spawn. If you start too few
msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
-#: ../../configuration/vpn/sstp.rst:239
+#: ../../configuration/service/dns.rst:148
+msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+
+#: ../../configuration/vpn/sstp.rst:250
msgid "Maximum number of tries to send Access-Request/Accounting-Request queries"
msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries"
@@ -9010,6 +8327,26 @@ msgstr "Metris version, the default is ``2``"
msgid "Min and max intervals between unsolicited multicast RAs"
msgstr "Min and max intervals between unsolicited multicast RAs"
+#: ../../configuration/firewall/flowtables.rst:106
+msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+
+#: ../../configuration/protocols/pim.rst:49
+msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+
+#: ../../configuration/protocols/pim.rst:59
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
+#: ../../configuration/protocols/pim.rst:98
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+
+#: ../../configuration/protocols/pim.rst:82
+msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+
#: ../../configuration/interfaces/wireless.rst:22
msgid "Monitor, the system passively monitors any kind of wireless traffic"
msgstr "Monitor, the system passively monitors any kind of wireless traffic"
@@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN
msgid "Mount a volume into the container"
msgstr "Mount a volume into the container"
-#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:235
msgid "Multi"
msgstr "Multi"
@@ -9046,16 +8383,15 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa
msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
-#: ../../configuration/service/dhcp-server.rst:392
+#: ../../configuration/service/dhcp-server.rst:359
msgid "Multi: can be specified multiple times."
msgstr "Multi: can be specified multiple times."
-#: ../../configuration/interfaces/vxlan.rst:89
-#: ../../configuration/protocols/igmp.rst:7
+#: ../../configuration/interfaces/vxlan.rst:110
msgid "Multicast"
msgstr "Multicast"
-#: ../../configuration/interfaces/vxlan.rst:209
+#: ../../configuration/interfaces/vxlan.rst:230
msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
msgstr "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
@@ -9063,11 +8399,15 @@ msgstr "Multicast-routing is required for the leaves to forward traffic between
msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
msgstr "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
-#: ../../configuration/interfaces/vxlan.rst:105
+#: ../../configuration/service/mdns.rst:8
+msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+
+#: ../../configuration/interfaces/vxlan.rst:126
msgid "Multicast VXLAN"
msgstr "Multicast VXLAN"
-#: ../../configuration/interfaces/vxlan.rst:99
+#: ../../configuration/interfaces/vxlan.rst:120
msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
@@ -9075,7 +8415,7 @@ msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built
msgid "Multicast group to use for syncing conntrack entries."
msgstr "Multicast group to use for syncing conntrack entries."
-#: ../../configuration/protocols/igmp.rst:26
+#: ../../configuration/protocols/pim.rst:22
msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
@@ -9083,8 +8423,8 @@ msgstr "Multicast receivers will talk IGMP to their local router, so, besides ha
msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
-#: ../../configuration/service/dhcp-server.rst:59
-#: ../../configuration/service/dhcp-server.rst:106
+#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:92
msgid "Multiple DNS servers can be defined."
msgstr "Multiple DNS servers can be defined."
@@ -9096,7 +8436,7 @@ msgstr "Multiple RPKI caching instances can be supplied and they need a preferen
msgid "Multiple Uplinks"
msgstr "Multiple Uplinks"
-#: ../../configuration/interfaces/vxlan.rst:144
+#: ../../configuration/interfaces/vxlan.rst:165
msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
@@ -9108,7 +8448,7 @@ msgstr "Multiple aliases can pe specified per host-name."
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
-#: ../../configuration/system/conntrack.rst:122
+#: ../../configuration/system/conntrack.rst:150
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
@@ -9125,12 +8465,12 @@ msgstr "Multiple networks/client IP addresses can be configured."
msgid "Multiple servers can be specified."
msgstr "Multiple servers can be specified."
-#: ../../configuration/service/dns.rst:361
+#: ../../configuration/service/dns.rst:374
msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"
msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!"
-#: ../../configuration/firewall/general.rst:770
-#: ../../configuration/firewall/general-legacy.rst:515
+#: ../../configuration/firewall/ipv4.rst:494
+#: ../../configuration/firewall/ipv6.rst:500
msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
@@ -9147,18 +8487,18 @@ msgstr "Multiple users can connect to the same serial device but only one is all
msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
-#: ../../configuration/service/dhcp-server.rst:274
-#: ../../configuration/service/dhcp-server.rst:280
-#: ../../configuration/service/dhcp-server.rst:285
-#: ../../configuration/service/dhcp-server.rst:305
-#: ../../configuration/service/dhcp-server.rst:320
-#: ../../configuration/service/dhcp-server.rst:325
-#: ../../configuration/service/dhcp-server.rst:330
-#: ../../configuration/service/dhcp-server.rst:335
-#: ../../configuration/service/dhcp-server.rst:340
-#: ../../configuration/service/dhcp-server.rst:360
-#: ../../configuration/service/dhcp-server.rst:365
-#: ../../configuration/service/dhcp-server.rst:370
+#: ../../configuration/service/dhcp-server.rst:241
+#: ../../configuration/service/dhcp-server.rst:247
+#: ../../configuration/service/dhcp-server.rst:252
+#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:337
msgid "N"
msgstr "N"
@@ -9175,19 +8515,31 @@ msgstr "NAT, Routing, Firewall Interaction"
msgid "NAT44"
msgstr "NAT44"
+#: ../../configuration/nat/nat64.rst:5
+msgid "NAT64"
+msgstr "NAT64"
+
+#: ../../configuration/nat/nat64.rst:62
+msgid "NAT64 client configuration:"
+msgstr "NAT64 client configuration:"
+
+#: ../../configuration/nat/nat64.rst:44
+msgid "NAT64 server configuration:"
+msgstr "NAT64 server configuration:"
+
#: ../../configuration/nat/nat66.rst:5
msgid "NAT66(NPTv6)"
msgstr "NAT66(NPTv6)"
-#: ../../configuration/nat/nat44.rst:706
+#: ../../configuration/nat/nat44.rst:730
msgid "NAT Configuration"
msgstr "NAT Configuration"
-#: ../../configuration/nat/nat44.rst:287
+#: ../../configuration/nat/nat44.rst:299
msgid "NAT Load Balance"
msgstr "NAT Load Balance"
-#: ../../configuration/nat/nat44.rst:293
+#: ../../configuration/nat/nat44.rst:305
msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
@@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it
msgid "NAT Ruleset"
msgstr "NAT Ruleset"
-#: ../../configuration/nat/nat44.rst:686
+#: ../../configuration/nat/nat44.rst:710
msgid "NAT (specifically, Source NAT);"
msgstr "NAT (specifically, Source NAT);"
-#: ../../configuration/nat/nat44.rst:624
+#: ../../configuration/nat/nat44.rst:648
msgid "NAT before VPN"
msgstr "NAT before VPN"
-#: ../../configuration/nat/nat44.rst:677
-#: ../../configuration/nat/nat44.rst:677
+#: ../../configuration/nat/nat44.rst:701
msgid "NAT before VPN Topology"
msgstr "NAT before VPN Topology"
@@ -9236,7 +8587,7 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i
msgid "Name Server"
msgstr "Name Server"
-#: ../../configuration/service/dhcp-server.rst:389
+#: ../../configuration/service/dhcp-server.rst:356
msgid "Name of static mapping"
msgstr "Name of static mapping"
@@ -9244,11 +8595,11 @@ msgstr "Name of static mapping"
msgid "Name of the single table Only if set group-metrics single-table."
msgstr "Name of the single table Only if set group-metrics single-table."
-#: ../../configuration/service/dhcp-server.rst:329
+#: ../../configuration/service/dhcp-server.rst:296
msgid "Name or IPv4 address of TFTP server"
msgstr "Name or IPv4 address of TFTP server"
-#: ../../configuration/service/dhcp-server.rst:314
+#: ../../configuration/service/dhcp-server.rst:281
msgid "NetBIOS over TCP/IP name server"
msgstr "NetBIOS over TCP/IP name server"
@@ -9276,7 +8627,7 @@ msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the
msgid "NetFlow v5 example:"
msgstr "NetFlow v5 example:"
-#: ../../configuration/firewall/index.rst:16
+#: ../../configuration/firewall/index.rst:13
msgid "Netfilter based"
msgstr "Netfilter based"
@@ -9302,8 +8653,7 @@ msgstr "Network Control"
msgid "Network Emulator"
msgstr "Network Emulator"
-#: ../../configuration/firewall/general.rst:215
-#: ../../configuration/firewall/general-legacy.rst:191
+#: ../../configuration/firewall/groups.rst:42
msgid "Network Groups"
msgstr "Network Groups"
@@ -9315,7 +8665,7 @@ msgstr "Network ID (SSID) ``Enterprise-TEST``"
msgid "Network ID (SSID) ``TEST``"
msgstr "Network ID (SSID) ``TEST``"
-#: ../../configuration/protocols/igmp.rst:None
+#: ../../configuration/protocols/pim.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -9339,7 +8689,7 @@ msgstr "New user will use SHA/AES for authentication and privacy"
msgid "Next-hop interface for the route"
msgstr "Next-hop interface for the route"
-#: ../../configuration/vpn/openconnect.rst:205
+#: ../../configuration/vpn/openconnect.rst:212
msgid "Next it is necessary to configure 2FA for OpenConnect:"
msgstr "Next it is necessary to configure 2FA for OpenConnect:"
@@ -9428,7 +8778,7 @@ msgstr "Now we add the option to the scope, adapt to your setup"
msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
-#: ../../configuration/vpn/openconnect.rst:212
+#: ../../configuration/vpn/openconnect.rst:219
msgid "Now when connecting the user will first be asked for the password and then the OTP key."
msgstr "Now when connecting the user will first be asked for the password and then the OTP key."
@@ -9480,7 +8830,7 @@ msgstr "OTP-key generation"
msgid "Offloading"
msgstr "Offloading"
-#: ../../configuration/service/dhcp-server.rst:278
+#: ../../configuration/service/dhcp-server.rst:245
msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
@@ -9555,6 +8905,10 @@ msgstr "On the initiator, we need to set the remote-id option so that it can ide
msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
msgstr "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
+#: ../../configuration/protocols/pim.rst:120
+msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+
#: ../../configuration/vpn/rsa-keys.rst:57
msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
@@ -9564,25 +8918,6 @@ msgid "Once a class has a filter configured, you will also have to define what y
msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring."
#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
@@ -9606,6 +8941,10 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil
msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
+#: ../../configuration/firewall/flowtables.rst:38
+msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+
#: ../../configuration/service/pppoe-server.rst:63
msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
@@ -9614,11 +8953,11 @@ msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-addres
msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
-#: ../../configuration/service/pppoe-server.rst:224
+#: ../../configuration/service/pppoe-server.rst:211
msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
-#: ../../configuration/vpn/openconnect.rst:250
+#: ../../configuration/vpn/openconnect.rst:257
msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
@@ -9626,7 +8965,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c
msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
-#: ../../configuration/vpn/sstp.rst:295
+#: ../../configuration/vpn/sstp.rst:307
msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
@@ -9651,11 +8990,6 @@ msgid "One of the uses of Fair Queue might be the mitigation of Denial of Servic
msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks."
#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
@@ -9663,8 +8997,12 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgid "Only VRRP is supported. Required option."
msgstr "Only VRRP is supported. Required option."
-#: ../../configuration/firewall/general.rst:731
-#: ../../configuration/firewall/general-legacy.rst:490
+#: ../../configuration/service/https.rst:18
+msgid "Only allow certain IP addresses or prefixes to access the https webserver."
+msgstr "Only allow certain IP addresses or prefixes to access the https webserver."
+
+#: ../../configuration/firewall/ipv4.rst:459
+#: ../../configuration/firewall/ipv6.rst:466
msgid "Only in the source criteria, you can specify a mac-address."
msgstr "Only in the source criteria, you can specify a mac-address."
@@ -9672,22 +9010,7 @@ msgstr "Only in the source criteria, you can specify a mac-address."
msgid "Only one SRGB and default SPF Algorithm is supported"
msgstr "Only one SRGB and default SPF Algorithm is supported"
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
+#: ../../_include/interface-dhcp-options.txt:48
msgid "Only request an address from the DHCP server but do not request a default gateway."
msgstr "Only request an address from the DHCP server but do not request a default gateway."
@@ -9703,6 +9026,10 @@ msgstr "Only request an address from the SSTP server but do not install any defa
msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
+#: ../../configuration/interfaces/vxlan.rst:96
+msgid "Only works with a VXLAN device with external flag set."
+msgstr "Only works with a VXLAN device with external flag set."
+
#: ../../configuration/highavailability/index.rst:457
msgid "Op-mode check virtual-server status"
msgstr "Op-mode check virtual-server status"
@@ -9715,15 +9042,15 @@ msgstr "OpenConnect"
msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
-#: ../../configuration/vpn/openconnect.rst:274
+#: ../../configuration/vpn/openconnect.rst:281
msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
msgstr "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
-#: ../../configuration/vpn/openconnect.rst:267
+#: ../../configuration/vpn/openconnect.rst:274
msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
msgstr "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
-#: ../../configuration/vpn/openconnect.rst:228
+#: ../../configuration/vpn/openconnect.rst:235
msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
@@ -9778,27 +9105,34 @@ msgstr "Operating Modes"
#: ../../configuration/interfaces/virtual-ethernet.rst:55
#: ../../configuration/interfaces/wireless.rst:416
#: ../../configuration/interfaces/wwan.rst:79
-#: ../../configuration/pki/index.rst:252
-#: ../../configuration/protocols/igmp.rst:245
+#: ../../configuration/pki/index.rst:290
+#: ../../configuration/protocols/igmp-proxy.rst:73
#: ../../configuration/protocols/static.rst:183
#: ../../configuration/service/conntrack-sync.rst:103
#: ../../configuration/service/console-server.rst:76
#: ../../configuration/service/dhcp-relay.rst:124
-#: ../../configuration/service/dhcp-relay.rst:199
-#: ../../configuration/service/dns.rst:182
+#: ../../configuration/service/dhcp-relay.rst:201
+#: ../../configuration/service/dns.rst:195
#: ../../configuration/service/lldp.rst:71
+#: ../../configuration/service/mdns.rst:79
#: ../../configuration/service/ssh.rst:145
#: ../../configuration/service/webproxy.rst:330
#: ../../configuration/system/default-route.rst:25
#: ../../configuration/system/flow-accounting.rst:175
#: ../../configuration/vrf/index.rst:111
-#: ../../configuration/vrf/index.rst:321
-#: ../../configuration/vrf/index.rst:501
+#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:503
msgid "Operation"
msgstr "Operation"
-#: ../../configuration/firewall/general.rst:1307
-#: ../../configuration/firewall/general-legacy.rst:778
+#: ../../configuration/firewall/groups.rst:186
+#: ../../configuration/firewall/zone.rst:128
+msgid "Operation-mode"
+msgstr "Operation-mode"
+
+#: ../../configuration/firewall/bridge.rst:284
+#: ../../configuration/firewall/ipv4.rst:954
+#: ../../configuration/firewall/ipv6.rst:962
msgid "Operation-mode Firewall"
msgstr "Operation-mode Firewall"
@@ -9806,8 +9140,8 @@ msgstr "Operation-mode Firewall"
msgid "Operation Commands"
msgstr "Operation Commands"
-#: ../../configuration/service/dhcp-server.rst:512
-#: ../../configuration/service/dhcp-server.rst:732
+#: ../../configuration/service/dhcp-server.rst:412
+#: ../../configuration/service/dhcp-server.rst:664
#: ../../configuration/system/acceleration.rst:42
msgid "Operation Mode"
msgstr "Operation Mode"
@@ -9825,7 +9159,7 @@ msgstr "Operational Commands"
#: ../../configuration/protocols/bgp.rst:950
#: ../../configuration/protocols/mpls.rst:218
#: ../../configuration/protocols/ospf.rst:609
-#: ../../configuration/protocols/ospf.rst:1266
+#: ../../configuration/protocols/ospf.rst:1268
#: ../../configuration/protocols/rip.rst:193
msgid "Operational Mode Commands"
msgstr "Operational Mode Commands"
@@ -9843,11 +9177,11 @@ msgstr "Option"
msgid "Option 43 for UniFI"
msgstr "Option 43 for UniFI"
-#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:234
msgid "Option description"
msgstr "Option description"
-#: ../../configuration/service/dhcp-server.rst:265
+#: ../../configuration/service/dhcp-server.rst:232
msgid "Option number"
msgstr "Option number"
@@ -9886,15 +9220,19 @@ msgstr "Optional/default settings"
msgid "Optional Configuration"
msgstr "Optional Configuration"
+#: ../../configuration/protocols/pim.rst:123
+msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+
#: ../../configuration/container/index.rst:47
msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
#: ../../configuration/interfaces/openvpn.rst:631
#: ../../configuration/service/dhcp-relay.rst:53
-#: ../../configuration/service/dhcp-relay.rst:158
-#: ../../configuration/service/dhcp-server.rst:257
-#: ../../configuration/vpn/sstp.rst:219
+#: ../../configuration/service/dhcp-relay.rst:160
+#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/vpn/sstp.rst:230
msgid "Options"
msgstr "Options"
@@ -9918,11 +9256,11 @@ msgstr "Or **binary** prefixes."
msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
-#: ../../configuration/service/pppoe-server.rst:251
+#: ../../configuration/service/pppoe-server.rst:238
msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
-#: ../../configuration/nat/nat44.rst:512
+#: ../../configuration/nat/nat44.rst:532
msgid "Our configuration commands would be:"
msgstr "Our configuration commands would be:"
@@ -9962,9 +9300,14 @@ msgstr "Over UDP"
msgid "Override static-mapping's name-server with a custom one that will be sent only to this host."
msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host."
-#: ../../configuration/firewall/general.rst:11
-#: ../../configuration/firewall/general-legacy.rst:15
+#: ../../configuration/firewall/bridge.rst:13
+#: ../../configuration/firewall/flowtables.rst:13
+#: ../../configuration/firewall/global-options.rst:11
+#: ../../configuration/firewall/ipv4.rst:11
+#: ../../configuration/firewall/ipv6.rst:11
+#: ../../configuration/firewall/zone.rst:11
#: ../../configuration/nat/nat44.rst:68
+#: ../../configuration/nat/nat64.rst:18
#: ../../configuration/nat/nat66.rst:15
msgid "Overview"
msgstr "Overview"
@@ -9973,8 +9316,8 @@ msgstr "Overview"
msgid "Overview and basic concepts"
msgstr "Overview and basic concepts"
-#: ../../configuration/firewall/general.rst:1461
-#: ../../configuration/firewall/general-legacy.rst:908
+#: ../../configuration/firewall/groups.rst:190
+#: ../../configuration/firewall/ipv6.rst:1117
msgid "Overview of defined groups. You see the type, the members, and where the group is used."
msgstr "Overview of defined groups. You see the type, the members, and where the group is used."
@@ -9994,14 +9337,22 @@ msgstr "PC2 is in VRF ``blue`` which is the development department"
msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
-#: ../../configuration/interfaces/vxlan.rst:109
+#: ../../configuration/interfaces/vxlan.rst:130
msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
msgstr "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
-#: ../../configuration/interfaces/vxlan.rst:120
+#: ../../configuration/interfaces/vxlan.rst:141
msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
msgstr "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
+#: ../../configuration/protocols/pim.rst:31
+msgid "PIM-SM - PIM Sparse Mode"
+msgstr "PIM-SM - PIM Sparse Mode"
+
+#: ../../configuration/protocols/pim6.rst:5
+msgid "PIM6 - Protocol Independent Multicast for IPv6"
+msgstr "PIM6 - Protocol Independent Multicast for IPv6"
+
#: ../../configuration/protocols/igmp.rst:16
msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) must be configured in every interfa
msgid "PIM and IGMP"
msgstr "PIM and IGMP"
+#: ../../configuration/protocols/pim.rst:7
+msgid "PIM – Protocol Independent Multicast"
+msgstr "PIM – Protocol Independent Multicast"
+
#: ../../configuration/protocols/pim6.rst:9
msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10022,7 +9377,7 @@ msgstr "PKI"
msgid "PPDU"
msgstr "PPDU"
-#: ../../configuration/vpn/sstp.rst:163
+#: ../../configuration/vpn/sstp.rst:174
msgid "PPP Settings"
msgstr "PPP Settings"
@@ -10054,11 +9409,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a
msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
msgstr "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
-#: ../../configuration/vpn/sstp.rst:155
+#: ../../configuration/vpn/sstp.rst:166
msgid "Path to `<file>` pointing to the certificate authority certificate."
msgstr "Path to `<file>` pointing to the certificate authority certificate."
-#: ../../configuration/vpn/sstp.rst:159
+#: ../../configuration/vpn/sstp.rst:170
msgid "Path to `<file>` pointing to the servers certificate (public portion)."
msgstr "Path to `<file>` pointing to the servers certificate (public portion)."
@@ -10102,7 +9457,7 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and
msgid "Per default every packet is sampled (that is, the sampling rate is 1)."
msgstr "Per default every packet is sampled (that is, the sampling rate is 1)."
-#: ../../configuration/service/pppoe-server.rst:336
+#: ../../configuration/service/pppoe-server.rst:323
msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
@@ -10127,29 +9482,6 @@ msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` wi
msgstr "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted."
#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
msgid "Place interface in given VRF instance."
msgstr "Place interface in given VRF instance."
@@ -10157,6 +9489,14 @@ msgstr "Place interface in given VRF instance."
msgid "Play an audible beep to the system speaker when system is ready."
msgstr "Play an audible beep to the system speaker when system is ready."
+#: ../../configuration/firewall/index.rst:137
+msgid "Please, refer to appropiate section for more information about firewall configuration:"
+msgstr "Please, refer to appropiate section for more information about firewall configuration:"
+
+#: ../../configuration/firewall/index.rst:138
+msgid "Please, refer to appropriate section for more information about firewall configuration:"
+msgstr "Please, refer to appropriate section for more information about firewall configuration:"
+
#: ../../configuration/service/ipoe-server.rst:23
msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
@@ -10173,24 +9513,11 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec
msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
-#: ../../configuration/service/dhcp-server.rst:423
+#: ../../configuration/service/dhcp-server.rst:364
msgid "Please see the :ref:`dhcp-dns-quick-start` configuration."
msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration."
#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
msgid "Please take a look at the Contributing Guide for our :ref:`documentation`."
msgstr "Please take a look at the Contributing Guide for our :ref:`documentation`."
@@ -10230,12 +9557,11 @@ msgstr "Policy Sections"
msgid "Policy for checking targets"
msgstr "Policy for checking targets"
-#: ../../configuration/system/conntrack.rst:152
+#: ../../configuration/system/conntrack.rst:57
msgid "Policy to track previously established connections."
msgstr "Policy to track previously established connections."
-#: ../../configuration/firewall/general.rst:257
-#: ../../configuration/firewall/general-legacy.rst:215
+#: ../../configuration/firewall/groups.rst:84
msgid "Port Groups"
msgstr "Port Groups"
@@ -10245,7 +9571,7 @@ msgstr "Port Groups"
msgid "Port Mirror (SPAN)"
msgstr "Port Mirror (SPAN)"
-#: ../../configuration/vpn/sstp.rst:231
+#: ../../configuration/vpn/sstp.rst:242
msgid "Port for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Port for Dynamic Authorization Extension server (DM/CoA)"
@@ -10261,16 +9587,11 @@ msgstr "Port number used by connection, default is ``9273``"
msgid "Port number used by connection."
msgstr "Port number used by connection."
-#: ../../configuration/service/https.rst:46
+#: ../../configuration/service/https.rst:37
msgid "Port to listen for HTTPS requests; default 443"
msgstr "Port to listen for HTTPS requests; default 443"
#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
@@ -10335,7 +9656,7 @@ msgstr "Preference associated with the default router"
msgid "Prefix Conversion"
msgstr "Prefix Conversion"
-#: ../../configuration/service/dhcp-server.rst:634
+#: ../../configuration/service/dhcp-server.rst:564
msgid "Prefix Delegation"
msgstr "Prefix Delegation"
@@ -10387,11 +9708,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's
msgid "Principle of SNMP Communication"
msgstr "Principle of SNMP Communication"
-#: ../../configuration/vrf/index.rst:530
+#: ../../configuration/vrf/index.rst:532
msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination."
msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination."
-#: ../../configuration/vrf/index.rst:509
+#: ../../configuration/vrf/index.rst:511
msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
@@ -10409,25 +9730,6 @@ msgid "Priority Queue, as other non-shaping policies, is only useful if your out
msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP."
#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
@@ -10455,8 +9757,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp."
msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
-#: ../../configuration/firewall/general.rst:212
-#: ../../configuration/firewall/general-legacy.rst:188
+#: ../../configuration/firewall/groups.rst:39
msgid "Provide a IPv4 or IPv6 address group description"
msgstr "Provide a IPv4 or IPv6 address group description"
@@ -10464,39 +9765,43 @@ msgstr "Provide a IPv4 or IPv6 address group description"
msgid "Provide a IPv4 or IPv6 network group description."
msgstr "Provide a IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:515
-#: ../../configuration/firewall/general-legacy.rst:334
+#: ../../configuration/firewall/ipv4.rst:285
+#: ../../configuration/firewall/ipv6.rst:285
#: ../../configuration/policy/route.rst:30
msgid "Provide a description for each rule."
msgstr "Provide a description for each rule."
-#: ../../configuration/firewall/general.rst:314
+#: ../../configuration/firewall/flowtables.rst:75
+msgid "Provide a description to the flow table."
+msgstr "Provide a description to the flow table."
+
+#: ../../configuration/firewall/groups.rst:141
msgid "Provide a domain group description."
msgstr "Provide a domain group description."
-#: ../../configuration/firewall/general.rst:297
+#: ../../configuration/firewall/groups.rst:124
msgid "Provide a mac group description."
msgstr "Provide a mac group description."
-#: ../../configuration/firewall/general.rst:279
-#: ../../configuration/firewall/general-legacy.rst:237
+#: ../../configuration/firewall/groups.rst:106
msgid "Provide a port group description."
msgstr "Provide a port group description."
-#: ../../configuration/firewall/general-legacy.rst:281
#: ../../configuration/policy/route.rst:20
msgid "Provide a rule-set description."
msgstr "Provide a rule-set description."
-#: ../../configuration/firewall/general.rst:503
+#: ../../configuration/firewall/bridge.rst:205
+#: ../../configuration/firewall/ipv4.rst:275
+#: ../../configuration/firewall/ipv6.rst:275
msgid "Provide a rule-set description to a custom firewall chain."
msgstr "Provide a rule-set description to a custom firewall chain."
-#: ../../configuration/firewall/general.rst:236
+#: ../../configuration/firewall/groups.rst:63
msgid "Provide an IPv4 or IPv6 network group description."
msgstr "Provide an IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:254
+#: ../../configuration/firewall/groups.rst:81
msgid "Provide an interface group description"
msgstr "Provide an interface group description"
@@ -10509,7 +9814,6 @@ msgid "Provides a backbone area coherence by virtual link establishment."
msgstr "Provides a backbone area coherence by virtual link establishment."
#: ../../_include/interface-per-client-thread.txt:4
-#: ../../_include/interface-per-client-thread.txt:4
msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
@@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64"
msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64"
#: ../../configuration/system/login.rst:234
-#: ../../configuration/vpn/sstp.rst:196
+#: ../../configuration/vpn/sstp.rst:207
msgid "RADIUS"
msgstr "RADIUS"
@@ -10604,7 +9908,7 @@ msgstr "RADIUS authentication"
msgid "RADIUS bandwidth shaping attribute"
msgstr "RADIUS bandwidth shaping attribute"
-#: ../../configuration/service/pppoe-server.rst:125
+#: ../../configuration/service/pppoe-server.rst:112
msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
@@ -10624,7 +9928,7 @@ msgstr "RADIUS source address"
msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
-#: ../../configuration/service/dhcp-server.rst:289
+#: ../../configuration/service/dhcp-server.rst:256
msgid "RFC 868 time server IPv4 address"
msgstr "RFC 868 time server IPv4 address"
@@ -10740,11 +10044,11 @@ msgstr "Recommended for larger installations."
msgid "Redirect HTTP to HTTPS"
msgstr "Redirect HTTP to HTTPS"
-#: ../../configuration/nat/nat44.rst:417
+#: ../../configuration/nat/nat44.rst:431
msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
-#: ../../configuration/nat/nat44.rst:413
+#: ../../configuration/nat/nat44.rst:427
msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
@@ -10755,7 +10059,7 @@ msgstr "Redirect URL to a new location"
#: ../../configuration/protocols/babel.rst:154
#: ../../configuration/protocols/bgp.rst:557
#: ../../configuration/protocols/ospf.rst:564
-#: ../../configuration/protocols/ospf.rst:1249
+#: ../../configuration/protocols/ospf.rst:1251
#: ../../configuration/protocols/rip.rst:136
msgid "Redistribution Configuration"
msgstr "Redistribution Configuration"
@@ -10764,7 +10068,7 @@ msgstr "Redistribution Configuration"
msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
-#: ../../configuration/service/dns.rst:265
+#: ../../configuration/service/dns.rst:278
msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
@@ -10790,22 +10094,7 @@ msgstr "Regular expression to match against an AS path. For example \"64501 6450
msgid "Regular expression to match against an extended community list, where text could be:"
msgstr "Regular expression to match against an extended community list, where text could be:"
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
+#: ../../_include/interface-dhcp-options.txt:71
msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
@@ -10858,7 +10147,7 @@ msgstr "Remote ``InfluxDB`` bucket name"
msgid "Remote database name."
msgstr "Remote database name."
-#: ../../configuration/service/dhcp-server.rst:182
+#: ../../configuration/service/dhcp-server.rst:147
msgid "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
msgstr "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
@@ -10883,25 +10172,10 @@ msgid "Replay protection"
msgstr "Replay protection"
#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
msgstr "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
-#: ../../configuration/service/dhcp-relay.rst:175
+#: ../../configuration/service/dhcp-relay.rst:177
msgid "Requests are forwarded through ``eth2`` as the `upstream interface`"
msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`"
@@ -10917,11 +10191,12 @@ msgstr "Requirements"
msgid "Requirements:"
msgstr "Requirements:"
-#: ../../configuration/firewall/general.rst:1279
+#: ../../configuration/firewall/ipv4.rst:926
+#: ../../configuration/firewall/ipv6.rst:935
msgid "Requirements to enable synproxy:"
msgstr "Requirements to enable synproxy:"
-#: ../../configuration/protocols/bgp.rst:1063
+#: ../../configuration/protocols/bgp.rst:1064
#: ../../configuration/protocols/mpls.rst:248
msgid "Reset"
msgstr "Reset"
@@ -10930,11 +10205,11 @@ msgstr "Reset"
msgid "Reset OpenVPN"
msgstr "Reset OpenVPN"
-#: ../../configuration/system/ipv6.rst:176
+#: ../../configuration/system/ipv6.rst:150
msgid "Reset commands"
msgstr "Reset commands"
-#: ../../configuration/service/dns.rst:186
+#: ../../configuration/service/dns.rst:199
msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
@@ -10946,7 +10221,7 @@ msgstr "Restart"
msgid "Restart DHCP relay service"
msgstr "Restart DHCP relay service"
-#: ../../configuration/service/dhcp-relay.rst:203
+#: ../../configuration/service/dhcp-relay.rst:205
msgid "Restart DHCPv6 relay agent immediately."
msgstr "Restart DHCPv6 relay agent immediately."
@@ -10954,11 +10229,15 @@ msgstr "Restart DHCPv6 relay agent immediately."
msgid "Restart a given container"
msgstr "Restart a given container"
-#: ../../configuration/service/dhcp-server.rst:528
+#: ../../configuration/service/mdns.rst:83
+msgid "Restart mDNS repeater service."
+msgstr "Restart mDNS repeater service."
+
+#: ../../configuration/service/dhcp-server.rst:428
msgid "Restart the DHCP server"
msgstr "Restart the DHCP server"
-#: ../../configuration/protocols/igmp.rst:249
+#: ../../configuration/protocols/igmp-proxy.rst:77
msgid "Restart the IGMP proxy process."
msgstr "Restart the IGMP proxy process."
@@ -10966,7 +10245,7 @@ msgstr "Restart the IGMP proxy process."
msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
-#: ../../configuration/service/dns.rst:191
+#: ../../configuration/service/dns.rst:204
msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
@@ -11012,7 +10291,7 @@ msgstr "Route Aggregation Configuration"
msgid "Route Dampening"
msgstr "Route Dampening"
-#: ../../configuration/protocols/bgp.rst:1188
+#: ../../configuration/protocols/bgp.rst:1189
msgid "Route Filtering"
msgstr "Route Filtering"
@@ -11052,7 +10331,7 @@ msgstr "Route and Route6 Policy"
msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
-#: ../../configuration/protocols/bgp.rst:1190
+#: ../../configuration/protocols/bgp.rst:1191
msgid "Route filter can be applied using a route-map:"
msgstr "Route filter can be applied using a route-map:"
@@ -11084,11 +10363,11 @@ msgstr "Router Lifetime"
msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
-#: ../../configuration/vrf/index.rst:423
+#: ../../configuration/vrf/index.rst:425
msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
-#: ../../configuration/protocols/isis.rst:413
+#: ../../configuration/protocols/isis.rst:441
msgid "Routes on Node 2:"
msgstr "Routes on Node 2:"
@@ -11120,13 +10399,13 @@ msgstr "Routing"
msgid "Routing tables that will be used in this example are:"
msgstr "Routing tables that will be used in this example are:"
-#: ../../configuration/firewall/general-legacy.rst:270
#: ../../configuration/policy/route.rst:10
msgid "Rule-Sets"
msgstr "Rule-Sets"
-#: ../../configuration/firewall/general.rst:1310
-#: ../../configuration/firewall/general-legacy.rst:781
+#: ../../configuration/firewall/bridge.rst:287
+#: ../../configuration/firewall/ipv4.rst:957
+#: ../../configuration/firewall/ipv6.rst:965
msgid "Rule-set overview"
msgstr "Rule-set overview"
@@ -11138,6 +10417,10 @@ msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forw
msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
+#: ../../configuration/firewall/flowtables.rst:151
+msgid "Rule 110 is hit, so connection is accepted."
+msgstr "Rule 110 is hit, so connection is accepted."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:257
msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
@@ -11146,7 +10429,9 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat
msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
-#: ../../configuration/firewall/general.rst:519
+#: ../../configuration/firewall/bridge.rst:208
+#: ../../configuration/firewall/ipv4.rst:288
+#: ../../configuration/firewall/ipv6.rst:288
msgid "Rule Status"
msgstr "Rule Status"
@@ -11162,7 +10447,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba
msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
-#: ../../configuration/service/dns.rst:378
+#: ../../configuration/service/dns.rst:391
msgid "Running Behind NAT"
msgstr "Running Behind NAT"
@@ -11170,6 +10455,10 @@ msgstr "Running Behind NAT"
msgid "SNAT"
msgstr "SNAT"
+#: ../../configuration/nat/nat64.rst:26
+msgid "SNAT64"
+msgstr "SNAT64"
+
#: ../../configuration/nat/nat66.rst:23
msgid "SNAT66"
msgstr "SNAT66"
@@ -11219,8 +10508,6 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se
msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used."
#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
@@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames"
msgstr "SSID to be used in IEEE 802.11 management frames"
#: ../../configuration/vpn/openconnect.rst:24
-#: ../../configuration/vpn/sstp.rst:151
+#: ../../configuration/vpn/sstp.rst:162
msgid "SSL Certificates"
msgstr "SSL Certificates"
@@ -11306,7 +10593,7 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut
msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
-#: ../../configuration/interfaces/vxlan.rst:153
+#: ../../configuration/interfaces/vxlan.rst:174
msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below."
msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below."
@@ -11326,11 +10613,11 @@ msgstr "Script execution"
msgid "Scripting"
msgstr "Scripting"
-#: ../../configuration/nat/nat44.rst:652
+#: ../../configuration/nat/nat44.rst:676
msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
-#: ../../configuration/vpn/sstp.rst:235
+#: ../../configuration/vpn/sstp.rst:246
msgid "Secret for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)"
@@ -11343,6 +10630,10 @@ msgstr "Security"
msgid "Security/authentication messages"
msgstr "Security/authentication messages"
+#: ../../configuration/protocols/pim.rst:109
+msgid "See :rfc:`7761#section-4.1` for details."
+msgstr "See :rfc:`7761#section-4.1` for details."
+
#: ../../configuration/system/ip.rst:52
msgid "See below the different parameters available for the IPv4 **show** command:"
msgstr "See below the different parameters available for the IPv4 **show** command:"
@@ -11371,11 +10662,15 @@ msgstr "Segment routing (SR) is used by the IGP protocols to interconnect networ
msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
msgstr "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
+#: ../../configuration/service/https.rst:50
+msgid "Select TLS version used."
+msgstr "Select TLS version used."
+
#: ../../configuration/interfaces/macsec.rst:34
msgid "Select cipher suite used for cryptographic operations. This setting is mandatory."
msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory."
-#: ../../configuration/vrf/index.rst:466
+#: ../../configuration/vrf/index.rst:468
msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
@@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the
msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)."
#: ../../configuration/interfaces/openvpn.rst:325
-#: ../../configuration/vpn/sstp.rst:199
+#: ../../configuration/vpn/sstp.rst:210
msgid "Server"
msgstr "Server"
@@ -11432,7 +10727,7 @@ msgstr "Server Side"
msgid "Server configuration"
msgstr "Server configuration"
-#: ../../configuration/service/https.rst:50
+#: ../../configuration/service/https.rst:41
msgid "Server names for virtual hosts it can be exact, wildcard or regex."
msgstr "Server names for virtual hosts it can be exact, wildcard or regex."
@@ -11457,19 +10752,19 @@ msgstr "Set BGP community-list to exactly match."
msgid "Set BGP local preference attribute."
msgstr "Set BGP local preference attribute."
-#: ../../configuration/policy/route-map.rst:334
+#: ../../configuration/policy/route-map.rst:336
msgid "Set BGP origin code."
msgstr "Set BGP origin code."
-#: ../../configuration/policy/route-map.rst:339
+#: ../../configuration/policy/route-map.rst:341
msgid "Set BGP originator ID attribute."
msgstr "Set BGP originator ID attribute."
-#: ../../configuration/policy/route-map.rst:357
+#: ../../configuration/policy/route-map.rst:359
msgid "Set BGP weight attribute"
msgstr "Set BGP weight attribute"
-#: ../../configuration/nat/nat44.rst:176
+#: ../../configuration/nat/nat44.rst:188
msgid "Set DNAT rule 20 to only NAT UDP packets"
msgstr "Set DNAT rule 20 to only NAT UDP packets"
@@ -11481,19 +10776,19 @@ msgstr "Set IPSec inbound match criterias, where:"
msgid "Set IP fragment match, where:"
msgstr "Set IP fragment match, where:"
-#: ../../configuration/policy/route-map.rst:329
+#: ../../configuration/policy/route-map.rst:331
msgid "Set OSPF external metric-type."
msgstr "Set OSPF external metric-type."
-#: ../../configuration/nat/nat44.rst:175
+#: ../../configuration/nat/nat44.rst:187
msgid "Set SNAT rule 20 to only NAT TCP and UDP packets"
msgstr "Set SNAT rule 20 to only NAT TCP and UDP packets"
-#: ../../configuration/nat/nat44.rst:189
+#: ../../configuration/nat/nat44.rst:201
msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
msgstr "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
-#: ../../configuration/nat/nat44.rst:191
+#: ../../configuration/nat/nat44.rst:203
msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
@@ -11501,11 +10796,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne
msgid "Set SSL certeficate <name> for service <name>"
msgstr "Set SSL certeficate <name> for service <name>"
-#: ../../configuration/firewall/general.rst:1271
+#: ../../configuration/firewall/ipv4.rst:918
+#: ../../configuration/firewall/ipv6.rst:927
msgid "Set TCP-MSS (maximum segment size) for the connection"
msgstr "Set TCP-MSS (maximum segment size) for the connection"
-#: ../../configuration/service/dns.rst:267
+#: ../../configuration/service/dns.rst:280
msgid "Set TTL to 300 seconds"
msgstr "Set TTL to 300 seconds"
@@ -11517,51 +10813,31 @@ msgstr "Set Virtual Tunnel Interface"
msgid "Set a container description"
msgstr "Set a container description"
-#: ../../configuration/system/conntrack.rst:114
+#: ../../configuration/system/conntrack.rst:113
+msgid "Set a destination and/or source address. Accepted input for ipv4:"
+msgstr "Set a destination and/or source address. Accepted input for ipv4:"
+
+#: ../../configuration/system/conntrack.rst:142
msgid "Set a destination and/or source port. Accepted input:"
msgstr "Set a destination and/or source port. Accepted input:"
#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
-#: ../../configuration/system/login.rst:385
+#: ../../configuration/system/login.rst:387
msgid "Set a limit on the maximum number of concurrent logged-in users on the system."
msgstr "Set a limit on the maximum number of concurrent logged-in users on the system."
-#: ../../configuration/firewall/zone.rst:79
+#: ../../configuration/firewall/zone.rst:98
msgid "Set a meaningful description."
msgstr "Set a meaningful description."
-#: ../../configuration/service/https.rst:18
+#: ../../configuration/service/https.rst:63
msgid "Set a named api key. Every key has the same, full permissions on the system."
msgstr "Set a named api key. Every key has the same, full permissions on the system."
-#: ../../configuration/system/conntrack.rst:92
+#: ../../configuration/system/conntrack.rst:106
msgid "Set a rule description."
msgstr "Set a rule description."
@@ -11693,7 +10969,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa
msgid "Set inbound interface to match."
msgstr "Set inbound interface to match."
-#: ../../configuration/firewall/zone.rst:65
+#: ../../configuration/firewall/zone.rst:84
msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
@@ -11737,7 +11013,7 @@ msgstr "Set maximum `<size>` of DHCP packets including relay agent information.
msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
msgstr "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
-#: ../../configuration/service/dhcp-relay.rst:162
+#: ../../configuration/service/dhcp-relay.rst:164
msgid "Set maximum hop count before packets are discarded, default: 10"
msgstr "Set maximum hop count before packets are discarded, default: 10"
@@ -11779,7 +11055,7 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP
msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
-#: ../../configuration/policy/route-map.rst:348
+#: ../../configuration/policy/route-map.rst:350
msgid "Set prefixes to table."
msgstr "Set prefixes to table."
@@ -11820,7 +11096,7 @@ msgstr "Set some metric to routes learned from a particular neighbor."
msgid "Set source-address to your local IP (LAN)."
msgstr "Set source-address to your local IP (LAN)."
-#: ../../configuration/policy/route-map.rst:344
+#: ../../configuration/policy/route-map.rst:346
msgid "Set source IP/IPv6 address for route."
msgstr "Set source IP/IPv6 address for route."
@@ -11829,7 +11105,7 @@ msgstr "Set source IP/IPv6 address for route."
msgid "Set source address or prefix to match."
msgstr "Set source address or prefix to match."
-#: ../../configuration/policy/route-map.rst:352
+#: ../../configuration/policy/route-map.rst:354
msgid "Set tag value for routing protocol."
msgstr "Set tag value for routing protocol."
@@ -11850,8 +11126,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel."
msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
-#: ../../configuration/firewall/general.rst:162
-#: ../../configuration/firewall/general-legacy.rst:112
+#: ../../configuration/firewall/global-options.rst:99
msgid "Set the IPv4 source validation mode. The following system parameter will be altered:"
msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:"
@@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2."
msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
msgstr "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
+#: ../../configuration/protocols/pim.rst:153
+msgid "Set the PIM hello and hold interval for a interface."
+msgstr "Set the PIM hello and hold interval for a interface."
+
#: ../../configuration/protocols/segment-routing.rst:56
#: ../../configuration/protocols/segment-routing.rst:134
msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535."
@@ -11896,6 +11175,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to
msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
+#: ../../configuration/protocols/pim.rst:147
+msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+
#: ../../configuration/interfaces/pppoe.rst:148
msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
@@ -11920,22 +11203,7 @@ msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instan
msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
+#: ../../_include/interface-dhcp-options.txt:60
msgid "Set the distance for the default gateway sent by the DHCP server."
msgstr "Set the distance for the default gateway sent by the DHCP server."
@@ -11951,15 +11219,15 @@ msgstr "Set the distance for the default gateway sent by the SSTP server."
msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
-#: ../../configuration/firewall/general-legacy.rst:136
+#: ../../configuration/firewall/global-options.rst:127
msgid "Set the global setting for an established connection."
msgstr "Set the global setting for an established connection."
-#: ../../configuration/firewall/general-legacy.rst:142
+#: ../../configuration/firewall/global-options.rst:137
msgid "Set the global setting for invalid packets."
msgstr "Set the global setting for invalid packets."
-#: ../../configuration/firewall/general-legacy.rst:148
+#: ../../configuration/firewall/global-options.rst:147
msgid "Set the global setting for related connections."
msgstr "Set the global setting for related connections."
@@ -11975,7 +11243,7 @@ msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...25
msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
-#: ../../configuration/system/conntrack.rst:147
+#: ../../configuration/system/conntrack.rst:52
msgid "Set the maximum number of TCP half-open connections."
msgstr "Set the maximum number of TCP half-open connections."
@@ -11995,7 +11263,7 @@ msgstr "Set the native VLAN ID flag of the interface. When a data packet without
msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value"
msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value"
-#: ../../configuration/system/conntrack.rst:157
+#: ../../configuration/system/conntrack.rst:62
msgid "Set the number of TCP maximum retransmit attempts."
msgstr "Set the number of TCP maximum retransmit attempts."
@@ -12027,6 +11295,10 @@ msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the
msgid "Set the restart behavior of the container."
msgstr "Set the restart behavior of the container."
+#: ../../configuration/policy/route-map.rst:323
+msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+
#: ../../configuration/policy/route.rst:269
msgid "Set the routing table to forward packet with."
msgstr "Set the routing table to forward packet with."
@@ -12043,11 +11315,11 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes
msgid "Set the source IP of forwarded packets, otherwise original senders address is used."
msgstr "Set the source IP of forwarded packets, otherwise original senders address is used."
-#: ../../configuration/system/conntrack.rst:83
+#: ../../configuration/system/conntrack.rst:97
msgid "Set the timeout in secounds for a protocol or state."
msgstr "Set the timeout in secounds for a protocol or state."
-#: ../../configuration/system/conntrack.rst:141
+#: ../../configuration/system/conntrack.rst:175
msgid "Set the timeout in secounds for a protocol or state in a custom rule."
msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
@@ -12056,7 +11328,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
-#: ../../configuration/firewall/general.rst:1275
+#: ../../configuration/firewall/ipv4.rst:922
+#: ../../configuration/firewall/ipv6.rst:931
msgid "Set the window scale factor for TCP window scaling"
msgstr "Set the window scale factor for TCP window scaling"
@@ -12068,7 +11341,7 @@ msgstr "Set window of concurrently valid codes."
msgid "Sets the image name in the hub registry"
msgstr "Sets the image name in the hub registry"
-#: ../../configuration/interfaces/vxlan.rst:299
+#: ../../configuration/interfaces/vxlan.rst:320
msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
msgstr "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
@@ -12076,7 +11349,7 @@ msgstr "Sets the interface to listen for multicast packets on. Could be a loopba
msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
msgstr "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
-#: ../../configuration/interfaces/vxlan.rst:306
+#: ../../configuration/interfaces/vxlan.rst:327
msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
@@ -12084,7 +11357,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates
msgid "Setting VRRP group priority"
msgstr "Setting VRRP group priority"
-#: ../../configuration/service/dhcp-server.rst:264
+#: ../../configuration/service/dhcp-server.rst:231
msgid "Setting name"
msgstr "Setting name"
@@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:"
msgid "Setting up tunnel:"
msgstr "Setting up tunnel:"
-#: ../../configuration/service/dhcp-server.rst:432
+#: ../../configuration/service/dhcp-server.rst:373
msgid "Setup DHCP failover for network 192.0.2.0/24"
msgstr "Setup DHCP failover for network 192.0.2.0/24"
@@ -12132,7 +11405,7 @@ msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server."
msgid "Setup the `<timeout>` in seconds when querying the TACACS server."
msgstr "Setup the `<timeout>` in seconds when querying the TACACS server."
-#: ../../configuration/service/dns.rst:314
+#: ../../configuration/service/dns.rst:327
msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
@@ -12172,7 +11445,7 @@ msgstr "Short GI capabilities for 20 and 40 MHz"
msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
-#: ../../configuration/vrf/index.rst:486
+#: ../../configuration/vrf/index.rst:488
msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
@@ -12181,16 +11454,17 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the
msgid "Show"
msgstr "Show"
-#: ../../configuration/service/dhcp-server.rst:516
+#: ../../configuration/service/dhcp-server.rst:416
msgid "Show DHCP server daemon log file"
msgstr "Show DHCP server daemon log file"
-#: ../../configuration/service/dhcp-server.rst:736
+#: ../../configuration/service/dhcp-server.rst:668
msgid "Show DHCPv6 server daemon log file"
msgstr "Show DHCPv6 server daemon log file"
-#: ../../configuration/firewall/general.rst:1482
-#: ../../configuration/firewall/general-legacy.rst:965
+#: ../../configuration/firewall/bridge.rst:306
+#: ../../configuration/firewall/ipv4.rst:1115
+#: ../../configuration/firewall/ipv6.rst:1138
msgid "Show Firewall log"
msgstr "Show Firewall log"
@@ -12198,6 +11472,22 @@ msgstr "Show Firewall log"
msgid "Show LLDP neighbors connected via interface `<interface>`."
msgstr "Show LLDP neighbors connected via interface `<interface>`."
+#: ../../configuration/service/ssh.rst:232
+msgid "Show SSH dynamic-protection log."
+msgstr "Show SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:224
+msgid "Show SSH server log."
+msgstr "Show SSH server log."
+
+#: ../../configuration/service/ssh.rst:248
+msgid "Show SSH server public key fingerprints, including a visual ASCII art representation."
+msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation."
+
+#: ../../configuration/service/ssh.rst:244
+msgid "Show SSH server public key fingerprints."
+msgstr "Show SSH server public key fingerprints."
+
#: ../../configuration/loadbalancing/wan.rst:271
msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
msgstr "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
@@ -12242,15 +11532,15 @@ msgstr "Show WWAN module signal strength."
msgid "Show a list available container networks"
msgstr "Show a list available container networks"
-#: ../../configuration/pki/index.rst:259
+#: ../../configuration/pki/index.rst:297
msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
-#: ../../configuration/pki/index.rst:294
+#: ../../configuration/pki/index.rst:332
msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
-#: ../../configuration/pki/index.rst:277
+#: ../../configuration/pki/index.rst:315
msgid "Show a list of installed certificates"
msgstr "Show a list of installed certificates"
@@ -12356,44 +11646,52 @@ msgstr "Show info about the Wireguard service. It also shows the latest handshak
msgid "Show information about physical `<interface>`"
msgstr "Show information about physical `<interface>`"
+#: ../../configuration/service/ssh.rst:240
+msgid "Show list of IPs currently blocked by SSH dynamic-protection."
+msgstr "Show list of IPs currently blocked by SSH dynamic-protection."
+
+#: ../../configuration/service/mdns.rst:87
+msgid "Show logs for mDNS repeater service."
+msgstr "Show logs for mDNS repeater service."
+
#: ../../configuration/container/index.rst:159
msgid "Show logs from a given container"
msgstr "Show logs from a given container"
-#: ../../configuration/service/dhcp-server.rst:520
+#: ../../configuration/service/dhcp-server.rst:420
msgid "Show logs from all DHCP client processes."
msgstr "Show logs from all DHCP client processes."
-#: ../../configuration/service/dhcp-server.rst:740
+#: ../../configuration/service/dhcp-server.rst:672
msgid "Show logs from all DHCPv6 client processes."
msgstr "Show logs from all DHCPv6 client processes."
-#: ../../configuration/service/dhcp-server.rst:524
+#: ../../configuration/service/dhcp-server.rst:424
msgid "Show logs from specific `interface` DHCP client process."
msgstr "Show logs from specific `interface` DHCP client process."
-#: ../../configuration/service/dhcp-server.rst:744
+#: ../../configuration/service/dhcp-server.rst:676
msgid "Show logs from specific `interface` DHCPv6 client process."
msgstr "Show logs from specific `interface` DHCPv6 client process."
-#: ../../configuration/pki/index.rst:273
+#: ../../configuration/pki/index.rst:311
msgid "Show only information for specified Certificate Authority."
msgstr "Show only information for specified Certificate Authority."
-#: ../../configuration/pki/index.rst:290
+#: ../../configuration/pki/index.rst:328
msgid "Show only information for specified certificate."
msgstr "Show only information for specified certificate."
-#: ../../configuration/service/dhcp-server.rst:562
-#: ../../configuration/service/dhcp-server.rst:767
+#: ../../configuration/service/dhcp-server.rst:478
+#: ../../configuration/service/dhcp-server.rst:699
msgid "Show only leases in the specified pool."
msgstr "Show only leases in the specified pool."
-#: ../../configuration/service/dhcp-server.rst:776
+#: ../../configuration/service/dhcp-server.rst:708
msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
-#: ../../configuration/service/dhcp-server.rst:571
+#: ../../configuration/service/dhcp-server.rst:496
msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
@@ -12405,19 +11703,23 @@ msgstr "Show routing table entry for the default route."
msgid "Show specific MACsec interface information"
msgstr "Show specific MACsec interface information"
-#: ../../configuration/vpn/site2site_ipsec.rst:217
+#: ../../configuration/vpn/site2site_ipsec.rst:221
msgid "Show status of new setup:"
msgstr "Show status of new setup:"
-#: ../../configuration/service/dhcp-server.rst:547
+#: ../../configuration/service/dhcp-server.rst:447
msgid "Show statuses of all active leases:"
msgstr "Show statuses of all active leases:"
-#: ../../configuration/service/dhcp-server.rst:532
+#: ../../configuration/service/dhcp-server.rst:465
+msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+
+#: ../../configuration/service/dhcp-server.rst:432
msgid "Show the DHCP server statistics:"
msgstr "Show the DHCP server statistics:"
-#: ../../configuration/service/dhcp-server.rst:543
+#: ../../configuration/service/dhcp-server.rst:443
msgid "Show the DHCP server statistics for the specified pool."
msgstr "Show the DHCP server statistics for the specified pool."
@@ -12437,11 +11739,22 @@ msgstr "Show the list of all active containers."
msgid "Show the local container images."
msgstr "Show the local container images."
-#: ../../configuration/firewall/general.rst:1486
#: ../../configuration/firewall/general-legacy.rst:969
msgid "Show the logs of a specific Rule-Set."
msgstr "Show the logs of a specific Rule-Set."
+#: ../../configuration/firewall/bridge.rst:316
+msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv4.rst:1125
+msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv6.rst:1148
+msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
#: ../../configuration/protocols/failover.rst:75
#: ../../configuration/protocols/failover.rst:101
msgid "Show the route"
@@ -12455,7 +11768,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP"
msgid "Showing BFD monitored static routes"
msgstr "Showing BFD monitored static routes"
-#: ../../configuration/service/dhcp-server.rst:752
+#: ../../configuration/service/dhcp-server.rst:684
msgid "Shows status of all assigned leases:"
msgstr "Shows status of all assigned leases:"
@@ -12483,7 +11796,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)"
msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
-#: ../../configuration/vpn/site2site_ipsec.rst:418
+#: ../../configuration/vpn/site2site_ipsec.rst:427
msgid "Similar combinations are applicable for the dead-peer-detection."
msgstr "Similar combinations are applicable for the dead-peer-detection."
@@ -12519,7 +11832,11 @@ msgstr "Since the RADIUS server would be a single point of failure, multiple RAD
msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
-#: ../../configuration/interfaces/vxlan.rst:136
+#: ../../configuration/service/mdns.rst:14
+msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+
+#: ../../configuration/interfaces/vxlan.rst:157
msgid "Single VXLAN device (SVD)"
msgstr "Single VXLAN device (SVD)"
@@ -12540,6 +11857,10 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor
msgid "Site to Site VPN"
msgstr "Site to Site VPN"
+#: ../../configuration/pki/index.rst:275
+msgid "Size of the RSA key."
+msgstr "Size of the RSA key."
+
#: ../../configuration/interfaces/bonding.rst:47
msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
@@ -12548,27 +11869,15 @@ msgstr "Slave selection for outgoing traffic is done according to the transmit h
msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
+#: ../../configuration/nat/nat44.rst:579
+msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+
#: ../../configuration/service/snmp.rst:245
msgid "SolarWinds"
msgstr "SolarWinds"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
@@ -12580,15 +11889,18 @@ msgstr "Some IT environments require the use of a proxy to connect to the Intern
msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
-#: ../../configuration/nat/nat44.rst:626
+#: ../../configuration/nat/nat44.rst:650
msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
-#: ../../configuration/firewall/general.rst:86
#: ../../configuration/firewall/general-legacy.rst:38
msgid "Some firewall settings are global and have an affect on the whole system."
msgstr "Some firewall settings are global and have an affect on the whole system."
+#: ../../configuration/firewall/global-options.rst:13
+msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+
#: ../../configuration/trafficpolicy/index.rst:327
msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
@@ -12621,15 +11933,15 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their
msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
-#: ../../configuration/service/dhcp-server.rst:771
+#: ../../configuration/service/dhcp-server.rst:703
msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
-#: ../../configuration/service/dhcp-server.rst:566
+#: ../../configuration/service/dhcp-server.rst:491
msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
-#: ../../configuration/nat/nat44.rst:226
+#: ../../configuration/nat/nat44.rst:238
msgid "Source Address"
msgstr "Source Address"
@@ -12637,7 +11949,7 @@ msgstr "Source Address"
msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
-#: ../../configuration/vpn/sstp.rst:257
+#: ../../configuration/vpn/sstp.rst:268
msgid "Source IPv4 address used in all RADIUS server queires."
msgstr "Source IPv4 address used in all RADIUS server queires."
@@ -12662,6 +11974,10 @@ msgid "Source protocol to match."
msgstr "Source protocol to match."
#: ../../configuration/vpn/ipsec.rst:225
+msgid "Source tunnel from dummy interface"
+msgstr "Source tunnel from dummy interface"
+
+#: ../../configuration/vpn/ipsec.rst:225
msgid "Source tunnel from loopbacks"
msgstr "Source tunnel from loopbacks"
@@ -12685,15 +12001,15 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings"
msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
-#: ../../configuration/vpn/sstp.rst:227
+#: ../../configuration/vpn/sstp.rst:238
msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
-#: ../../configuration/vpn/sstp.rst:183
+#: ../../configuration/vpn/sstp.rst:194
msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
-#: ../../configuration/vrf/index.rst:475
+#: ../../configuration/vrf/index.rst:477
msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
@@ -12705,6 +12021,10 @@ msgstr "Specifies an upstream network `<interface>` from which replies from `<se
msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
+#: ../../configuration/interfaces/vxlan.rst:89
+msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+
#: ../../configuration/interfaces/bonding.rst:40
msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
@@ -12737,7 +12057,7 @@ msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algori
msgid "Specifies the base DN under which the users are located."
msgstr "Specifies the base DN under which the users are located."
-#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:239
msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
@@ -12774,31 +12094,35 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4
msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
-#: ../../configuration/vrf/index.rst:450
+#: ../../configuration/vrf/index.rst:452
msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
-#: ../../configuration/vrf/index.rst:443
+#: ../../configuration/vrf/index.rst:445
msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
-#: ../../configuration/vpn/sstp.rst:270
+#: ../../configuration/vpn/sstp.rst:281
msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
-#: ../../configuration/vpn/sstp.rst:177
+#: ../../configuration/vpn/sstp.rst:188
msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
-#: ../../configuration/interfaces/vxlan.rst:72
+#: ../../configuration/interfaces/vxlan.rst:77
msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
+#: ../../configuration/interfaces/vxlan.rst:94
+msgid "Specifies whether the VXLAN device is capable of vni filtering."
+msgstr "Specifies whether the VXLAN device is capable of vni filtering."
+
#: ../../configuration/protocols/ospf.rst:268
msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
-#: ../../configuration/vpn/sstp.rst:261
+#: ../../configuration/vpn/sstp.rst:272
msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
@@ -12806,23 +12130,27 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat
msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
-#: ../../configuration/firewall/general.rst:663
-#: ../../configuration/firewall/general-legacy.rst:455
+#: ../../configuration/firewall/ipv4.rst:401
+#: ../../configuration/firewall/ipv6.rst:408
msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
-#: ../../configuration/service/dhcp-server.rst:620
+#: ../../configuration/service/dhcp-server.rst:550
msgid "Specify a NIS+ server address for DHCPv6 clients."
msgstr "Specify a NIS+ server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:615
+#: ../../configuration/service/dhcp-server.rst:545
msgid "Specify a NIS server address for DHCPv6 clients."
msgstr "Specify a NIS server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:625
+#: ../../configuration/service/dhcp-server.rst:555
msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
+#: ../../configuration/protocols/pim.rst:129
+msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+
#: ../../configuration/system/task-scheduler.rst:33
msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed."
msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed."
@@ -12870,42 +12198,10 @@ msgid "Specify the LDAP server to connect to."
msgstr "Specify the LDAP server to connect to."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
@@ -12929,7 +12225,7 @@ msgstr "Specify the systems `<timezone>` as the Region/Location that best define
msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
msgstr "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
-#: ../../configuration/service/dns.rst:256
+#: ../../configuration/service/dns.rst:269
msgid "Specify timeout / update interval to check if IP address changed."
msgstr "Specify timeout / update interval to check if IP address changed."
@@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed."
msgid "Specify timeout interval for keepalive message in seconds."
msgstr "Specify timeout interval for keepalive message in seconds."
-#: ../../configuration/interfaces/vxlan.rst:170
+#: ../../configuration/interfaces/vxlan.rst:191
msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
@@ -12953,7 +12249,11 @@ msgstr "Spoke"
msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
-#: ../../configuration/nat/nat44.rst:791
+#: ../../configuration/service/https.rst:56
+msgid "Start Webserver in given VRF."
+msgstr "Start Webserver in given VRF."
+
+#: ../../configuration/nat/nat44.rst:813
msgid "Start by checking for IPSec SAs (Security Associations) with:"
msgstr "Start by checking for IPSec SAs (Security Associations) with:"
@@ -12961,6 +12261,10 @@ msgstr "Start by checking for IPSec SAs (Security Associations) with:"
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
+#: ../../configuration/firewall/zone.rst:13
+msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+
#: ../../configuration/firewall/index.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
@@ -12981,7 +12285,7 @@ msgstr "Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functiona
msgid "Static"
msgstr "Static"
-#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/service/dhcp-server.rst:189
msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
msgstr "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
@@ -13009,13 +12313,13 @@ msgstr "Static Routing or other dynamic routing protocols can be used over the v
msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
-#: ../../configuration/service/dhcp-server.rst:209
-#: ../../configuration/service/dhcp-server.rst:689
+#: ../../configuration/service/dhcp-server.rst:174
+#: ../../configuration/service/dhcp-server.rst:621
msgid "Static mappings"
msgstr "Static mappings"
-#: ../../configuration/service/dhcp-server.rst:557
-#: ../../configuration/service/dhcp-server.rst:762
+#: ../../configuration/service/dhcp-server.rst:460
+#: ../../configuration/service/dhcp-server.rst:694
msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
@@ -13059,6 +12363,10 @@ msgstr "Supported Modules"
msgid "Supported channel width set."
msgstr "Supported channel width set."
+#: ../../configuration/system/frr.rst:30
+msgid "Supported daemons:"
+msgstr "Supported daemons:"
+
#: ../../configuration/service/router-advert.rst:11
msgid "Supported interface types:"
msgstr "Supported interface types:"
@@ -13096,15 +12404,18 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect
msgid "Sync groups"
msgstr "Sync groups"
-#: ../../configuration/firewall/general.rst:1264
+#: ../../configuration/firewall/ipv4.rst:911
+#: ../../configuration/firewall/ipv6.rst:920
msgid "Synproxy"
msgstr "Synproxy"
-#: ../../configuration/firewall/general.rst:1265
+#: ../../configuration/firewall/ipv4.rst:912
+#: ../../configuration/firewall/ipv6.rst:921
msgid "Synproxy connections"
msgstr "Synproxy connections"
-#: ../../configuration/firewall/general.rst:1282
+#: ../../configuration/firewall/ipv4.rst:929
+#: ../../configuration/firewall/ipv6.rst:938
msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
@@ -13177,7 +12488,7 @@ msgstr "System is unusable - a panic condition"
msgid "TACACS+"
msgstr "TACACS+"
-#: ../../configuration/system/login.rst:416
+#: ../../configuration/system/login.rst:418
msgid "TACACS Example"
msgstr "TACACS Example"
@@ -13226,6 +12537,14 @@ msgstr "Telegraf output plugin prometheus-client_"
msgid "Telegraf output plugin splunk_. HTTP Event Collector."
msgstr "Telegraf output plugin splunk_. HTTP Event Collector."
+#: ../../configuration/protocols/pim.rst:157
+msgid "Tell PIM that we would not like to use this interface to process bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process bootstrap messages."
+
+#: ../../configuration/protocols/pim.rst:162
+msgid "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+
#: ../../configuration/service/router-advert.rst:1
msgid "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
@@ -13234,7 +12553,7 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a
msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
-#: ../../configuration/vpn/sstp.rst:216
+#: ../../configuration/vpn/sstp.rst:227
msgid "Temporary disable this RADIUS server."
msgstr "Temporary disable this RADIUS server."
@@ -13266,15 +12585,19 @@ msgstr "Test disconnecting given connection-oriented interface. `<interface>` ca
msgid "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
msgstr "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
-#: ../../configuration/vpn/sstp.rst:293
+#: ../../configuration/nat/nat64.rst:70
+msgid "Test from the IPv6 only client:"
+msgstr "Test from the IPv6 only client:"
+
+#: ../../configuration/vpn/sstp.rst:305
msgid "Testing SSTP"
msgstr "Testing SSTP"
-#: ../../configuration/nat/nat44.rst:786
+#: ../../configuration/nat/nat44.rst:808
msgid "Testing and Validation"
msgstr "Testing and Validation"
-#: ../../configuration/interfaces/vxlan.rst:125
+#: ../../configuration/interfaces/vxlan.rst:146
msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
@@ -13282,7 +12605,7 @@ msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 wil
msgid "That is how it is possible to do the so-called \"ingress shaping\"."
msgstr "That is how it is possible to do the so-called \"ingress shaping\"."
-#: ../../configuration/nat/nat44.rst:806
+#: ../../configuration/nat/nat44.rst:828
msgid "That looks good - we defined 2 tunnels and they're both up and running."
msgstr "That looks good - we defined 2 tunnels and they're both up and running."
@@ -13290,7 +12613,7 @@ msgstr "That looks good - we defined 2 tunnels and they're both up and running."
msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
-#: ../../configuration/nat/nat44.rst:724
+#: ../../configuration/nat/nat44.rst:746
msgid "The ASP has documented their IPSec requirements:"
msgstr "The ASP has documented their IPSec requirements:"
@@ -13307,21 +12630,6 @@ msgid "The CLNS address consists of the following parts:"
msgstr "The CLNS address consists of the following parts:"
#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
@@ -13341,7 +12649,7 @@ msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tr
msgid "The HTTP service listen on TCP port 80."
msgstr "The HTTP service listen on TCP port 80."
-#: ../../configuration/nat/nat44.rst:505
+#: ../../configuration/nat/nat44.rst:525
msgid "The IP address of the internal system we wish to forward traffic to."
msgstr "The IP address of the internal system we wish to forward traffic to."
@@ -13365,7 +12673,7 @@ msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which
msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
-#: ../../configuration/vpn/openconnect.rst:287
+#: ../../configuration/vpn/openconnect.rst:294
msgid "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
msgstr "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
@@ -13393,18 +12701,22 @@ msgstr "The VXLAN specification was originally created by VMware, Arista Network
msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
-#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:173
msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
-#: ../../configuration/service/dns.rst:158
+#: ../../configuration/service/dns.rst:171
msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
-#: ../../configuration/service/dns.rst:162
+#: ../../configuration/service/dns.rst:175
msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
+#: ../../configuration/pki/index.rst:254
+msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+
#: ../../configuration/container/index.rst:7
msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
@@ -13466,14 +12778,19 @@ msgstr "The ``source-address`` must be configured on one of VyOS interface. Best
msgid "The `show bridge` operational command can be used to display configured bridges:"
msgstr "The `show bridge` operational command can be used to display configured bridges:"
-#: ../../configuration/vpn/openconnect.rst:246
+#: ../../configuration/vpn/openconnect.rst:253
msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
-#: ../../configuration/firewall/general.rst:332
+#: ../../configuration/firewall/ipv4.rst:86
+#: ../../configuration/firewall/ipv6.rst:86
msgid "The action can be :"
msgstr "The action can be :"
+#: ../../configuration/pki/index.rst:271
+msgid "The address the server listens to during http-01 challenge"
+msgstr "The address the server listens to during http-01 challenge"
+
#: ../../configuration/protocols/bgp.rst:775
msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
msgstr "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
@@ -13483,25 +12800,6 @@ msgid "The allocated address block is 100.64.0.0/10."
msgstr "The allocated address block is 100.64.0.0/10."
#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
msgid "The amount of Duplicate Address Detection probes to send."
msgstr "The amount of Duplicate Address Detection probes to send."
@@ -13525,7 +12823,7 @@ msgstr "The bonding interface provides a method for aggregating multiple network
msgid "The case of ingress shaping"
msgstr "The case of ingress shaping"
-#: ../../configuration/service/pppoe-server.rst:398
+#: ../../configuration/service/pppoe-server.rst:385
msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
@@ -13541,7 +12839,7 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then
msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
-#: ../../configuration/service/pppoe-server.rst:244
+#: ../../configuration/service/pppoe-server.rst:231
msgid "The command below enables it, assuming the RADIUS connection has been setup and is working."
msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working."
@@ -13557,9 +12855,9 @@ msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote syst
msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
-#: ../../configuration/service/dhcp-server.rst:244
-#: ../../configuration/service/dhcp-server.rst:670
-#: ../../configuration/service/dhcp-server.rst:712
+#: ../../configuration/service/dhcp-server.rst:210
+#: ../../configuration/service/dhcp-server.rst:601
+#: ../../configuration/service/dhcp-server.rst:644
msgid "The configuration will look as follows:"
msgstr "The configuration will look as follows:"
@@ -13579,7 +12877,7 @@ msgstr "The connection tracking expect table contains one entry for each expecte
msgid "The connection tracking table contains one entry for each connection being tracked by the system."
msgstr "The connection tracking table contains one entry for each connection being tracked by the system."
-#: ../../configuration/service/pppoe-server.rst:238
+#: ../../configuration/service/pppoe-server.rst:225
msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
@@ -13607,30 +12905,18 @@ msgstr "The default hostname used is `vyos`."
msgid "The default is 1492."
msgstr "The default is 1492."
-#: ../../configuration/service/dhcp-server.rst:596
+#: ../../configuration/service/dhcp-server.rst:526
msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
msgstr "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
-#: ../../configuration/interfaces/vxlan.rst:336
+#: ../../configuration/interfaces/vxlan.rst:357
msgid "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
msgstr "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
+#: ../../configuration/protocols/pim.rst:52
+msgid "The default time is 60 seconds."
+msgstr "The default time is 60 seconds."
+
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
msgid "The default value corresponds to 64."
msgstr "The default value corresponds to 64."
@@ -13643,7 +12929,15 @@ msgstr "The default value is 0. This will cause the carrier to be asserted (for
msgid "The default value is 300 seconds."
msgstr "The default value is 300 seconds."
-#: ../../configuration/service/dhcp-server.rst:113
+#: ../../configuration/protocols/pim.rst:214
+msgid "The default value is 3."
+msgstr "The default value is 3."
+
+#: ../../configuration/protocols/pim.rst:68
+msgid "The default value is 3 packets."
+msgstr "The default value is 3 packets."
+
+#: ../../configuration/service/dhcp-server.rst:99
msgid "The default value is 86400 seconds which corresponds to one day."
msgstr "The default value is 86400 seconds which corresponds to one day."
@@ -13655,25 +12949,29 @@ msgstr "The default value is slow."
msgid "The default values for the minimum-threshold depend on IP precedence:"
msgstr "The default values for the minimum-threshold depend on IP precedence:"
-#: ../../configuration/interfaces/vxlan.rst:313
+#: ../../configuration/interfaces/vxlan.rst:334
msgid "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
msgstr "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
-#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/interfaces/vxlan.rst:98
+msgid "The device can only receive packets with VNIs configured in the VNI filtering table."
+msgstr "The device can only receive packets with VNIs configured in the VNI filtering table."
+
+#: ../../configuration/service/dhcp-server.rst:165
msgid "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
msgstr "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
-#: ../../configuration/service/dhcp-server.rst:36
-#: ../../configuration/service/dhcp-server.rst:138
+#: ../../configuration/service/dhcp-server.rst:31
+#: ../../configuration/service/dhcp-server.rst:124
msgid "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
msgstr "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
-#: ../../configuration/service/dhcp-server.rst:45
-#: ../../configuration/service/dhcp-server.rst:145
+#: ../../configuration/service/dhcp-server.rst:40
+#: ../../configuration/service/dhcp-server.rst:131
msgid "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
msgstr "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
-#: ../../configuration/nat/nat44.rst:694
+#: ../../configuration/nat/nat44.rst:718
msgid "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
msgstr "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
@@ -13689,11 +12987,11 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co
msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
-#: ../../configuration/service/pppoe-server.rst:382
+#: ../../configuration/service/pppoe-server.rst:369
msgid "The example below covers a dual-stack configuration via pppoe-server."
msgstr "The example below covers a dual-stack configuration via pppoe-server."
-#: ../../configuration/service/pppoe-server.rst:361
+#: ../../configuration/service/pppoe-server.rst:348
msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
@@ -13705,7 +13003,7 @@ msgstr "The example configuration below will assign an IP to the client on the i
msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
-#: ../../configuration/nat/nat44.rst:319
+#: ../../configuration/nat/nat44.rst:331
msgid "The external IP address to translate to"
msgstr "The external IP address to translate to"
@@ -13730,23 +13028,18 @@ msgid "The first and arguably cleaner option is to make your IPsec policy match
msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses."
#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
msgid "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
msgstr "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
+#: ../../configuration/protocols/pim.rst:93
+msgid "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+msgstr "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+
#: ../../configuration/vpn/dmvpn.rst:63
msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
-#: ../../configuration/vpn/sstp.rst:299
+#: ../../configuration/vpn/sstp.rst:311
msgid "The following PPP configuration tests MSCHAP-v2:"
msgstr "The following PPP configuration tests MSCHAP-v2:"
@@ -13810,6 +13103,10 @@ msgstr "The following example topology was built using EVE-NG."
msgid "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
msgstr "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
+#: ../../configuration/nat/nat64.rst:40
+msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+
#: ../../configuration/interfaces/wwan.rst:309
msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
@@ -13839,7 +13136,7 @@ msgid "The forwarding delay time is the time spent in each of the listening and
msgstr "The forwarding delay time is the time spent in each of the listening and learning states before the Forwarding state is entered. This delay is so that when a new bridge comes onto a busy network it looks at some traffic before participating."
#: ../../configuration/service/dhcp-relay.rst:98
-#: ../../configuration/service/dhcp-relay.rst:184
+#: ../../configuration/service/dhcp-relay.rst:186
msgid "The generated configuration will look like:"
msgstr "The generated configuration will look like:"
@@ -13871,7 +13168,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w
msgid "The hostname or IP address of the master"
msgstr "The hostname or IP address of the master"
-#: ../../configuration/service/dhcp-server.rst:700
+#: ../../configuration/service/dhcp-server.rst:632
msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
@@ -13880,12 +13177,10 @@ msgid "The individual spoke configurations only differ in the local IP address o
msgstr "The individual spoke configurations only differ in the local IP address on the ``tun10`` interface. See the above diagram for the individual IP addresses."
#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
-#: ../../configuration/nat/nat44.rst:503
+#: ../../configuration/nat/nat44.rst:523
msgid "The interface traffic will be coming in on;"
msgstr "The interface traffic will be coming in on;"
@@ -13893,7 +13188,7 @@ msgstr "The interface traffic will be coming in on;"
msgid "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
msgstr "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
-#: ../../configuration/nat/nat44.rst:317
+#: ../../configuration/nat/nat44.rst:329
msgid "The internal IP addresses we want to translate"
msgstr "The internal IP addresses we want to translate"
@@ -13937,6 +13232,14 @@ msgstr "The local site will have a subnet of 10.0.0.0/16."
msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
+#: ../../configuration/firewall/index.rst:20
+msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+
+#: ../../configuration/firewall/index.rst:92
+msgid "The main structure VyOS firewall cli is shown next:"
+msgstr "The main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/interfaces/bonding.rst:271
msgid "The maximum number of targets that can be specified is 16. The default value is no IP address."
msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address."
@@ -13961,7 +13264,7 @@ msgstr "The minimal echo receive transmission interval that this system is capab
msgid "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
msgstr "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
-#: ../../configuration/interfaces/vxlan.rst:292
+#: ../../configuration/interfaces/vxlan.rst:313
msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
@@ -14010,12 +13313,10 @@ msgid "The optional parameter register specifies that Registration Request shoul
msgstr "The optional parameter register specifies that Registration Request should be sent to this peer on startup."
#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
msgid "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
msgstr "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
-#: ../../configuration/nat/nat44.rst:318
+#: ../../configuration/nat/nat44.rst:330
msgid "The outgoing interface to perform the translation on"
msgstr "The outgoing interface to perform the translation on"
@@ -14051,11 +13352,11 @@ msgstr "The prefix and ASN that originated it match a signed ROA. These are prob
msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
-#: ../../configuration/service/dhcp-server.rst:434
+#: ../../configuration/service/dhcp-server.rst:375
msgid "The primary DHCP server uses address `192.168.189.252`"
msgstr "The primary DHCP server uses address `192.168.189.252`"
-#: ../../configuration/service/dhcp-server.rst:193
+#: ../../configuration/service/dhcp-server.rst:158
msgid "The primary and secondary statements determines whether the server is primary or secondary."
msgstr "The primary and secondary statements determines whether the server is primary or secondary."
@@ -14067,7 +13368,7 @@ msgstr "The primary option is only valid for active-backup, transmit-load-balanc
msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
msgstr "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
-#: ../../configuration/service/dhcp-server.rst:609
+#: ../../configuration/service/dhcp-server.rst:539
msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
@@ -14075,7 +13376,7 @@ msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus
msgid "The prompt is adjusted to reflect this change in both config and op-mode."
msgstr "The prompt is adjusted to reflect this change in both config and op-mode."
-#: ../../configuration/nat/nat44.rst:504
+#: ../../configuration/nat/nat44.rst:524
msgid "The protocol and port we wish to forward;"
msgstr "The protocol and port we wish to forward;"
@@ -14124,7 +13425,7 @@ msgstr "The remote user will use the openconnect client to connect to the router
msgid "The required config file may look like this:"
msgstr "The required config file may look like this:"
-#: ../../configuration/nat/nat44.rst:683
+#: ../../configuration/nat/nat44.rst:707
msgid "The required configuration can be broken down into 4 major pieces:"
msgstr "The required configuration can be broken down into 4 major pieces:"
@@ -14160,7 +13461,7 @@ msgstr "The router should discard DHCP packages already containing relay agent i
msgid "The sFlow accounting based on hsflowd https://sflow.net/"
msgstr "The sFlow accounting based on hsflowd https://sflow.net/"
-#: ../../configuration/vpn/openconnect.rst:263
+#: ../../configuration/vpn/openconnect.rst:270
msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
@@ -14172,7 +13473,7 @@ msgstr "The scheme above doesn't work when one of the routers has a dynamic exte
msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
msgstr "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
-#: ../../configuration/service/dhcp-server.rst:435
+#: ../../configuration/service/dhcp-server.rst:376
msgid "The secondary DHCP server uses address `192.168.189.253`"
msgstr "The secondary DHCP server uses address `192.168.189.253`"
@@ -14184,7 +13485,7 @@ msgstr "The security approach in SNMPv3 targets:"
msgid "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
msgstr "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
-#: ../../configuration/interfaces/vxlan.rst:168
+#: ../../configuration/interfaces/vxlan.rst:189
msgid "The setup is this: Leaf2 - Spine1 - Leaf3"
msgstr "The setup is this: Leaf2 - Spine1 - Leaf3"
@@ -14197,11 +13498,6 @@ msgid "The speed (baudrate) of the console device. Supported values are:"
msgstr "The speed (baudrate) of the console device. Supported values are:"
#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
@@ -14221,7 +13517,7 @@ msgstr "The table consists of following data:"
msgid "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
msgstr "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
-#: ../../configuration/nat/nat44.rst:233
+#: ../../configuration/nat/nat44.rst:245
msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
@@ -14245,22 +13541,7 @@ msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for mult
msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
+#: ../../_include/interface-dhcp-options.txt:36
msgid "The vendor-class-id option can be used to request a specific class of vendor options from the server."
msgstr "The vendor-class-id option can be used to request a specific class of vendor options from the server."
@@ -14276,7 +13557,7 @@ msgstr "The window size must be between 1 and 21."
msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
-#: ../../configuration/nat/nat44.rst:597
+#: ../../configuration/nat/nat44.rst:621
msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
@@ -14300,16 +13581,22 @@ msgstr "There's a variety of client GUI frontends for any platform"
msgid "There are 3 default NTP server set. You are able to change them."
msgstr "There are 3 default NTP server set. You are able to change them."
-#: ../../configuration/firewall/general.rst:536
-#: ../../configuration/firewall/general-legacy.rst:380
+#: ../../configuration/firewall/ipv4.rst:269
+#: ../../configuration/firewall/ipv6.rst:269
msgid "There are a lot of matching criteria against which the package can be tested."
msgstr "There are a lot of matching criteria against which the package can be tested."
+#: ../../configuration/firewall/bridge.rst:221
+#: ../../configuration/firewall/ipv4.rst:303
+#: ../../configuration/firewall/ipv6.rst:303
+msgid "There are a lot of matching criteria against which the packet can be tested."
+msgstr "There are a lot of matching criteria against which the packet can be tested."
+
#: ../../configuration/policy/route.rst:40
msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
-#: ../../configuration/system/ipv6.rst:91
+#: ../../configuration/system/ipv6.rst:92
msgid "There are different parameters for getting prefix-list information:"
msgstr "There are different parameters for getting prefix-list information:"
@@ -14362,33 +13649,9 @@ msgid "There is also a GRE over IPv6 encapsulation available, it is called: ``ip
msgstr "There is also a GRE over IPv6 encapsulation available, it is called: ``ip6gre``."
#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
msgid "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
msgstr "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
-#: ../../configuration/protocols/igmp.rst:93
#: ../../configuration/protocols/pim6.rst:27
msgid "These are the commands for a basic setup."
msgstr "These are the commands for a basic setup."
@@ -14413,6 +13676,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u
msgid "They can be **decimal** prefixes."
msgstr "They can be **decimal** prefixes."
+#: ../../configuration/firewall/flowtables.rst:102
+msgid "Things to be considred in this setup:"
+msgstr "Things to be considred in this setup:"
+
#: ../../configuration/interfaces/l2tpv3.rst:54
msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
@@ -14438,6 +13705,10 @@ msgstr "This algorithm will place all traffic to a particular network peer on th
msgid "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
msgstr "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
+#: ../../configuration/system/frr.rst:17
+msgid "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+msgstr "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+
#: ../../configuration/service/dns.rst:41
msgid "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
msgstr "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
@@ -14503,7 +13774,7 @@ msgstr "This command allows to specify the distribution type for the network con
msgid "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
msgstr "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
-#: ../../configuration/protocols/ospf.rst:1259
+#: ../../configuration/protocols/ospf.rst:1261
msgid "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -14734,23 +14005,27 @@ msgstr "This command disables route reflection between route reflector clients.
msgid "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
msgstr "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
-#: ../../configuration/protocols/bgp.rst:1008
+#: ../../configuration/protocols/isis.rst:318
+msgid "This command disables the load sharing across multiple LFA backups."
+msgstr "This command disables the load sharing across multiple LFA backups."
+
+#: ../../configuration/protocols/bgp.rst:1009
msgid "This command displays BGP dampened routes."
msgstr "This command displays BGP dampened routes."
-#: ../../configuration/protocols/bgp.rst:1031
+#: ../../configuration/protocols/bgp.rst:1032
msgid "This command displays BGP received-routes that are accepted after filtering."
msgstr "This command displays BGP received-routes that are accepted after filtering."
-#: ../../configuration/protocols/bgp.rst:1021
+#: ../../configuration/protocols/bgp.rst:1022
msgid "This command displays BGP routes advertised to a neighbor."
msgstr "This command displays BGP routes advertised to a neighbor."
-#: ../../configuration/protocols/bgp.rst:1016
+#: ../../configuration/protocols/bgp.rst:1017
msgid "This command displays BGP routes allowed by the specified AS Path access list."
msgstr "This command displays BGP routes allowed by the specified AS Path access list."
-#: ../../configuration/protocols/bgp.rst:1025
+#: ../../configuration/protocols/bgp.rst:1026
msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
msgstr "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
@@ -14763,17 +14038,17 @@ msgid "This command displays RIP routes."
msgstr "This command displays RIP routes."
#: ../../configuration/protocols/ospf.rst:785
-#: ../../configuration/protocols/ospf.rst:1304
+#: ../../configuration/protocols/ospf.rst:1306
msgid "This command displays a database contents for a specific link advertisement type."
msgstr "This command displays a database contents for a specific link advertisement type."
#: ../../configuration/protocols/ospf.rst:752
-#: ../../configuration/protocols/ospf.rst:1299
+#: ../../configuration/protocols/ospf.rst:1301
msgid "This command displays a summary table with a database contents (LSA)."
msgstr "This command displays a summary table with a database contents (LSA)."
#: ../../configuration/protocols/ospf.rst:747
-#: ../../configuration/protocols/ospf.rst:1294
+#: ../../configuration/protocols/ospf.rst:1296
msgid "This command displays a table of paths to area boundary and autonomous system boundary routers."
msgstr "This command displays a table of paths to area boundary and autonomous system boundary routers."
@@ -14781,35 +14056,35 @@ msgstr "This command displays a table of paths to area boundary and autonomous s
msgid "This command displays all entries in BGP routing table."
msgstr "This command displays all entries in BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1035
+#: ../../configuration/protocols/bgp.rst:1036
msgid "This command displays dampened routes received from BGP neighbor."
msgstr "This command displays dampened routes received from BGP neighbor."
-#: ../../configuration/protocols/ospf.rst:1309
+#: ../../configuration/protocols/ospf.rst:1311
msgid "This command displays external information redistributed into OSPFv3"
msgstr "This command displays external information redistributed into OSPFv3"
-#: ../../configuration/protocols/bgp.rst:1039
+#: ../../configuration/protocols/bgp.rst:1040
msgid "This command displays information about BGP routes whose AS path matches the specified regular expression."
msgstr "This command displays information about BGP routes whose AS path matches the specified regular expression."
-#: ../../configuration/protocols/bgp.rst:1012
+#: ../../configuration/protocols/bgp.rst:1013
msgid "This command displays information about flapping BGP routes."
msgstr "This command displays information about flapping BGP routes."
-#: ../../configuration/protocols/bgp.rst:976
+#: ../../configuration/protocols/bgp.rst:977
msgid "This command displays information about the particular entry in the BGP routing table."
msgstr "This command displays information about the particular entry in the BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1003
+#: ../../configuration/protocols/bgp.rst:1004
msgid "This command displays routes that are permitted by the BGP community list."
msgstr "This command displays routes that are permitted by the BGP community list."
-#: ../../configuration/protocols/bgp.rst:996
+#: ../../configuration/protocols/bgp.rst:997
msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
msgstr "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
-#: ../../configuration/protocols/bgp.rst:992
+#: ../../configuration/protocols/bgp.rst:993
msgid "This command displays routes with classless interdomain routing (CIDR)."
msgstr "This command displays routes with classless interdomain routing (CIDR)."
@@ -14817,11 +14092,11 @@ msgstr "This command displays routes with classless interdomain routing (CIDR)."
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
-#: ../../configuration/protocols/ospf.rst:1283
+#: ../../configuration/protocols/ospf.rst:1285
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
-#: ../../configuration/protocols/ospf.rst:1289
+#: ../../configuration/protocols/ospf.rst:1291
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
@@ -14829,12 +14104,12 @@ msgstr "This command displays the OSPF routing table, as determined by the most
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
-#: ../../configuration/protocols/ospf.rst:1279
+#: ../../configuration/protocols/ospf.rst:1281
msgid "This command displays the neighbor DR choice information."
msgstr "This command displays the neighbor DR choice information."
#: ../../configuration/protocols/ospf.rst:623
-#: ../../configuration/protocols/ospf.rst:1274
+#: ../../configuration/protocols/ospf.rst:1276
msgid "This command displays the neighbors information in a detailed form, not just a summary table."
msgstr "This command displays the neighbors information in a detailed form, not just a summary table."
@@ -14843,7 +14118,7 @@ msgid "This command displays the neighbors information in a detailed form for a
msgstr "This command displays the neighbors information in a detailed form for a neighbor whose IP address is specified."
#: ../../configuration/protocols/ospf.rst:613
-#: ../../configuration/protocols/ospf.rst:1270
+#: ../../configuration/protocols/ospf.rst:1272
msgid "This command displays the neighbors status."
msgstr "This command displays the neighbors status."
@@ -14851,7 +14126,7 @@ msgstr "This command displays the neighbors status."
msgid "This command displays the neighbors status for a neighbor on the specified interface."
msgstr "This command displays the neighbors status for a neighbor on the specified interface."
-#: ../../configuration/protocols/bgp.rst:1044
+#: ../../configuration/protocols/bgp.rst:1045
msgid "This command displays the status of all BGP connections."
msgstr "This command displays the status of all BGP connections."
@@ -14863,6 +14138,10 @@ msgstr "This command enable/disables summarisation for the configured address ra
msgid "This command enable logging neighbor up/down changes and reset reason."
msgstr "This command enable logging neighbor up/down changes and reset reason."
+#: ../../configuration/protocols/isis.rst:311
+msgid "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+
#: ../../configuration/protocols/isis.rst:70
msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
@@ -14946,6 +14225,10 @@ msgstr "This command is only allowed for eBGP peers."
msgid "This command is only allowed for eBGP peers. It is not applicable for peer groups."
msgstr "This command is only allowed for eBGP peers. It is not applicable for peer groups."
+#: ../../configuration/protocols/pim.rst:70
+msgid "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+msgstr "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+
#: ../../configuration/protocols/rip.rst:106
msgid "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
msgstr "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
@@ -15006,7 +14289,7 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
msgstr "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
-#: ../../configuration/protocols/ospf.rst:1253
+#: ../../configuration/protocols/ospf.rst:1255
msgid "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -15014,19 +14297,19 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
msgstr "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
-#: ../../configuration/protocols/bgp.rst:1067
+#: ../../configuration/protocols/bgp.rst:1068
msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1087
+#: ../../configuration/protocols/bgp.rst:1088
msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1074
+#: ../../configuration/protocols/bgp.rst:1075
msgid "This command resets all BGP connections of given router."
msgstr "This command resets all BGP connections of given router."
-#: ../../configuration/protocols/bgp.rst:1083
+#: ../../configuration/protocols/bgp.rst:1084
msgid "This command resets all external BGP peers of given router."
msgstr "This command resets all external BGP peers of given router."
@@ -15431,56 +14714,18 @@ msgstr "This command summarizes intra area paths from specified area into one su
msgid "This command to ensure not advertise the summary lsa for the matched external LSAs."
msgstr "This command to ensure not advertise the summary lsa for the matched external LSAs."
-#: ../../configuration/protocols/bgp.rst:1078
+#: ../../configuration/protocols/bgp.rst:1079
msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
msgstr "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/pppoe.rst:212
#: ../../configuration/interfaces/pppoe.rst:258
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/sstp-client.rst:84
#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
@@ -15494,6 +14739,10 @@ msgstr "This command will change the hold down value for IGP-LDP synchronization
msgid "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
msgstr "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
+#: ../../configuration/protocols/isis.rst:324
+msgid "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+msgstr "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+
#: ../../configuration/protocols/isis.rst:134
msgid "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
msgstr "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
@@ -15510,25 +14759,32 @@ msgstr "This command will generate a default-route in L1 database."
msgid "This command will generate a default-route in L2 database."
msgstr "This command will generate a default-route in L2 database."
-#: ../../configuration/firewall/general.rst:1457
-#: ../../configuration/firewall/general-legacy.rst:904
+#: ../../configuration/firewall/ipv6.rst:1113
msgid "This command will give an overview of a rule in a single rule-set"
msgstr "This command will give an overview of a rule in a single rule-set"
+#: ../../configuration/firewall/ipv4.rst:1091
+msgid "This command will give an overview of a rule in a single rule-set, plus information for default action."
+msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action."
+
#: ../../configuration/firewall/general-legacy.rst:940
msgid "This command will give an overview of a rule in a single rule-set."
msgstr "This command will give an overview of a rule in a single rule-set."
-#: ../../configuration/firewall/general.rst:1435
-#: ../../configuration/firewall/general-legacy.rst:932
+#: ../../configuration/firewall/ipv4.rst:1072
+#: ../../configuration/firewall/ipv6.rst:1088
msgid "This command will give an overview of a single rule-set."
msgstr "This command will give an overview of a single rule-set."
+#: ../../configuration/protocols/isis.rst:330
+msgid "This command will limit LFA backup computation up to the specified prefix priority."
+msgstr "This command will limit LFA backup computation up to the specified prefix priority."
+
#: ../../configuration/protocols/bgp.rst:268
msgid "This command would allow the dynamic update of capabilities over an established BGP session."
msgstr "This command would allow the dynamic update of capabilities over an established BGP session."
-#: ../../configuration/interfaces/vxlan.rst:272
+#: ../../configuration/interfaces/vxlan.rst:293
msgid "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
@@ -15548,7 +14804,12 @@ msgstr "This configuration listen on port 80 and redirect incoming requests to H
msgid "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
msgstr "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
-#: ../../configuration/service/dhcp-server.rst:78
+#: ../../configuration/service/dhcp-server.rst:76
+#: ../../configuration/service/dhcp-server.rst:520
+msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+
+#: ../../configuration/service/dhcp-server.rst:58
msgid "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
msgstr "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
@@ -15572,30 +14833,11 @@ msgstr "This defaults to 1812."
msgid "This defaults to 2007."
msgstr "This defaults to 2007."
-#: ../../configuration/service/dns.rst:258
+#: ../../configuration/service/dns.rst:271
msgid "This defaults to 300 seconds."
msgstr "This defaults to 300 seconds."
#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
msgid "This defaults to 30 seconds."
msgstr "This defaults to 30 seconds."
@@ -15611,6 +14853,14 @@ msgstr "This defaults to 5."
msgid "This defaults to UDP"
msgstr "This defaults to UDP"
+#: ../../configuration/service/https.rst:52
+msgid "This defaults to both 1.2 and 1.3."
+msgstr "This defaults to both 1.2 and 1.3."
+
+#: ../../configuration/pki/index.rst:283
+msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/interfaces/wireless.rst:101
msgid "This defaults to phy0."
msgstr "This defaults to phy0."
@@ -15635,7 +14885,7 @@ msgstr "This enables :rfc:`3137` support, where the OSPF process describes its t
msgid "This enables the greenfield option which sets the ``[GF]`` option"
msgstr "This enables the greenfield option which sets the ``[GF]`` option"
-#: ../../configuration/nat/nat44.rst:546
+#: ../../configuration/nat/nat44.rst:568
msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
@@ -15647,28 +14897,28 @@ msgstr "This example shows how to target an MSS clamp (in our example to 1360 by
msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
-#: ../../configuration/service/dns.rst:391
+#: ../../configuration/service/dns.rst:404
msgid "This functionality is controlled by adding the following configuration:"
msgstr "This functionality is controlled by adding the following configuration:"
-#: ../../configuration/firewall/general.rst:626
-#: ../../configuration/firewall/general-legacy.rst:431
+#: ../../configuration/firewall/ipv4.rst:376
+#: ../../configuration/firewall/ipv6.rst:378
msgid "This functions for both individual addresses and address groups."
msgstr "This functions for both individual addresses and address groups."
-#: ../../configuration/protocols/isis.rst:449
+#: ../../configuration/protocols/isis.rst:477
#: ../../configuration/protocols/ospf.rst:968
msgid "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
msgstr "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
-#: ../../configuration/protocols/isis.rst:501
+#: ../../configuration/protocols/isis.rst:529
#: ../../configuration/protocols/ospf.rst:1018
#: ../../configuration/protocols/segment-routing.rst:229
#: ../../configuration/protocols/segment-routing.rst:312
msgid "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
msgstr "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
-#: ../../configuration/protocols/isis.rst:339
+#: ../../configuration/protocols/isis.rst:367
msgid "This gives us the following neighborships, Level 1 and Level 2:"
msgstr "This gives us the following neighborships, Level 1 and Level 2:"
@@ -15680,11 +14930,11 @@ msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolu
msgid "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
msgstr "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
-#: ../../configuration/service/dhcp-server.rst:96
+#: ../../configuration/service/dhcp-server.rst:82
msgid "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
msgstr "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
-#: ../../configuration/service/dhcp-server.rst:103
+#: ../../configuration/service/dhcp-server.rst:89
msgid "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
msgstr "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
@@ -15696,6 +14946,11 @@ msgstr "This is a mandatory command. Sets regular expression to match against lo
msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable."
msgstr "This is a mandatory command. Sets the full path to the script. The script file must be executable."
+#: ../../configuration/pki/index.rst:261
+#: ../../configuration/pki/index.rst:267
+msgid "This is a mandatory option"
+msgstr "This is a mandatory option"
+
#: ../../configuration/protocols/rpki.rst:117
#: ../../configuration/protocols/rpki.rst:124
msgid "This is a mandatory setting."
@@ -15726,29 +14981,10 @@ msgid "This is an optional command because the event handler will be automatical
msgstr "This is an optional command because the event handler will be automatically created after any of the next commands."
#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
msgid "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
msgstr "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
-#: ../../configuration/protocols/igmp.rst:208
+#: ../../configuration/protocols/igmp-proxy.rst:36
msgid "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
msgstr "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
@@ -15777,13 +15013,13 @@ msgstr "This is the LAN extension use case. The eth0 port of the distant VPN pee
msgid "This is the LCD model used in your system."
msgstr "This is the LCD model used in your system."
-#: ../../configuration/service/dhcp-server.rst:40
-#: ../../configuration/service/dhcp-server.rst:49
-#: ../../configuration/service/dhcp-server.rst:56
+#: ../../configuration/service/dhcp-server.rst:35
+#: ../../configuration/service/dhcp-server.rst:44
+#: ../../configuration/service/dhcp-server.rst:51
msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
msgstr "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
-#: ../../configuration/service/dhcp-server.rst:232
+#: ../../configuration/service/dhcp-server.rst:197
msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
msgstr "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
@@ -15795,7 +15031,7 @@ msgstr "This is the name of the physical interface used to connect to your LCD d
msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
-#: ../../configuration/service/dhcp-server.rst:230
+#: ../../configuration/service/dhcp-server.rst:195
msgid "This is useful, for example, in combination with hostfile update."
msgstr "This is useful, for example, in combination with hostfile update."
@@ -15808,25 +15044,6 @@ msgid "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.
msgstr "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones."
#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
msgid "This method automatically disables IPv6 traffic forwarding on the interface in question."
msgstr "This method automatically disables IPv6 traffic forwarding on the interface in question."
@@ -15847,11 +15064,11 @@ msgstr "This mode provides load balancing and fault tolerance."
msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
-#: ../../configuration/service/dhcp-server.rst:133
+#: ../../configuration/service/dhcp-server.rst:119
msgid "This option can be specified multiple times."
msgstr "This option can be specified multiple times."
-#: ../../configuration/protocols/igmp.rst:211
+#: ../../configuration/protocols/igmp-proxy.rst:39
msgid "This option can be supplied multiple times."
msgstr "This option can be supplied multiple times."
@@ -15863,7 +15080,15 @@ msgstr "This option is mandatory in Access-Point mode."
msgid "This option is required when running a DMVPN spoke."
msgstr "This option is required when running a DMVPN spoke."
-#: ../../configuration/system/login.rst:388
+#: ../../_include/interface-dhcp-options.txt:86
+msgid "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+msgstr "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+
+#: ../../_include/interface-dhcp-options.txt:31
+msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+
+#: ../../configuration/system/login.rst:390
msgid "This option must be used with ``timeout`` option."
msgstr "This option must be used with ``timeout`` option."
@@ -15876,6 +15101,10 @@ msgstr "This option only affects 802.3ad mode."
msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
+#: ../../configuration/pki/index.rst:277
+msgid "This options defaults to 2048"
+msgstr "This options defaults to 2048"
+
#: ../../configuration/protocols/ospf.rst:326
msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
@@ -15892,7 +15121,9 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer
msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:360
+#: ../../configuration/firewall/bridge.rst:90
+#: ../../configuration/firewall/ipv4.rst:114
+#: ../../configuration/firewall/ipv6.rst:114
msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
@@ -15905,7 +15136,7 @@ msgstr "This requires two files, one to create the device (XXX.netdev) and one t
msgid "This results in the active configuration:"
msgstr "This results in the active configuration:"
-#: ../../configuration/service/dhcp-server.rst:88
+#: ../../configuration/service/dhcp-server.rst:68
msgid "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
msgstr "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
@@ -15918,19 +15149,6 @@ msgid "This section describes the system's host information and how to configure
msgstr "This section describes the system's host information and how to configure them, it covers the following topics:"
#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
msgid "This section needs improvements, examples and explanations."
msgstr "This section needs improvements, examples and explanations."
@@ -15938,10 +15156,17 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:392
+#: ../../configuration/firewall/ipv4.rst:142
+#: ../../configuration/firewall/ipv6.rst:142
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+#: ../../configuration/firewall/bridge.rst:132
+#: ../../configuration/firewall/ipv4.rst:179
+#: ../../configuration/firewall/ipv6.rst:179
+msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+
#: ../../configuration/interfaces/openvpn.rst:278
msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
@@ -15958,13 +15183,11 @@ msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amou
msgid "This setting defaults to 1500 and is valid between 10 and 60000."
msgstr "This setting defaults to 1500 and is valid between 10 and 60000."
-#: ../../configuration/firewall/general.rst:121
-#: ../../configuration/firewall/general-legacy.rst:73
+#: ../../configuration/firewall/global-options.rst:58
msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:129
-#: ../../configuration/firewall/general-legacy.rst:81
+#: ../../configuration/firewall/global-options.rst:66
msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
@@ -15973,21 +15196,6 @@ msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-
msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:"
#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
@@ -15995,30 +15203,11 @@ msgstr "This statement specifies dhcp6c to only exchange informational configura
msgid "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
msgstr "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
-#: ../../configuration/nat/nat44.rst:409
+#: ../../configuration/nat/nat44.rst:423
msgid "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
msgid "This technology is known by different names:"
msgstr "This technology is known by different names:"
@@ -16026,7 +15215,7 @@ msgstr "This technology is known by different names:"
msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
-#: ../../configuration/interfaces/vxlan.rst:173
+#: ../../configuration/interfaces/vxlan.rst:194
msgid "This topology was built using GNS3."
msgstr "This topology was built using GNS3."
@@ -16042,26 +15231,37 @@ msgstr "This will configure a static ARP entry always resolving `<address>` to `
msgid "This will match TCP traffic with source port 80."
msgstr "This will match TCP traffic with source port 80."
-#: ../../configuration/service/dns.rst:282
+#: ../../configuration/service/dns.rst:295
msgid "This will render the following ddclient_ configuration entry:"
msgstr "This will render the following ddclient_ configuration entry:"
-#: ../../configuration/firewall/general.rst:1314
-#: ../../configuration/firewall/general-legacy.rst:785
+#: ../../configuration/firewall/ipv6.rst:969
msgid "This will show you a basic firewall overview"
msgstr "This will show you a basic firewall overview"
+#: ../../configuration/firewall/ipv4.rst:961
+msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+
+#: ../../configuration/firewall/zone.rst:149
+msgid "This will show you a basic summary of a particular zone."
+msgstr "This will show you a basic summary of a particular zone."
+
+#: ../../configuration/firewall/zone.rst:132
+msgid "This will show you a basic summary of zones configuration."
+msgstr "This will show you a basic summary of zones configuration."
+
#: ../../configuration/firewall/general-legacy.rst:936
msgid "This will show you a rule-set statistic since the last boot."
msgstr "This will show you a rule-set statistic since the last boot."
-#: ../../configuration/firewall/general.rst:1479
-#: ../../configuration/firewall/general-legacy.rst:900
+#: ../../configuration/firewall/ipv4.rst:1112
+#: ../../configuration/firewall/ipv6.rst:1135
msgid "This will show you a statistic of all rule-sets since the last boot."
msgstr "This will show you a statistic of all rule-sets since the last boot."
-#: ../../configuration/firewall/general.rst:1377
-#: ../../configuration/firewall/general-legacy.rst:851
+#: ../../configuration/firewall/ipv4.rst:1016
+#: ../../configuration/firewall/ipv6.rst:1032
msgid "This will show you a summary of rule-sets and groups"
msgstr "This will show you a summary of rule-sets and groups"
@@ -16069,7 +15269,7 @@ msgstr "This will show you a summary of rule-sets and groups"
msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
-#: ../../configuration/nat/nat44.rst:566
+#: ../../configuration/nat/nat44.rst:590
msgid "This would generate the following configuration:"
msgstr "This would generate the following configuration:"
@@ -16105,8 +15305,8 @@ msgstr "Time in seconds that the prefix will remain valid (default: 30 days)"
msgid "Time is in minutes and defaults to 60."
msgstr "Time is in minutes and defaults to 60."
-#: ../../configuration/firewall/general.rst:1211
-#: ../../configuration/firewall/general-legacy.rst:722
+#: ../../configuration/firewall/ipv4.rst:874
+#: ../../configuration/firewall/ipv6.rst:883
#: ../../configuration/policy/route.rst:225
msgid "Time to match the defined rule."
msgstr "Time to match the defined rule."
@@ -16115,11 +15315,11 @@ msgstr "Time to match the defined rule."
msgid "Timeout in seconds between health target checks."
msgstr "Timeout in seconds between health target checks."
-#: ../../configuration/vpn/sstp.rst:223
+#: ../../configuration/vpn/sstp.rst:234
msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
-#: ../../configuration/vpn/sstp.rst:243
+#: ../../configuration/vpn/sstp.rst:254
msgid "Timeout to wait response from server (seconds)"
msgstr "Timeout to wait response from server (seconds)"
@@ -16136,7 +15336,15 @@ msgstr "To activate the VLAN aware bridge, you must activate this setting to use
msgid "To allow VPN-clients access via your external address, a NAT rule is required:"
msgstr "To allow VPN-clients access via your external address, a NAT rule is required:"
-#: ../../configuration/vpn/site2site_ipsec.rst:253
+#: ../../configuration/service/mdns.rst:68
+msgid "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+msgstr "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+
+#: ../../configuration/service/mdns.rst:60
+msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+
+#: ../../configuration/vpn/site2site_ipsec.rst:257
msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
msgstr "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
@@ -16152,16 +15360,45 @@ msgstr "To auto update the blacklist files"
msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
+#: ../../configuration/service/pppoe-server.rst:59
+msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+
#: ../../configuration/firewall/general-legacy.rst:314
msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
-#: ../../configuration/firewall/general.rst:401
-#: ../../configuration/firewall/general-legacy.rst:295
+#: ../../configuration/firewall/bridge.rst:140
+#: ../../configuration/firewall/ipv4.rst:187
+#: ../../configuration/firewall/ipv6.rst:187
msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
-#: ../../configuration/firewall/general.rst:374
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
+msgid "To be used only when action is set to ``jump``. Use this command to specify jump target."
+msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target."
+
+#: ../../configuration/firewall/bridge.rst:120
+#: ../../configuration/firewall/ipv4.rst:163
+#: ../../configuration/firewall/ipv6.rst:163
+msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+
+#: ../../configuration/firewall/bridge.rst:111
+#: ../../configuration/firewall/ipv4.rst:150
+#: ../../configuration/firewall/ipv6.rst:150
+msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+
+#: ../../configuration/firewall/bridge.rst:103
+#: ../../configuration/firewall/ipv4.rst:138
+#: ../../configuration/firewall/ipv6.rst:138
+msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
msgid "To be used only when action is set to jump. Use this command to specify jump target."
msgstr "To be used only when action is set to jump. Use this command to specify jump target."
@@ -16177,11 +15414,11 @@ msgstr "To bypass the proxy for every request that is directed to a specific des
msgid "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
msgstr "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
-#: ../../configuration/firewall/index.rst:58
+#: ../../configuration/firewall/index.rst:179
msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
-#: ../../configuration/firewall/index.rst:79
+#: ../../configuration/firewall/index.rst:173
msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
@@ -16209,7 +15446,7 @@ msgstr "To configure your LCD display you must first identify the used hardware,
msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
-#: ../../configuration/system/login.rst:375
+#: ../../configuration/system/login.rst:377
msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
@@ -16221,7 +15458,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports."
msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
-#: ../../configuration/firewall/zone.rst:61
+#: ../../configuration/firewall/zone.rst:80
msgid "To define a zone setup either one with interfaces or a local zone."
msgstr "To define a zone setup either one with interfaces or a local zone."
@@ -16233,7 +15470,7 @@ msgstr "To disable advertisements without deleting the configuration:"
msgid "To display the configured OTP user key, use the command:"
msgstr "To display the configured OTP user key, use the command:"
-#: ../../configuration/vpn/openconnect.rst:219
+#: ../../configuration/vpn/openconnect.rst:226
msgid "To display the configured OTP user settings, use the command:"
msgstr "To display the configured OTP user settings, use the command:"
@@ -16254,7 +15491,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to
msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
-#: ../../configuration/service/https.rst:23
+#: ../../configuration/service/https.rst:68
msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
@@ -16262,6 +15499,14 @@ msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`mon
msgid "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
msgstr "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
+#: ../../configuration/service/mdns.rst:23
+msgid "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+msgstr "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+
+#: ../../configuration/vpn/openconnect.rst:168
+msgid "To enable the HTTP security headers in the configuration file, use the command:"
+msgstr "To enable the HTTP security headers in the configuration file, use the command:"
+
#: ../../configuration/loadbalancing/wan.rst:115
msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
@@ -16282,7 +15527,7 @@ msgstr "To generate the CA, the server private key and certificates the followin
msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
-#: ../../configuration/service/dhcp-server.rst:636
+#: ../../configuration/service/dhcp-server.rst:566
msgid "To hand out individual prefixes to your clients the following configuration is used:"
msgstr "To hand out individual prefixes to your clients the following configuration is used:"
@@ -16290,7 +15535,7 @@ msgstr "To hand out individual prefixes to your clients the following configurat
msgid "To know more about scripting, check the :ref:`command-scripting` section."
msgstr "To know more about scripting, check the :ref:`command-scripting` section."
-#: ../../configuration/service/mdns.rst:36
+#: ../../configuration/service/mdns.rst:52
msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
msgstr "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
@@ -16304,34 +15549,18 @@ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip osp
msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
msgid "To request a /56 prefix from your ISP use:"
msgstr "To request a /56 prefix from your ISP use:"
-#: ../../configuration/service/dhcp-server.rst:748
+#: ../../configuration/service/dhcp-server.rst:680
msgid "To restart the DHCPv6 server"
msgstr "To restart the DHCPv6 server"
-#: ../../configuration/nat/nat44.rst:315
+#: ../../configuration/nat/nat44.rst:327
msgid "To setup SNAT, we need to know:"
msgstr "To setup SNAT, we need to know:"
-#: ../../configuration/nat/nat44.rst:501
+#: ../../configuration/nat/nat44.rst:521
msgid "To setup a destination NAT rule we need to gather:"
msgstr "To setup a destination NAT rule we need to gather:"
@@ -16343,11 +15572,11 @@ msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary
msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
-#: ../../configuration/service/pppoe-server.rst:106
+#: ../../configuration/service/pppoe-server.rst:93
msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
msgstr "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
-#: ../../configuration/service/dns.rst:308
+#: ../../configuration/service/dns.rst:321
msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
msgstr "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
@@ -16355,15 +15584,15 @@ msgstr "To use such a service, one must define a login, password, one or multipl
msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
-#: ../../configuration/service/https.rst:86
+#: ../../configuration/service/https.rst:77
msgid "To use this full configuration we asume a public accessible hostname."
msgstr "To use this full configuration we asume a public accessible hostname."
-#: ../../configuration/interfaces/vxlan.rst:175
+#: ../../configuration/interfaces/vxlan.rst:196
msgid "Topology:"
msgstr "Topology:"
-#: ../../configuration/interfaces/vxlan.rst:107
+#: ../../configuration/interfaces/vxlan.rst:128
msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
@@ -16379,7 +15608,7 @@ msgstr "Track option to track non VRRP interface states. VRRP changes status to
msgid "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
msgstr "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
-#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:175
msgid "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
msgstr "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
@@ -16399,7 +15628,7 @@ msgstr "Traffic Filters are used to control which packets will have the defined
msgid "Traffic Policy"
msgstr "Traffic Policy"
-#: ../../configuration/firewall/zone.rst:37
+#: ../../configuration/firewall/zone.rst:56
msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member."
msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member."
@@ -16411,10 +15640,19 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece
msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
-#: ../../configuration/firewall/general.rst:1281
+#: ../../configuration/protocols/pim.rst:18
+msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+
+#: ../../configuration/firewall/ipv4.rst:928
+#: ../../configuration/firewall/ipv6.rst:937
msgid "Traffic must be symmetric"
msgstr "Traffic must be symmetric"
+#: ../../configuration/firewall/bridge.rst:34
+msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+
#: ../../configuration/highavailability/index.rst:322
msgid "Transition scripts"
msgstr "Transition scripts"
@@ -16427,11 +15665,11 @@ msgstr "Transition scripts can help you implement various fixups, such as starti
msgid "Transparent Proxy"
msgstr "Transparent Proxy"
+#: ../../configuration/interfaces/openvpn.rst:701
#: ../../configuration/interfaces/tunnel.rst:227
msgid "Troubleshooting"
msgstr "Troubleshooting"
-#: ../../configuration/protocols/igmp.rst:119
#: ../../configuration/protocols/pim6.rst:41
msgid "Tuning commands"
msgstr "Tuning commands"
@@ -16448,6 +15686,10 @@ msgstr "Tunnel keys"
msgid "Two environment variables are available:"
msgstr "Two environment variables are available:"
+#: ../../configuration/firewall/flowtables.rst:104
+msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+
#: ../../configuration/service/ssh.rst:188
msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
@@ -16460,7 +15702,7 @@ msgstr "Two routers connected both via eth1 through an untrusted switch"
msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
-#: ../../configuration/nat/nat44.rst:594
+#: ../../configuration/nat/nat44.rst:618
msgid "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
msgstr "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
@@ -16504,7 +15746,7 @@ msgstr "USB to serial converters will handle most of their work in software so y
msgid "UUCP subsystem"
msgstr "UUCP subsystem"
-#: ../../configuration/interfaces/vxlan.rst:81
+#: ../../configuration/interfaces/vxlan.rst:102
msgid "Unicast"
msgstr "Unicast"
@@ -16512,7 +15754,7 @@ msgstr "Unicast"
msgid "Unicast VRRP"
msgstr "Unicast VRRP"
-#: ../../configuration/interfaces/vxlan.rst:319
+#: ../../configuration/interfaces/vxlan.rst:340
msgid "Unicast VXLAN"
msgstr "Unicast VXLAN"
@@ -16540,11 +15782,15 @@ msgstr "Update"
msgid "Update container image"
msgstr "Update container image"
-#: ../../configuration/firewall/general.rst:1540
-#: ../../configuration/firewall/general-legacy.rst:1050
+#: ../../configuration/firewall/ipv4.rst:1175
+#: ../../configuration/firewall/ipv6.rst:1191
msgid "Update geoip database"
msgstr "Update geoip database"
+#: ../../configuration/system/updates.rst:3
+msgid "Updates"
+msgstr "Updates"
+
#: ../../configuration/protocols/rpki.rst:99
msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
@@ -16566,7 +15812,11 @@ msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in
msgid "Use 802.11n protocol"
msgstr "Use 802.11n protocol"
-#: ../../configuration/service/dns.rst:352
+#: ../../configuration/service/https.rst:23
+msgid "Use CA certificate from PKI subsystem"
+msgstr "Use CA certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:365
msgid "Use DynDNS as your preferred provider:"
msgstr "Use DynDNS as your preferred provider:"
@@ -16578,6 +15828,10 @@ msgstr "Use TLS but skip host validation"
msgid "Use TLS encryption."
msgstr "Use TLS encryption."
+#: ../../configuration/service/https.rst:31
+msgid "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+
#: ../../configuration/vpn/sstp.rst:121
msgid "Use `<subnet>` as the IP pool for all connecting clients."
msgstr "Use `<subnet>` as the IP pool for all connecting clients."
@@ -16594,67 +15848,52 @@ msgstr "Use `delete system conntrack modules` to deactive all modules."
msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
-#: ../../configuration/firewall/general.rst:799
-#: ../../configuration/firewall/general-legacy.rst:531
+#: ../../configuration/firewall/ipv4.rst:515
+#: ../../configuration/firewall/ipv6.rst:525
msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:874
-#: ../../configuration/firewall/general-legacy.rst:567
+#: ../../configuration/firewall/ipv4.rst:578
+#: ../../configuration/firewall/ipv6.rst:588
msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:899
-#: ../../configuration/firewall/general-legacy.rst:579
+#: ../../configuration/firewall/ipv4.rst:599
+#: ../../configuration/firewall/ipv6.rst:609
msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:824
-#: ../../configuration/firewall/general-legacy.rst:543
+#: ../../configuration/firewall/ipv4.rst:536
+#: ../../configuration/firewall/ipv6.rst:546
msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:849
-#: ../../configuration/firewall/general-legacy.rst:555
+#: ../../configuration/firewall/ipv4.rst:557
+#: ../../configuration/firewall/ipv6.rst:567
msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/nat/nat44.rst:247
+#: ../../configuration/nat/nat44.rst:259
msgid "Use address `masquerade` (the interfaces primary address) on rule 30"
msgstr "Use address `masquerade` (the interfaces primary address) on rule 30"
-#: ../../configuration/service/https.rst:67
+#: ../../configuration/service/https.rst:58
msgid "Use an automatically generated self-signed certificate"
msgstr "Use an automatically generated self-signed certificate"
#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
msgid "Use any local address, configured on any interface if this is not set."
msgstr "Use any local address, configured on any interface if this is not set."
-#: ../../configuration/service/dns.rst:266
+#: ../../configuration/service/dns.rst:279
msgid "Use auth key file at ``/config/auth/my.key``"
msgstr "Use auth key file at ``/config/auth/my.key``"
-#: ../../configuration/service/dns.rst:395
+#: ../../configuration/service/https.rst:27
+msgid "Use certificate from PKI subsystem"
+msgstr "Use certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:408
msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
@@ -16666,7 +15905,7 @@ msgstr "Use inverse-match to match anything except the given country-codes."
msgid "Use local socket for API"
msgstr "Use local socket for API"
-#: ../../configuration/vpn/sstp.rst:277
+#: ../../configuration/vpn/sstp.rst:288
msgid "Use local user `foo` with password `bar`"
msgstr "Use local user `foo` with password `bar`"
@@ -16682,6 +15921,10 @@ msgstr "Use the address of the specified interface on the local machine as the s
msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
+#: ../../configuration/nat/nat66.rst:142
+msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+
#: ../../configuration/system/option.rst:48
msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
@@ -16710,11 +15953,11 @@ msgstr "Use this PIM command in the selected interface to set the priority (1-42
msgid "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
-#: ../../configuration/service/pppoe-server.rst:288
+#: ../../configuration/service/pppoe-server.rst:275
msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
-#: ../../configuration/vpn/sstp.rst:126
+#: ../../configuration/vpn/sstp.rst:137
msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
@@ -16742,7 +15985,7 @@ msgstr "Use this command if you would like to set the TCP session hold time inte
msgid "Use this command to allow the selected interface to join a multicast group."
msgstr "Use this command to allow the selected interface to join a multicast group."
-#: ../../configuration/protocols/igmp.rst:149
+#: ../../configuration/protocols/pim.rst:191
msgid "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
msgstr "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
@@ -16762,19 +16005,19 @@ msgstr "Use this command to check the tunnel status for OpenVPN server interface
msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
-#: ../../configuration/system/ipv6.rst:180
+#: ../../configuration/system/ipv6.rst:154
msgid "Use this command to clear Border Gateway Protocol statistics or status."
msgstr "Use this command to clear Border Gateway Protocol statistics or status."
-#: ../../configuration/service/pppoe-server.rst:300
+#: ../../configuration/service/pppoe-server.rst:287
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/vpn/sstp.rst:135
+#: ../../configuration/vpn/sstp.rst:146
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/service/pppoe-server.rst:133
+#: ../../configuration/service/pppoe-server.rst:120
msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
@@ -16855,7 +16098,7 @@ msgstr "Use this command to configure a Shaper policy, set its name, define a cl
msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
-#: ../../configuration/service/pppoe-server.rst:206
+#: ../../configuration/service/pppoe-server.rst:193
msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
@@ -16919,10 +16162,18 @@ msgstr "Use this command to configure an interface with IGMP so that PIM can rec
msgid "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
msgstr "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
-#: ../../configuration/protocols/igmp.rst:156
+#: ../../configuration/protocols/pim.rst:198
msgid "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
msgstr "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
+#: ../../configuration/protocols/pim.rst:202
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+
+#: ../../configuration/protocols/pim.rst:204
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+
#: ../../configuration/protocols/igmp.rst:163
msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
@@ -16931,7 +16182,7 @@ msgstr "Use this command to configure in the selected interface the IGMP query r
msgid "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
msgstr "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
-#: ../../configuration/service/pppoe-server.rst:112
+#: ../../configuration/service/pppoe-server.rst:99
msgid "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
msgstr "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
@@ -16983,18 +16234,35 @@ msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic
msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
+#: ../../configuration/service/pppoe-server.rst:81
+#: ../../configuration/vpn/sstp.rst:132
+msgid "Use this command to define default address pool name."
+msgstr "Use this command to define default address pool name."
+
#: ../../configuration/system/name-server.rst:53
msgid "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
msgstr "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
+#: ../../configuration/protocols/pim.rst:211
+msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+
#: ../../configuration/protocols/igmp.rst:172
msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
+#: ../../configuration/service/pppoe-server.rst:70
+msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:73
msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
+#: ../../configuration/vpn/sstp.rst:121
+msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:42
msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
msgstr "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
@@ -17015,30 +16283,16 @@ msgstr "Use this command to define the maximum number of entries to keep in the
msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
+#: ../../configuration/service/pppoe-server.rst:77
+#: ../../configuration/vpn/sstp.rst:128
+msgid "Use this command to define the next address pool name."
+msgstr "Use this command to define the next address pool name."
+
#: ../../configuration/service/pppoe-server.rst:31
msgid "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
msgstr "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
msgid "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
msgstr "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
@@ -17059,15 +16313,6 @@ msgid "Use this command to disable IPv6 operation on interface when Duplicate Ad
msgstr "Use this command to disable IPv6 operation on interface when Duplicate Address Detection fails on Link-Local address."
#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
msgid "Use this command to disable the generation of Ethernet flow control (pause frames)."
msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)."
@@ -17107,30 +16352,11 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca
msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
-#: ../../configuration/service/pppoe-server.rst:249
+#: ../../configuration/service/pppoe-server.rst:236
msgid "Use this command to enable bandwidth shaping via RADIUS."
msgstr "Use this command to enable bandwidth shaping via RADIUS."
#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
msgid "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
@@ -17138,7 +16364,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th
msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
-#: ../../configuration/service/pppoe-server.rst:262
+#: ../../configuration/service/pppoe-server.rst:249
msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
@@ -17154,7 +16380,13 @@ msgstr "Use this command to enable the logging of the default action."
msgid "Use this command to enable the logging of the default action on custom chains."
msgstr "Use this command to enable the logging of the default action on custom chains."
-#: ../../configuration/system/ipv6.rst:191
+#: ../../configuration/firewall/bridge.rst:163
+#: ../../configuration/firewall/ipv4.rst:214
+#: ../../configuration/firewall/ipv6.rst:214
+msgid "Use this command to enable the logging of the default action on the specified chain."
+msgstr "Use this command to enable the logging of the default action on the specified chain."
+
+#: ../../configuration/system/ipv6.rst:165
msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
msgstr "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
@@ -17162,11 +16394,11 @@ msgstr "Use this command to flush the kernel IPv6 route cache. An address can be
msgid "Use this command to get an overview of a zone."
msgstr "Use this command to get an overview of a zone."
-#: ../../configuration/system/ipv6.rst:146
+#: ../../configuration/system/ipv6.rst:120
msgid "Use this command to get information about OSPFv3."
msgstr "Use this command to get information about OSPFv3."
-#: ../../configuration/system/ipv6.rst:168
+#: ../../configuration/system/ipv6.rst:142
msgid "Use this command to get information about the RIPNG protocol"
msgstr "Use this command to get information about the RIPNG protocol"
@@ -17178,7 +16410,7 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection
msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
-#: ../../configuration/service/pppoe-server.rst:324
+#: ../../configuration/service/pppoe-server.rst:311
msgid "Use this command to locally check the active sessions in the PPPoE server."
msgstr "Use this command to locally check the active sessions in the PPPoE server."
@@ -17195,7 +16427,7 @@ msgstr "Use this command to not install advertised DNS nameservers into the loca
msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
msgstr "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
-#: ../../configuration/system/ipv6.rst:186
+#: ../../configuration/system/ipv6.rst:160
msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
@@ -17295,15 +16527,15 @@ msgstr "Use this command to show IPv6 multicast group membership."
msgid "Use this command to show IPv6 routes."
msgstr "Use this command to show IPv6 routes."
-#: ../../configuration/system/ipv6.rst:104
+#: ../../configuration/system/ipv6.rst:105
msgid "Use this command to show all IPv6 access lists"
msgstr "Use this command to show all IPv6 access lists"
-#: ../../configuration/system/ipv6.rst:89
+#: ../../configuration/system/ipv6.rst:90
msgid "Use this command to show all IPv6 prefix lists"
msgstr "Use this command to show all IPv6 prefix lists"
-#: ../../configuration/system/ipv6.rst:172
+#: ../../configuration/system/ipv6.rst:146
msgid "Use this command to show the status of the RIPNG protocol"
msgstr "Use this command to show the status of the RIPNG protocol"
@@ -17420,7 +16652,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the
msgid "VLAN"
msgstr "VLAN"
-#: ../../configuration/service/pppoe-server.rst:176
+#: ../../configuration/service/pppoe-server.rst:163
msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
@@ -17456,7 +16688,7 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN
msgid "VRF"
msgstr "VRF"
-#: ../../configuration/vrf/index.rst:409
+#: ../../configuration/vrf/index.rst:411
msgid "VRF Route Leaking"
msgstr "VRF Route Leaking"
@@ -17464,15 +16696,15 @@ msgstr "VRF Route Leaking"
msgid "VRF and NAT"
msgstr "VRF and NAT"
-#: ../../configuration/vrf/index.rst:378
+#: ../../configuration/vrf/index.rst:380
msgid "VRF blue routing table"
msgstr "VRF blue routing table"
-#: ../../configuration/vrf/index.rst:345
+#: ../../configuration/vrf/index.rst:347
msgid "VRF default routing table"
msgstr "VRF default routing table"
-#: ../../configuration/vrf/index.rst:361
+#: ../../configuration/vrf/index.rst:363
msgid "VRF red routing table"
msgstr "VRF red routing table"
@@ -17537,11 +16769,11 @@ msgstr "Valid values are 0..255."
msgid "Value"
msgstr "Value"
-#: ../../configuration/vpn/sstp.rst:252
+#: ../../configuration/vpn/sstp.rst:263
msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
-#: ../../configuration/vpn/sstp.rst:247
+#: ../../configuration/vpn/sstp.rst:258
msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
msgstr "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
@@ -17555,6 +16787,10 @@ msgstr "Verification"
msgid "Verification:"
msgstr "Verification:"
+#: ../../configuration/nat/nat66.rst:226
+msgid "Verify that connections are hitting the rule on both sides:"
+msgstr "Verify that connections are hitting the rule on both sides:"
+
#: ../../configuration/highavailability/index.rst:291
msgid "Version"
msgstr "Version"
@@ -17584,22 +16820,6 @@ msgid "VyOS 1.1 supported login as user ``root``. This has been removed due to t
msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
@@ -17615,7 +16835,7 @@ msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are store
msgid "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
-#: ../../configuration/interfaces/bonding.rst:None
+#: ../../configuration/interfaces/bonding.rst:-1
msgid "VyOS Arista EOS setup"
msgstr "VyOS Arista EOS setup"
@@ -17635,7 +16855,11 @@ msgstr "VyOS IKE group has the next options:"
msgid "VyOS MIBs"
msgstr "VyOS MIBs"
-#: ../../configuration/nat/nat66.rst:None
+#: ../../configuration/nat/nat66.rst:-1
+msgid "VyOS NAT66 DHCPv6 using a dummy interface"
+msgstr "VyOS NAT66 DHCPv6 using a dummy interface"
+
+#: ../../configuration/nat/nat66.rst:-1
msgid "VyOS NAT66 Simple Configure"
msgstr "VyOS NAT66 Simple Configure"
@@ -17659,7 +16883,7 @@ msgstr "VyOS SNMP supports both IPv4 and IPv6."
msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
-#: ../../configuration/service/dhcp-server.rst:580
+#: ../../configuration/service/dhcp-server.rst:504
msgid "VyOS also provides DHCPv6 server functionality which is described in this section."
msgstr "VyOS also provides DHCPv6 server functionality which is described in this section."
@@ -17704,11 +16928,11 @@ msgstr "VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP*
msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
-#: ../../configuration/service/dns.rst:201
+#: ../../configuration/service/dns.rst:214
msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
-#: ../../configuration/service/dns.rst:306
+#: ../../configuration/service/dns.rst:319
msgid "VyOS is also able to use any service relying on protocols supported by ddclient."
msgstr "VyOS is also able to use any service relying on protocols supported by ddclient."
@@ -17720,7 +16944,6 @@ msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where t
msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
-#: ../../configuration/firewall/general.rst:13
#: ../../configuration/firewall/general-legacy.rst:17
msgid "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
msgstr "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
@@ -17737,7 +16960,7 @@ msgstr "VyOS not only can now manage certificates issued by 3rd party Certificat
msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
msgstr "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
-#: ../../configuration/pki/index.rst:254
+#: ../../configuration/pki/index.rst:292
msgid "VyOS operational mode commands are not only available for generating keys but also to display them."
msgstr "VyOS operational mode commands are not only available for generating keys but also to display them."
@@ -17773,7 +16996,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an
msgid "VyOS provides some operational commands on OpenVPN."
msgstr "VyOS provides some operational commands on OpenVPN."
-#: ../../configuration/service/dhcp-server.rst:173
+#: ../../configuration/service/dhcp-server.rst:138
msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
msgstr "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
@@ -17781,7 +17004,11 @@ msgstr "VyOS provides support for DHCP failover. DHCP failover must be configure
msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
msgstr "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
-#: ../../configuration/protocols/igmp.rst:30
+#: ../../configuration/protocols/pim.rst:9
+msgid "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+msgstr "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+
+#: ../../configuration/protocols/pim.rst:26
msgid "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
msgstr "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
@@ -17793,11 +17020,15 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec
msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
+#: ../../configuration/system/updates.rst:5
+msgid "VyOS supports online checking for updates"
+msgstr "VyOS supports online checking for updates"
+
#: ../../configuration/system/sflow.rst:5
msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
-#: ../../configuration/system/conntrack.rst:53
+#: ../../configuration/system/conntrack.rst:67
msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
@@ -17809,13 +17040,19 @@ msgstr "VyOS supports setting up PPPoE in two different ways to a PPPoE internet
msgid "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
msgstr "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
+#: ../../configuration/service/dhcp-server.rst:7
+msgid "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+msgstr "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+
+#: ../../configuration/system/frr.rst:7
+msgid "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+msgstr "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+
#: ../../configuration/interfaces/wwan.rst:12
msgid "VyOS uses the `interfaces wwan` subsystem for configuration."
msgstr "VyOS uses the `interfaces wwan` subsystem for configuration."
#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
msgid "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
msgstr "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
@@ -17839,7 +17076,7 @@ msgstr "VyOS utilizes accel-ppp_ to provide SSTP server functionality. We suppor
msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
msgstr "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
-#: ../../configuration/vpn/site2site_ipsec.rst:160
+#: ../../configuration/vpn/site2site_ipsec.rst:164
msgid "WAN interface on `eth1`"
msgstr "WAN interface on `eth1`"
@@ -17876,7 +17113,7 @@ msgstr "Warning conditions"
msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
-#: ../../configuration/nat/nat44.rst:760
+#: ../../configuration/nat/nat44.rst:782
msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
@@ -17896,7 +17133,7 @@ msgstr "We can also create the certificates using Cerbort which is an easy-to-us
msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
-#: ../../configuration/protocols/bgp.rst:1248
+#: ../../configuration/protocols/bgp.rst:1249
msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny."
msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny."
@@ -17924,7 +17161,7 @@ msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles.
msgid "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
msgstr "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
-#: ../../configuration/nat/nat44.rst:699
+#: ../../configuration/nat/nat44.rst:723
msgid "We only need a single step for this interface:"
msgstr "We only need a single step for this interface:"
@@ -17932,11 +17169,15 @@ msgstr "We only need a single step for this interface:"
msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
-#: ../../configuration/system/login.rst:418
+#: ../../configuration/system/login.rst:420
msgid "We use a vontainer providing the TACACS serve rin this example."
msgstr "We use a vontainer providing the TACACS serve rin this example."
-#: ../../configuration/service/dhcp-server.rst:364
+#: ../../configuration/firewall/flowtables.rst:114
+msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+
+#: ../../configuration/service/dhcp-server.rst:331
msgid "Web Proxy Autodiscovery (WPAD) URL"
msgstr "Web Proxy Autodiscovery (WPAD) URL"
@@ -17944,19 +17185,31 @@ msgstr "Web Proxy Autodiscovery (WPAD) URL"
msgid "Webproxy"
msgstr "Webproxy"
+#: ../../configuration/service/https.rst:40
+msgid "Webserver should listen on specified port."
+msgstr "Webserver should listen on specified port."
+
+#: ../../configuration/service/https.rst:36
+msgid "Webserver should only listen on specified IP address"
+msgstr "Webserver should only listen on specified IP address"
+
#: ../../configuration/protocols/mpls.rst:220
msgid "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
msgstr "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
+#: ../../configuration/protocols/pim.rst:75
+msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+
#: ../../configuration/vrf/index.rst:73
msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
-#: ../../configuration/service/dns.rst:341
+#: ../../configuration/service/dns.rst:354
msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
-#: ../../configuration/service/dns.rst:334
+#: ../../configuration/service/dns.rst:347
msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
msgstr "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
@@ -17980,7 +17233,11 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from
msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
-#: ../../configuration/service/pppoe-server.rst:182
+#: ../../configuration/service/dns.rst:155
+msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+
+#: ../../configuration/service/pppoe-server.rst:169
msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
@@ -17996,11 +17253,13 @@ msgstr "When configuring your filter, you can use the ``Tab`` key to see the man
msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
-#: ../../configuration/firewall/general.rst:521
+#: ../../configuration/firewall/bridge.rst:210
+#: ../../configuration/firewall/ipv4.rst:290
+#: ../../configuration/firewall/ipv6.rst:290
msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
-#: ../../configuration/nat/nat44.rst:299
+#: ../../configuration/nat/nat44.rst:311
msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
@@ -18031,21 +17290,6 @@ msgid "When mathcing all patterns defined in a rule, then different actions can
msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table."
#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
@@ -18053,21 +17297,10 @@ msgstr "When no-release is specified, dhcp6c will send a release message on clie
msgid "When no options/parameters are used, the contents of the main syslog file are displayed."
msgstr "When no options/parameters are used, the contents of the main syslog file are displayed."
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
+#: ../../configuration/protocols/pim.rst:65
+msgid "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+msgstr "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+
#: ../../_include/interface-dhcpv6-options.txt:40
msgid "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
@@ -18080,6 +17313,10 @@ msgstr "When remote peer does not have capability negotiation feature, remote pe
msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
+#: ../../configuration/protocols/pim.rst:113
+msgid "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+msgstr "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+
#: ../../configuration/interfaces/pppoe.rst:108
msgid "When set the interface is enabled for \"dial-on-demand\"."
msgstr "When set the interface is enabled for \"dial-on-demand\"."
@@ -18097,37 +17334,19 @@ msgstr "When starting a VyOS live system (the installation CD) the configured ke
msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
msgstr "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
-#: ../../configuration/vpn/site2site_ipsec.rst:407
+#: ../../configuration/vpn/site2site_ipsec.rst:416
msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
msgstr "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
-#: ../../configuration/firewall/general.rst:106
-#: ../../configuration/firewall/general-legacy.rst:58
+#: ../../configuration/firewall/global-options.rst:43
msgid "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
msgstr "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
-#: ../../configuration/firewall/general.rst:115
-#: ../../configuration/firewall/general-legacy.rst:67
+#: ../../configuration/firewall/global-options.rst:52
msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
@@ -18135,11 +17354,11 @@ msgstr "When using DHCP to retrieve IPv4 address and if local customizations are
msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
-#: ../../configuration/nat/nat44.rst:351
+#: ../../configuration/nat/nat44.rst:365
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
-#: ../../configuration/nat/nat44.rst:238
+#: ../../configuration/nat/nat44.rst:250
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
@@ -18147,7 +17366,7 @@ msgstr "When using NAT for a large number of host systems it recommended that a
msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
-#: ../../configuration/vpn/openconnect.rst:215
+#: ../../configuration/vpn/openconnect.rst:222
msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
msgstr "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
@@ -18171,47 +17390,35 @@ msgstr "Where, main key words and configuration paths that needs to be understoo
msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
+#: ../../configuration/firewall/ipv4.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+
+#: ../../configuration/firewall/ipv6.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+
#: ../../configuration/protocols/bgp.rst:86
msgid "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
msgstr "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
msgid "Whether to accept DAD (Duplicate Address Detection)."
msgstr "Whether to accept DAD (Duplicate Address Detection)."
-#: ../../configuration/nat/nat44.rst:330
+#: ../../configuration/nat/nat44.rst:342
msgid "Which generates the following configuration:"
msgstr "Which generates the following configuration:"
-#: ../../configuration/nat/nat44.rst:444
+#: ../../configuration/nat/nat44.rst:458
msgid "Which results in a configuration of:"
msgstr "Which results in a configuration of:"
-#: ../../configuration/nat/nat44.rst:522
+#: ../../configuration/nat/nat44.rst:542
msgid "Which would generate the following NAT destination configuration:"
msgstr "Which would generate the following NAT destination configuration:"
-#: ../../configuration/firewall/general.rst:217
-#: ../../configuration/firewall/general-legacy.rst:193
+#: ../../configuration/firewall/groups.rst:44
msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
@@ -18293,7 +17500,7 @@ msgstr "Wireless options"
msgid "Wireless options (Station/Client)"
msgstr "Wireless options (Station/Client)"
-#: ../../configuration/firewall/index.rst:23
+#: ../../configuration/firewall/index.rst:7
msgid "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
msgstr "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
@@ -18305,8 +17512,7 @@ msgstr "With WireGuard, a Road Warrior VPN config is similar to a site-to-site V
msgid "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
-#: ../../configuration/firewall/general.rst:94
-#: ../../configuration/firewall/general-legacy.rst:46
+#: ../../configuration/firewall/global-options.rst:31
msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
@@ -18314,29 +17520,29 @@ msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, o
msgid "With this command, you can specify how the URL path should be matched against incoming requests."
msgstr "With this command, you can specify how the URL path should be matched against incoming requests."
-#: ../../configuration/firewall/index.rst:73
+#: ../../configuration/firewall/index.rst:166
msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
-#: ../../configuration/service/dhcp-server.rst:290
-#: ../../configuration/service/dhcp-server.rst:295
-#: ../../configuration/service/dhcp-server.rst:300
-#: ../../configuration/service/dhcp-server.rst:310
-#: ../../configuration/service/dhcp-server.rst:315
-#: ../../configuration/service/dhcp-server.rst:345
-#: ../../configuration/service/dhcp-server.rst:350
-#: ../../configuration/service/dhcp-server.rst:355
-#: ../../configuration/service/dhcp-server.rst:375
-#: ../../configuration/service/dhcp-server.rst:380
-#: ../../configuration/service/dhcp-server.rst:390
+#: ../../configuration/service/dhcp-server.rst:257
+#: ../../configuration/service/dhcp-server.rst:262
+#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:357
msgid "Y"
msgstr "Y"
-#: ../../configuration/firewall/zone.rst:99
+#: ../../configuration/firewall/zone.rst:118
msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
-#: ../../configuration/system/login.rst:363
+#: ../../configuration/system/login.rst:365
msgid "You are able to set post-login or pre-login banner messages to display certain information for this system."
msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system."
@@ -18348,24 +17554,23 @@ msgstr "You are be able to download the files using SCP, once the SSH service ha
msgid "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
msgstr "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
-#: ../../configuration/system/conntrack.rst:86
+#: ../../configuration/system/conntrack.rst:99
msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
msgstr "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
-#: ../../configuration/service/dns.rst:299
+#: ../../configuration/service/dns.rst:312
msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
-#: ../../configuration/system/ipv6.rst:106
+#: ../../configuration/system/ipv6.rst:107
msgid "You can also specify which IPv6 access-list should be shown:"
msgstr "You can also specify which IPv6 access-list should be shown:"
-#: ../../configuration/protocols/igmp.rst:121
#: ../../configuration/protocols/pim6.rst:42
msgid "You can also tune multicast with the following commands."
msgstr "You can also tune multicast with the following commands."
-#: ../../configuration/service/pppoe-server.rst:152
+#: ../../configuration/service/pppoe-server.rst:139
msgid "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
msgstr "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
@@ -18377,7 +17582,7 @@ msgstr "You can also write a description for a filter:"
msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key."
msgstr "You can assign multiple keys to the same user by using a unique identifier per SSH key."
-#: ../../configuration/nat/nat44.rst:386
+#: ../../configuration/nat/nat44.rst:400
msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
@@ -18402,11 +17607,6 @@ msgid "You can configure multiple interfaces which whould participate in sflow a
msgstr "You can configure multiple interfaces which whould participate in sflow accounting."
#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
@@ -18414,7 +17614,7 @@ msgstr "You can create multiple VLAN interfaces on a physical interface. The VLA
msgid "You can disable a VRRP group with ``disable`` option:"
msgstr "You can disable a VRRP group with ``disable`` option:"
-#: ../../configuration/system/ipv6.rst:148
+#: ../../configuration/system/ipv6.rst:122
msgid "You can get more specific OSPFv3 information by using the parameters shown below:"
msgstr "You can get more specific OSPFv3 information by using the parameters shown below:"
@@ -18422,15 +17622,15 @@ msgstr "You can get more specific OSPFv3 information by using the parameters sho
msgid "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
msgstr "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
-#: ../../configuration/service/mdns.rst:30
+#: ../../configuration/service/mdns.rst:46
msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
-#: ../../configuration/vpn/sstp.rst:320
+#: ../../configuration/vpn/sstp.rst:332
msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
-#: ../../configuration/system/login.rst:441
+#: ../../configuration/system/login.rst:443
msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
@@ -18442,7 +17642,7 @@ msgstr "You can only apply one policy per interface and direction, but you could
msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
-#: ../../configuration/service/dhcp-server.rst:211
+#: ../../configuration/service/dhcp-server.rst:176
msgid "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
msgstr "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
@@ -18462,7 +17662,7 @@ msgstr "You can verify your VRRP group status with the operational mode ``run sh
msgid "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
msgstr "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
-#: ../../configuration/protocols/ospf.rst:1342
+#: ../../configuration/protocols/ospf.rst:1344
msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
@@ -18482,7 +17682,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated
msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
-#: ../../configuration/firewall/zone.rst:39
+#: ../../configuration/firewall/zone.rst:58
msgid "You need 2 separate firewalls to define traffic: one for each direction."
msgstr "You need 2 separate firewalls to define traffic: one for each direction."
@@ -18534,7 +17734,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro
msgid "Zone-Policy Overview"
msgstr "Zone-Policy Overview"
-#: ../../configuration/firewall/index.rst:66
+#: ../../configuration/firewall/index.rst:159
msgid "Zone-based firewall"
msgstr "Zone-based firewall"
@@ -18587,25 +17787,6 @@ msgid ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a ne
msgstr ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources."
#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
msgid ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
msgstr ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
@@ -18625,7 +17806,7 @@ msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally
msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
-#: ../../configuration/protocols/igmp.rst:181
+#: ../../configuration/protocols/igmp-proxy.rst:9
msgid ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
msgstr ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
@@ -18637,7 +17818,7 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc
msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
-#: ../../configuration/vrf/index.rst:399
+#: ../../configuration/vrf/index.rst:401
msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
@@ -18657,6 +17838,10 @@ msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys
msgid ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
msgstr ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
+#: ../../configuration/nat/nat64.rst:7
+msgid ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+msgstr ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+
#: ../../configuration/nat/nat44.rst:7
msgid ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
msgstr ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
@@ -18685,6 +17870,10 @@ msgstr ":abbr:`NTP (Network Time Protocol`) is a networking protocol for clock s
msgid ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
msgstr ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
+#: ../../configuration/protocols/pim.rst:12
+msgid ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+msgstr ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+
#: ../../configuration/interfaces/pppoe.rst:9
msgid ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
msgstr ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
@@ -18706,28 +17895,13 @@ msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementat
msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:"
#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
msgid ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
msgstr ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
+#: ../../configuration/nat/nat64.rst:28
+msgid ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+msgstr ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+
#: ../../configuration/nat/nat44.rst:78
msgid ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
msgstr ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
@@ -18877,25 +18051,10 @@ msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
-#: ../../configuration/service/dns.rst:217
+#: ../../configuration/service/dns.rst:230
msgid ":rfc:`2136` Based"
msgstr ":rfc:`2136` Based"
@@ -18923,7 +18082,7 @@ msgstr "`3. Add a full path to the script`_"
msgid "`4. Add optional parameters`_"
msgstr "`4. Add optional parameters`_"
-#: ../../configuration/service/dhcp-server.rst:189
+#: ../../configuration/service/dhcp-server.rst:154
msgid "`<name>` must be identical on both sides!"
msgstr "`<name>` must be identical on both sides!"
@@ -18952,42 +18111,10 @@ msgid "``-`` failed"
msgstr "``-`` failed"
#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
msgid "``/config/scripts/dhcp-client/post-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/post-hooks.d/``"
#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
msgid "``/config/scripts/dhcp-client/pre-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/pre-hooks.d/``"
@@ -19063,6 +18190,10 @@ msgstr "``4800`` - 4800 bps"
msgid "``57600`` - 57,600 bps"
msgstr "``57600`` - 57,600 bps"
+#: ../../configuration/nat/nat64.rst:31
+msgid "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+
#: ../../configuration/interfaces/bonding.rst:43
msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
@@ -19095,15 +18226,17 @@ msgstr "``a`` - 802.11a - 54 Mbits/sec"
msgid "``ac`` - 802.11ac - 1300 Mbits/sec"
msgstr "``ac`` - 802.11ac - 1300 Mbits/sec"
-#: ../../configuration/policy/route-map.rst:373
+#: ../../configuration/policy/route-map.rst:375
msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
msgstr "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
-#: ../../configuration/policy/route-map.rst:366
+#: ../../configuration/policy/route-map.rst:368
msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
-#: ../../configuration/firewall/general.rst:334
+#: ../../configuration/firewall/bridge.rst:72
+#: ../../configuration/firewall/ipv4.rst:88
+#: ../../configuration/firewall/ipv6.rst:88
msgid "``accept``: accept the packet."
msgstr "``accept``: accept the packet."
@@ -19135,7 +18268,7 @@ msgstr "``all-available`` all checking target addresses must be available to pas
msgid "``any-available`` any of the checking target addresses must be available to pass this check"
msgstr "``any-available`` any of the checking target addresses must be available to pass this check"
-#: ../../configuration/vpn/site2site_ipsec.rst:376
+#: ../../configuration/vpn/site2site_ipsec.rst:385
msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
@@ -19163,7 +18296,7 @@ msgstr "``bgp`` - Border Gateway Protocol (BGP)"
msgid "``bind`` - select a VTI interface to bind to this peer;"
msgstr "``bind`` - select a VTI interface to bind to this peer;"
-#: ../../configuration/policy/route-map.rst:374
+#: ../../configuration/policy/route-map.rst:376
msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
msgstr "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
@@ -19191,7 +18324,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating
msgid "``clear`` set action to clear;"
msgstr "``clear`` set action to clear;"
-#: ../../configuration/vpn/site2site_ipsec.rst:402
+#: ../../configuration/vpn/site2site_ipsec.rst:411
msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
msgstr "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
@@ -19215,6 +18348,12 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)"
msgid "``connection-type`` - how to handle this connection process. Possible variants:"
msgstr "``connection-type`` - how to handle this connection process. Possible variants:"
+#: ../../configuration/firewall/bridge.rst:74
+#: ../../configuration/firewall/ipv4.rst:90
+#: ../../configuration/firewall/ipv6.rst:90
+msgid "``continue``: continue parsing next rule."
+msgstr "``continue``: continue parsing next rule."
+
#: ../../configuration/vpn/site2site_ipsec.rst:62
msgid "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
@@ -19223,7 +18362,7 @@ msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check
msgid "``d`` - Execution interval in days"
msgstr "``d`` - Execution interval in days"
-#: ../../configuration/vpn/site2site_ipsec.rst:391
+#: ../../configuration/vpn/site2site_ipsec.rst:400
msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
@@ -19255,7 +18394,7 @@ msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec con
msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
-#: ../../configuration/vpn/site2site_ipsec.rst:387
+#: ../../configuration/vpn/site2site_ipsec.rst:396
msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
@@ -19279,7 +18418,9 @@ msgstr "``disable`` disable IPComp compression (default);"
msgid "``disable`` disable MOBIKE;"
msgstr "``disable`` disable MOBIKE;"
-#: ../../configuration/firewall/general.rst:336
+#: ../../configuration/firewall/bridge.rst:76
+#: ../../configuration/firewall/ipv4.rst:92
+#: ../../configuration/firewall/ipv6.rst:92
msgid "``drop``: drop the packet."
msgstr "``drop``: drop the packet."
@@ -19347,6 +18488,10 @@ msgstr "``file`` - path to the key file;"
msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+#: ../../configuration/vpn/ipsec.rst:164
+msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+
#: ../../configuration/vpn/site2site_ipsec.rst:97
msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
@@ -19355,7 +18500,7 @@ msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagr
msgid "``g`` - 802.11g - 54 Mbits/sec (default)"
msgstr "``g`` - 802.11g - 54 Mbits/sec (default)"
-#: ../../configuration/policy/route-map.rst:365
+#: ../../configuration/policy/route-map.rst:367
msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
@@ -19435,7 +18580,7 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which
msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
-#: ../../configuration/policy/route-map.rst:364
+#: ../../configuration/policy/route-map.rst:366
msgid "``internet`` - Well-known communities value 0"
msgstr "``internet`` - Well-known communities value 0"
@@ -19447,7 +18592,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);"
msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)"
msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)"
-#: ../../configuration/firewall/general.rst:340
+#: ../../configuration/firewall/bridge.rst:78
+#: ../../configuration/firewall/ipv4.rst:96
+#: ../../configuration/firewall/ipv6.rst:96
msgid "``jump``: jump to another custom chain."
msgstr "``jump``: jump to another custom chain."
@@ -19471,6 +18618,10 @@ msgstr "``latency``: A server profile focused on lowering network latency. This
msgid "``least-connection`` Distributes requests to the server with the fewest active connections"
msgstr "``least-connection`` Distributes requests to the server with the fewest active connections"
+#: ../../configuration/loadbalancing/reverse-proxy.rst:108
+msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+
#: ../../configuration/vpn/ipsec.rst:125
msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
@@ -19491,7 +18642,7 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);"
msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
msgstr "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
-#: ../../configuration/policy/route-map.rst:371
+#: ../../configuration/policy/route-map.rst:373
msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
msgstr "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
@@ -19499,7 +18650,7 @@ msgstr "``llgr-stale`` - Well-known communities value LLGR_STA
msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
msgstr "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
-#: ../../configuration/policy/route-map.rst:361
+#: ../../configuration/policy/route-map.rst:363
msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
msgstr "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
@@ -19564,78 +18715,62 @@ msgid "``n`` - 802.11n - 600 Mbits/sec"
msgstr "``n`` - 802.11n - 600 Mbits/sec"
#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
-#: ../../configuration/firewall/general.rst:142
-#: ../../configuration/firewall/general-legacy.rst:93
+#: ../../configuration/firewall/global-options.rst:79
msgid "``net.ipv4.conf.all.accept_redirects``"
msgstr "``net.ipv4.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:132
-#: ../../configuration/firewall/general-legacy.rst:84
+#: ../../configuration/firewall/global-options.rst:69
msgid "``net.ipv4.conf.all.accept_source_route``"
msgstr "``net.ipv4.conf.all.accept_source_route``"
-#: ../../configuration/firewall/general.rst:157
-#: ../../configuration/firewall/general-legacy.rst:108
+#: ../../configuration/firewall/global-options.rst:94
msgid "``net.ipv4.conf.all.log_martians``"
msgstr "``net.ipv4.conf.all.log_martians``"
-#: ../../configuration/firewall/general.rst:165
-#: ../../configuration/firewall/general-legacy.rst:115
+#: ../../configuration/firewall/global-options.rst:102
msgid "``net.ipv4.conf.all.rp_filter``"
msgstr "``net.ipv4.conf.all.rp_filter``"
-#: ../../configuration/firewall/general.rst:150
-#: ../../configuration/firewall/general-legacy.rst:101
+#: ../../configuration/firewall/global-options.rst:87
msgid "``net.ipv4.conf.all.send_redirects``"
msgstr "``net.ipv4.conf.all.send_redirects``"
-#: ../../configuration/firewall/general.rst:124
-#: ../../configuration/firewall/general-legacy.rst:76
+#: ../../configuration/firewall/global-options.rst:61
msgid "``net.ipv4.icmp_echo_ignore_broadcasts``"
msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``"
-#: ../../configuration/firewall/general.rst:180
-#: ../../configuration/firewall/general-legacy.rst:129
+#: ../../configuration/firewall/global-options.rst:117
msgid "``net.ipv4.tcp_rfc1337``"
msgstr "``net.ipv4.tcp_rfc1337``"
-#: ../../configuration/firewall/general.rst:172
-#: ../../configuration/firewall/general-legacy.rst:122
+#: ../../configuration/firewall/global-options.rst:109
msgid "``net.ipv4.tcp_syncookies``"
msgstr "``net.ipv4.tcp_syncookies``"
-#: ../../configuration/firewall/general.rst:143
-#: ../../configuration/firewall/general-legacy.rst:94
+#: ../../configuration/firewall/global-options.rst:80
msgid "``net.ipv6.conf.all.accept_redirects``"
msgstr "``net.ipv6.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:133
-#: ../../configuration/firewall/general-legacy.rst:85
+#: ../../configuration/firewall/global-options.rst:70
msgid "``net.ipv6.conf.all.accept_source_route``"
msgstr "``net.ipv6.conf.all.accept_source_route``"
-#: ../../configuration/policy/route-map.rst:362
+#: ../../configuration/policy/route-map.rst:364
msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
msgstr "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
-#: ../../configuration/policy/route-map.rst:363
+#: ../../configuration/policy/route-map.rst:365
msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
msgstr "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
-#: ../../configuration/policy/route-map.rst:372
+#: ../../configuration/policy/route-map.rst:374
msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
msgstr "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
-#: ../../configuration/policy/route-map.rst:375
+#: ../../configuration/policy/route-map.rst:377
msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
msgstr "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
@@ -19740,7 +18875,9 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en
msgid "``psk`` - Preshared secret key name:"
msgstr "``psk`` - Preshared secret key name:"
-#: ../../configuration/firewall/general.rst:345
+#: ../../configuration/firewall/bridge.rst:83
+#: ../../configuration/firewall/ipv4.rst:101
+#: ../../configuration/firewall/ipv6.rst:101
msgid "``queue``: Enqueue packet to userspace."
msgstr "``queue``: Enqueue packet to userspace."
@@ -19748,7 +18885,8 @@ msgstr "``queue``: Enqueue packet to userspace."
msgid "``rate``: Number of packets. Default 5."
msgstr "``rate``: Number of packets. Default 5."
-#: ../../configuration/firewall/general.rst:338
+#: ../../configuration/firewall/ipv4.rst:94
+#: ../../configuration/firewall/ipv6.rst:94
msgid "``reject``: reject the packet."
msgstr "``reject``: reject the packet."
@@ -19781,7 +18919,9 @@ msgstr "``respond`` - does not try to initiate a connection to a remote peer. In
msgid "``restart`` set action to restart;"
msgstr "``restart`` set action to restart;"
-#: ../../configuration/firewall/general.rst:342
+#: ../../configuration/firewall/bridge.rst:80
+#: ../../configuration/firewall/ipv4.rst:98
+#: ../../configuration/firewall/ipv6.rst:98
msgid "``return``: Return from the current chain and continue at the next rule of the last chain."
msgstr "``return``: Return from the current chain and continue at the next rule of the last chain."
@@ -19801,19 +18941,19 @@ msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential ord
msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
-#: ../../configuration/policy/route-map.rst:367
+#: ../../configuration/policy/route-map.rst:369
msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
msgstr "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
-#: ../../configuration/policy/route-map.rst:369
+#: ../../configuration/policy/route-map.rst:371
msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
msgstr "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
-#: ../../configuration/policy/route-map.rst:368
+#: ../../configuration/policy/route-map.rst:370
msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
msgstr "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
-#: ../../configuration/policy/route-map.rst:370
+#: ../../configuration/policy/route-map.rst:372
msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
@@ -19829,6 +18969,31 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se
msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
+#: ../../configuration/firewall/index.rst:90
+msgid "``set firewall bridge forward filter ...``."
+msgstr "``set firewall bridge forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:61
+msgid "``set firewall ipv4 forward filter ...``."
+msgstr "``set firewall ipv4 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:72
+msgid "``set firewall ipv4 input filter ...``."
+msgstr "``set firewall ipv4 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:63
+msgid "``set firewall ipv6 forward filter ...``."
+msgstr "``set firewall ipv6 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:56
+msgid "``set firewall ipv6 input filter ...``."
+msgstr "``set firewall ipv6 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:74
+msgid "``set firewall ipv6 output filter ...``."
+msgstr "``set firewall ipv6 output filter ...``."
+
#: ../../configuration/interfaces/wireless.rst:238
msgid "``single-user-beamformee`` - Support for operation as single user beamformee"
msgstr "``single-user-beamformee`` - Support for operation as single user beamformee"
@@ -19877,7 +19042,8 @@ msgstr "``static`` - Statically configured routes"
msgid "``station`` - Connects to another access point"
msgstr "``station`` - Connects to another access point"
-#: ../../configuration/firewall/general.rst:347
+#: ../../configuration/firewall/ipv4.rst:103
+#: ../../configuration/firewall/ipv6.rst:103
msgid "``synproxy``: synproxy the packet."
msgstr "``synproxy``: synproxy the packet."
@@ -19961,10 +19127,18 @@ msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defi
msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
+#: ../../configuration/vpn/site2site_ipsec.rst:152
+msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+
#: ../../configuration/vpn/ipsec.rst:168
msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
+#: ../../configuration/vpn/ipsec.rst:168
+msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+
#: ../../configuration/policy/route-map.rst:175
msgid "``vnc`` - Virtual Network Control (VNC)"
msgstr "``vnc`` - Virtual Network Control (VNC)"
@@ -19993,7 +19167,7 @@ msgstr "``yes`` enable remote host re-authentication during an IKE rekey;"
msgid "`source-address` and `source-interface` can not be used at the same time."
msgstr "`source-address` and `source-interface` can not be used at the same time."
-#: ../../configuration/protocols/rpki.rst:16
+#: ../../configuration/protocols/rpki.rst:12
msgid "`tweet by EvilMog`_, 2020-02-21"
msgstr "`tweet by EvilMog`_, 2020-02-21"
@@ -20005,8 +19179,8 @@ msgstr "a bandwidth test over the VPN got these results:"
msgid "a blank indicates that no test has been carried out"
msgstr "a blank indicates that no test has been carried out"
-#: ../../configuration/nat/nat44.rst:728
-#: ../../configuration/nat/nat44.rst:733
+#: ../../configuration/nat/nat44.rst:750
+#: ../../configuration/nat/nat44.rst:755
msgid "aes256 Encryption"
msgstr "aes256 Encryption"
@@ -20020,7 +19194,7 @@ msgstr "alert"
msgid "all"
msgstr "all"
-#: ../../configuration/vrf/index.rst:426
+#: ../../configuration/vrf/index.rst:428
msgid "an RD / RTLIST"
msgstr "an RD / RTLIST"
@@ -20052,27 +19226,31 @@ msgstr "auto - interface duplex setting is auto-negotiated"
msgid "auto - interface speed is auto-negotiated"
msgstr "auto - interface speed is auto-negotiated"
+#: ../../configuration/system/frr.rst:32
+msgid "bgpd"
+msgstr "bgpd"
+
#: ../../configuration/service/router-advert.rst:13
msgid "bonding"
msgstr "bonding"
-#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:305
msgid "boot-size"
msgstr "boot-size"
-#: ../../configuration/service/dhcp-server.rst:331
+#: ../../configuration/service/dhcp-server.rst:298
msgid "bootfile-name"
msgstr "bootfile-name"
-#: ../../configuration/service/dhcp-server.rst:333
+#: ../../configuration/service/dhcp-server.rst:300
msgid "bootfile-name, filename"
msgstr "bootfile-name, filename"
-#: ../../configuration/service/dhcp-server.rst:321
+#: ../../configuration/service/dhcp-server.rst:288
msgid "bootfile-server"
msgstr "bootfile-server"
-#: ../../configuration/service/dhcp-server.rst:336
+#: ../../configuration/service/dhcp-server.rst:303
msgid "bootfile-size"
msgstr "bootfile-size"
@@ -20080,7 +19258,7 @@ msgstr "bootfile-size"
msgid "bridge"
msgstr "bridge"
-#: ../../configuration/service/dhcp-server.rst:269
+#: ../../configuration/service/dhcp-server.rst:236
msgid "client-prefix-length"
msgstr "client-prefix-length"
@@ -20112,11 +19290,11 @@ msgstr "daemon"
msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
-#: ../../configuration/service/dns.rst:205
+#: ../../configuration/service/dns.rst:218
msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
-#: ../../configuration/service/dns.rst:400
+#: ../../configuration/service/dns.rst:413
msgid "ddclient_ will skip any address located before the string set in `<pattern>`."
msgstr "ddclient_ will skip any address located before the string set in `<pattern>`."
@@ -20128,7 +19306,7 @@ msgstr "debug"
msgid "decrement-lifetime"
msgstr "decrement-lifetime"
-#: ../../configuration/service/dhcp-server.rst:368
+#: ../../configuration/service/dhcp-server.rst:335
msgid "default-lease-time, max-lease-time"
msgstr "default-lease-time, max-lease-time"
@@ -20140,7 +19318,7 @@ msgstr "default-lifetime"
msgid "default-preference"
msgstr "default-preference"
-#: ../../configuration/service/dhcp-server.rst:281
+#: ../../configuration/service/dhcp-server.rst:248
msgid "default-router"
msgstr "default-router"
@@ -20156,7 +19334,7 @@ msgstr "deprecate-prefix"
msgid "destination-hashing"
msgstr "destination-hashing"
-#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:285
msgid "dhcp-server-identifier"
msgstr "dhcp-server-identifier"
@@ -20168,28 +19346,9 @@ msgstr "direct"
msgid "directory"
msgstr "directory"
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/pppoe.rst:241
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/sstp-client.rst:113
#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
msgid "disable: No source validation"
msgstr "disable: No source validation"
@@ -20197,17 +19356,17 @@ msgstr "disable: No source validation"
msgid "dnssl"
msgstr "dnssl"
-#: ../../configuration/service/dhcp-server.rst:296
-#: ../../configuration/service/dhcp-server.rst:298
+#: ../../configuration/service/dhcp-server.rst:263
+#: ../../configuration/service/dhcp-server.rst:265
msgid "domain-name"
msgstr "domain-name"
-#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:260
msgid "domain-name-servers"
msgstr "domain-name-servers"
-#: ../../configuration/service/dhcp-server.rst:351
-#: ../../configuration/service/dhcp-server.rst:353
+#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:320
msgid "domain-search"
msgstr "domain-search"
@@ -20215,7 +19374,7 @@ msgstr "domain-search"
msgid "emerg"
msgstr "emerg"
-#: ../../configuration/firewall/general.rst:147
+#: ../../configuration/firewall/global-options.rst:84
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
@@ -20223,13 +19382,11 @@ msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following sy
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:139
-#: ../../configuration/firewall/general-legacy.rst:90
+#: ../../configuration/firewall/global-options.rst:76
msgid "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:154
-#: ../../configuration/firewall/general-legacy.rst:105
+#: ../../configuration/firewall/global-options.rst:91
msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
@@ -20245,11 +19402,11 @@ msgstr "ethernet"
msgid "exact-match: exact match of the network prefixes."
msgstr "exact-match: exact match of the network prefixes."
-#: ../../configuration/service/dhcp-server.rst:376
+#: ../../configuration/service/dhcp-server.rst:343
msgid "exclude"
msgstr "exclude"
-#: ../../configuration/service/dhcp-server.rst:381
+#: ../../configuration/service/dhcp-server.rst:348
msgid "failover"
msgstr "failover"
@@ -20318,11 +19475,15 @@ msgstr "invalid"
msgid "inverse-match: network/netmask to match (requires network be defined)."
msgstr "inverse-match: network/netmask to match (requires network be defined)."
-#: ../../configuration/service/dhcp-server.rst:301
-#: ../../configuration/service/dhcp-server.rst:303
+#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:270
msgid "ip-forwarding"
msgstr "ip-forwarding"
+#: ../../configuration/system/frr.rst:33
+msgid "isisd"
+msgstr "isisd"
+
#: ../../configuration/interfaces/ethernet.rst:90
msgid "it can be used with any NIC,"
msgstr "it can be used with any NIC,"
@@ -20339,7 +19500,11 @@ msgstr "kern"
msgid "l2tpv3"
msgstr "l2tpv3"
-#: ../../configuration/service/dhcp-server.rst:366
+#: ../../configuration/system/frr.rst:34
+msgid "ldpd"
+msgstr "ldpd"
+
+#: ../../configuration/service/dhcp-server.rst:333
msgid "lease"
msgstr "lease"
@@ -20347,19 +19512,19 @@ msgstr "lease"
msgid "least-connection"
msgstr "least-connection"
-#: ../../configuration/vpn/site2site_ipsec.rst:271
+#: ../../configuration/vpn/site2site_ipsec.rst:275
msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
msgstr "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
-#: ../../configuration/vpn/site2site_ipsec.rst:163
+#: ../../configuration/vpn/site2site_ipsec.rst:167
msgid "left local_ip: `198.51.100.3` # server side WAN IP"
msgstr "left local_ip: `198.51.100.3` # server side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:272
+#: ../../configuration/vpn/site2site_ipsec.rst:276
msgid "left public_ip:172.18.201.10"
msgstr "left public_ip:172.18.201.10"
-#: ../../configuration/vpn/site2site_ipsec.rst:161
+#: ../../configuration/vpn/site2site_ipsec.rst:165
msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
@@ -20439,28 +19604,9 @@ msgstr "logalert"
msgid "logaudit"
msgstr "logaudit"
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/pppoe.rst:237
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/sstp-client.rst:109
#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
@@ -20472,7 +19618,15 @@ msgstr "lpr"
msgid "mDNS Repeater"
msgstr "mDNS Repeater"
-#: ../../configuration/service/mdns.rst:28
+#: ../../configuration/service/mdns.rst:38
+msgid "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+msgstr "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+
+#: ../../configuration/service/mdns.rst:33
+msgid "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+
+#: ../../configuration/service/mdns.rst:29
msgid "mDNS repeater can be temporarily disabled without deleting the service using"
msgstr "mDNS repeater can be temporarily disabled without deleting the service using"
@@ -20512,12 +19666,12 @@ msgstr "more information related IGP - :ref:`routing-isis`"
msgid "more information related IGP - :ref:`routing-ospf`"
msgstr "more information related IGP - :ref:`routing-ospf`"
-#: ../../configuration/service/dhcp-server.rst:291
+#: ../../configuration/service/dhcp-server.rst:258
#: ../../configuration/service/router-advert.rst:1
msgid "name-server"
msgstr "name-server"
-#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:280
msgid "netbios-name-servers"
msgstr "netbios-name-servers"
@@ -20533,7 +19687,7 @@ msgstr "network: network/netmask to match (requires inverse-match be defined) BU
msgid "news"
msgstr "news"
-#: ../../configuration/service/dhcp-server.rst:323
+#: ../../configuration/service/dhcp-server.rst:290
msgid "next-server"
msgstr "next-server"
@@ -20557,11 +19711,11 @@ msgstr "notice"
msgid "ntp"
msgstr "ntp"
-#: ../../configuration/service/dhcp-server.rst:306
+#: ../../configuration/service/dhcp-server.rst:273
msgid "ntp-server"
msgstr "ntp-server"
-#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:275
msgid "ntp-servers"
msgstr "ntp-servers"
@@ -20573,6 +19727,14 @@ msgstr "one rule with a LAN (inbound-interface) and the WAN (interface)."
msgid "openvpn"
msgstr "openvpn"
+#: ../../configuration/system/frr.rst:35
+msgid "ospf6d"
+msgstr "ospf6d"
+
+#: ../../configuration/system/frr.rst:36
+msgid "ospfd"
+msgstr "ospfd"
+
#: ../../configuration/protocols/ospf.rst:207
msgid "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
msgstr "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
@@ -20601,8 +19763,8 @@ msgstr "policy extcommunity-list"
msgid "policy large-community-list"
msgstr "policy large-community-list"
-#: ../../configuration/service/dhcp-server.rst:346
-#: ../../configuration/service/dhcp-server.rst:348
+#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:315
msgid "pop-server"
msgstr "pop-server"
@@ -20619,8 +19781,8 @@ msgstr "prefix-list, distribute-list"
msgid "pseudo-ethernet"
msgstr "pseudo-ethernet"
-#: ../../configuration/service/dhcp-server.rst:371
-#: ../../configuration/service/dhcp-server.rst:373
+#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:340
msgid "range"
msgstr "range"
@@ -20636,7 +19798,7 @@ msgstr "reset commands"
msgid "retrans-timer"
msgstr "retrans-timer"
-#: ../../configuration/service/dhcp-server.rst:358
+#: ../../configuration/service/dhcp-server.rst:325
msgid "rfc3442-static-route, windows-static-route"
msgstr "rfc3442-static-route, windows-static-route"
@@ -20644,18 +19806,22 @@ msgstr "rfc3442-static-route, windows-static-route"
msgid "rfc3768-compatibility"
msgstr "rfc3768-compatibility"
-#: ../../configuration/vpn/site2site_ipsec.rst:273
+#: ../../configuration/vpn/site2site_ipsec.rst:277
msgid "right local_ip: 172.18.202.10 # right side WAN IP"
msgstr "right local_ip: 172.18.202.10 # right side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:165
+#: ../../configuration/vpn/site2site_ipsec.rst:169
msgid "right local_ip: `203.0.113.2` # remote office side WAN IP"
msgstr "right local_ip: `203.0.113.2` # remote office side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:164
+#: ../../configuration/vpn/site2site_ipsec.rst:168
msgid "right subnet: `10.0.0.0/24` site2,remote office side"
msgstr "right subnet: `10.0.0.0/24` site2,remote office side"
+#: ../../configuration/system/frr.rst:37
+msgid "ripd"
+msgstr "ripd"
+
#: ../../configuration/highavailability/index.rst:349
msgid "round-robin"
msgstr "round-robin"
@@ -20665,7 +19831,7 @@ msgstr "round-robin"
msgid "route-map"
msgstr "route-map"
-#: ../../configuration/service/dhcp-server.rst:283
+#: ../../configuration/service/dhcp-server.rst:250
msgid "routers"
msgstr "routers"
@@ -20682,7 +19848,7 @@ msgstr "sFlow is a technology that enables monitoring of network traffic by send
msgid "security"
msgstr "security"
-#: ../../configuration/service/dhcp-server.rst:316
+#: ../../configuration/service/dhcp-server.rst:283
msgid "server-identifier"
msgstr "server-identifier"
@@ -20694,8 +19860,8 @@ msgstr "server example"
msgid "set a destination and/or source address. Accepted input:"
msgstr "set a destination and/or source address. Accepted input:"
-#: ../../configuration/nat/nat44.rst:729
-#: ../../configuration/nat/nat44.rst:734
+#: ../../configuration/nat/nat44.rst:751
+#: ../../configuration/nat/nat44.rst:756
msgid "sha256 Hashes"
msgstr "sha256 Hashes"
@@ -20703,7 +19869,7 @@ msgstr "sha256 Hashes"
msgid "show commands"
msgstr "show commands"
-#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:289
msgid "siaddr"
msgstr "siaddr"
@@ -20711,8 +19877,8 @@ msgstr "siaddr"
msgid "slow: Request partner to transmit LACPDUs every 30 seconds"
msgstr "slow: Request partner to transmit LACPDUs every 30 seconds"
-#: ../../configuration/service/dhcp-server.rst:341
-#: ../../configuration/service/dhcp-server.rst:343
+#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:310
msgid "smtp-server"
msgstr "smtp-server"
@@ -20732,40 +19898,21 @@ msgstr "spoke01-spoke04"
msgid "spoke05"
msgstr "spoke05"
-#: ../../configuration/service/dhcp-server.rst:386
+#: ../../configuration/service/dhcp-server.rst:353
msgid "static-mapping"
msgstr "static-mapping"
-#: ../../configuration/service/dhcp-server.rst:356
+#: ../../configuration/service/dhcp-server.rst:323
msgid "static-route"
msgstr "static-route"
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/pppoe.rst:233
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/sstp-client.rst:105
#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
msgstr "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
-#: ../../configuration/service/dhcp-server.rst:271
+#: ../../configuration/service/dhcp-server.rst:238
msgid "subnet-mask"
msgstr "subnet-mask"
@@ -20781,8 +19928,8 @@ msgstr "tail"
msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
msgstr "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
-#: ../../configuration/service/dhcp-server.rst:326
-#: ../../configuration/service/dhcp-server.rst:328
+#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:295
msgid "tftp-server-name"
msgstr "tftp-server-name"
@@ -20791,16 +19938,16 @@ msgstr "tftp-server-name"
msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
msgstr "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
-#: ../../configuration/service/dhcp-server.rst:275
-#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:242
+#: ../../configuration/service/dhcp-server.rst:244
msgid "time-offset"
msgstr "time-offset"
-#: ../../configuration/service/dhcp-server.rst:286
+#: ../../configuration/service/dhcp-server.rst:253
msgid "time-server"
msgstr "time-server"
-#: ../../configuration/service/dhcp-server.rst:288
+#: ../../configuration/service/dhcp-server.rst:255
msgid "time-servers"
msgstr "time-servers"
@@ -20861,7 +20008,7 @@ msgstr "weighted-round-robin"
msgid "while a *byte* is written as a single **b**."
msgstr "while a *byte* is written as a single **b**."
-#: ../../configuration/service/dhcp-server.rst:311
+#: ../../configuration/service/dhcp-server.rst:278
msgid "wins-server"
msgstr "wins-server"
@@ -20877,14 +20024,18 @@ msgstr "wireless"
msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
msgstr "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
-#: ../../configuration/service/dhcp-server.rst:361
+#: ../../configuration/service/dhcp-server.rst:328
msgid "wpad-url"
msgstr "wpad-url"
-#: ../../configuration/service/dhcp-server.rst:363
+#: ../../configuration/service/dhcp-server.rst:330
msgid "wpad-url, wpad-url code 252 = text"
msgstr "wpad-url, wpad-url code 252 = text"
#: ../../configuration/service/router-advert.rst:23
msgid "wwan"
msgstr "wwan"
+
+#: ../../configuration/system/frr.rst:38
+msgid "zebra"
+msgstr "zebra"
diff --git a/docs/_locale/pt/contributing.pot b/docs/_locale/pt/contributing.pot
index 7abb4704..b804fb90 100644
--- a/docs/_locale/pt/contributing.pot
+++ b/docs/_locale/pt/contributing.pot
@@ -80,8 +80,8 @@ msgstr "A single, short, summary of the commit (recommended 50 characters or les
msgid "Abbreviations and acronyms **must** be capitalized."
msgstr "Abbreviations and acronyms **must** be capitalized."
-#: ../../contributing/build-vyos.rst:403
-#: ../../contributing/build-vyos.rst:591
+#: ../../contributing/build-vyos.rst:443
+#: ../../contributing/build-vyos.rst:631
msgid "Accel-PPP"
msgstr "Accel-PPP"
@@ -93,7 +93,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from
msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
-#: ../../contributing/testing.rst:99
+#: ../../contributing/testing.rst:100
msgid "Add one or more IP addresses"
msgstr "Add one or more IP addresses"
@@ -101,17 +101,17 @@ msgstr "Add one or more IP addresses"
msgid "Address"
msgstr "Address"
-#: ../../contributing/build-vyos.rst:800
+#: ../../contributing/build-vyos.rst:840
msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
msgstr "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
-#: ../../contributing/build-vyos.rst:627
-#: ../../contributing/build-vyos.rst:656
-#: ../../contributing/build-vyos.rst:691
+#: ../../contributing/build-vyos.rst:667
+#: ../../contributing/build-vyos.rst:696
+#: ../../contributing/build-vyos.rst:731
msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
msgstr "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
-#: ../../contributing/testing.rst:50
+#: ../../contributing/testing.rst:51
msgid "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
msgstr "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
@@ -147,23 +147,23 @@ msgstr "Always use the ``-x`` option to the ``git cherry-pick`` command when bac
msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
msgstr "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
-#: ../../contributing/build-vyos.rst:702
+#: ../../contributing/build-vyos.rst:742
msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
-#: ../../contributing/build-vyos.rst:831
+#: ../../contributing/build-vyos.rst:871
msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
-#: ../../contributing/testing.rst:56
+#: ../../contributing/testing.rst:57
msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
-#: ../../contributing/testing.rst:12
+#: ../../contributing/testing.rst:13
msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
msgstr "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
-#: ../../contributing/build-vyos.rst:777
+#: ../../contributing/build-vyos.rst:817
msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
msgstr "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
@@ -215,15 +215,15 @@ msgstr "Boot Timing"
msgid "Bug Report/Issue"
msgstr "Bug Report/Issue"
-#: ../../contributing/build-vyos.rst:785
+#: ../../contributing/build-vyos.rst:825
msgid "Build"
msgstr "Build"
-#: ../../contributing/build-vyos.rst:60
+#: ../../contributing/build-vyos.rst:122
msgid "Build Container"
msgstr "Build Container"
-#: ../../contributing/build-vyos.rst:182
+#: ../../contributing/build-vyos.rst:215
msgid "Build ISO"
msgstr "Build ISO"
@@ -231,31 +231,31 @@ msgstr "Build ISO"
msgid "Build VyOS"
msgstr "Build VyOS"
-#: ../../contributing/build-vyos.rst:85
+#: ../../contributing/build-vyos.rst:147
msgid "Build from source"
msgstr "Build from source"
-#: ../../contributing/build-vyos.rst:582
+#: ../../contributing/build-vyos.rst:622
msgid "Building Out-Of-Tree Modules"
msgstr "Building Out-Of-Tree Modules"
-#: ../../contributing/build-vyos.rst:435
+#: ../../contributing/build-vyos.rst:475
msgid "Building The Kernel"
msgstr "Building The Kernel"
-#: ../../contributing/build-vyos.rst:246
+#: ../../contributing/build-vyos.rst:286
msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
msgstr "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
-#: ../../contributing/build-vyos.rst:705
+#: ../../contributing/build-vyos.rst:745
msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
msgstr "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
-#: ../../contributing/build-vyos.rst:584
+#: ../../contributing/build-vyos.rst:624
msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
msgstr "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
-#: ../../contributing/build-vyos.rst:475
+#: ../../contributing/build-vyos.rst:515
msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
msgstr "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
@@ -275,7 +275,7 @@ msgstr "C++ Backend Code"
msgid "Capitalization and punctuation"
msgstr "Capitalization and punctuation"
-#: ../../contributing/build-vyos.rst:448
+#: ../../contributing/build-vyos.rst:488
msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
@@ -283,7 +283,7 @@ msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.j
msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
msgstr "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
-#: ../../contributing/build-vyos.rst:441
+#: ../../contributing/build-vyos.rst:481
msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
msgstr "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
@@ -299,7 +299,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic
msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
-#: ../../contributing/testing.rst:151
+#: ../../contributing/testing.rst:152
msgid "Config Load Tests"
msgstr "Config Load Tests"
@@ -323,11 +323,11 @@ msgstr "Consult the documentation_ to ensure that you have configured your syste
msgid "Continuous Integration"
msgstr "Continuous Integration"
-#: ../../contributing/build-vyos.rst:255
+#: ../../contributing/build-vyos.rst:295
msgid "Customize"
msgstr "Customize"
-#: ../../contributing/testing.rst:100
+#: ../../contributing/testing.rst:101
msgid "DHCP client and DHCPv6 prefix delegation"
msgstr "DHCP client and DHCPv6 prefix delegation"
@@ -335,19 +335,31 @@ msgstr "DHCP client and DHCPv6 prefix delegation"
msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
msgstr "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
-#: ../../contributing/build-vyos.rst:713
+#: ../../contributing/build-vyos.rst:753
msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
msgstr "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
+#: ../../contributing/build-vyos.rst:42
+msgid "Debian Bookworm for VyOS 1.4 (sagitta)"
+msgstr "Debian Bookworm for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:43
+msgid "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+msgstr "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+
#: ../../contributing/build-vyos.rst:154
msgid "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
msgstr "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
-#: ../../contributing/build-vyos.rst:153
+#: ../../contributing/build-vyos.rst:154
+msgid "Debian Bullseye for VyOS 1.4 (sagitta)"
+msgstr "Debian Bullseye for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:41
msgid "Debian Buster for VyOS 1.3 (equuleus)"
msgstr "Debian Buster for VyOS 1.3 (equuleus)"
-#: ../../contributing/build-vyos.rst:152
+#: ../../contributing/build-vyos.rst:40
msgid "Debian Jessie for VyOS 1.2 (crux)"
msgstr "Debian Jessie for VyOS 1.2 (crux)"
@@ -379,15 +391,15 @@ msgstr "Development"
msgid "Do not add angle brackets around the format, they will be inserted automatically"
msgstr "Do not add angle brackets around the format, they will be inserted automatically"
-#: ../../contributing/build-vyos.rst:33
+#: ../../contributing/build-vyos.rst:83
msgid "Docker"
msgstr "Docker"
-#: ../../contributing/build-vyos.rst:73
+#: ../../contributing/build-vyos.rst:135
msgid "Dockerhub"
msgstr "Dockerhub"
-#: ../../contributing/build-vyos.rst:50
+#: ../../contributing/build-vyos.rst:112
msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
@@ -395,6 +407,10 @@ msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recomm
msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
msgstr "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
+#: ../../contributing/build-vyos.rst:87
+msgid "Due to the updated version of Docker, the following examples may become invalid."
+msgstr "Due to the updated version of Docker, the following examples may become invalid."
+
#: ../../contributing/debugging.rst:172
msgid "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
msgstr "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
@@ -403,7 +419,7 @@ msgstr "During the migration and extensive rewrite of functionality from Perl in
msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
msgstr "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
-#: ../../contributing/build-vyos.rst:407
+#: ../../contributing/build-vyos.rst:447
msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
msgstr "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
@@ -420,7 +436,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl
msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit."
#: ../../contributing/development.rst:412
-#: ../../contributing/testing.rst:65
+#: ../../contributing/testing.rst:66
msgid "Example:"
msgstr "Example:"
@@ -453,11 +469,11 @@ msgstr "FRR"
msgid "Feature Request"
msgstr "Feature Request"
-#: ../../contributing/build-vyos.rst:560
+#: ../../contributing/build-vyos.rst:600
msgid "Firmware"
msgstr "Firmware"
-#: ../../contributing/build-vyos.rst:593
+#: ../../contributing/build-vyos.rst:633
msgid "First, clone the source code and check out the appropriate version by running:"
msgstr "First, clone the source code and check out the appropriate version by running:"
@@ -485,7 +501,7 @@ msgstr "For example, ``/tmp/vyos.ifconfig.debug`` can be created to enable inter
msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
msgstr "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
-#: ../../contributing/build-vyos.rst:170
+#: ../../contributing/build-vyos.rst:72
msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
msgstr "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
@@ -534,7 +550,7 @@ msgstr "Good: PPPoE, IPsec"
msgid "Good: RADIUS (as in remote authentication for dial-in user services)"
msgstr "Good: RADIUS (as in remote authentication for dial-in user services)"
-#: ../../contributing/build-vyos.rst:244
+#: ../../contributing/build-vyos.rst:284
msgid "Good luck!"
msgstr "Good luck!"
@@ -562,11 +578,11 @@ msgstr "Horrible: \"frobnication algorithm.\""
msgid "How can we reproduce this Bug?"
msgstr "How can we reproduce this Bug?"
-#: ../../contributing/testing.rst:102
+#: ../../contributing/testing.rst:103
msgid "IP and IPv6 options"
msgstr "IP and IPv6 options"
-#: ../../contributing/build-vyos.rst:308
+#: ../../contributing/build-vyos.rst:348
msgid "ISO Build Issues"
msgstr "ISO Build Issues"
@@ -590,11 +606,11 @@ msgstr "If applicable a reference to a previous commit should be made linking th
msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
-#: ../../contributing/build-vyos.rst:699
+#: ../../contributing/build-vyos.rst:739
msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
-#: ../../contributing/build-vyos.rst:562
+#: ../../contributing/build-vyos.rst:602
msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
@@ -622,7 +638,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di
msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
-#: ../../contributing/build-vyos.rst:554
+#: ../../contributing/build-vyos.rst:594
msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
@@ -638,7 +654,7 @@ msgstr "Include output"
msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
-#: ../../contributing/build-vyos.rst:810
+#: ../../contributing/build-vyos.rst:850
msgid "Install"
msgstr "Install"
@@ -646,7 +662,7 @@ msgstr "Install"
msgid "Install https://pypi.org/project/stdeb/"
msgstr "Install https://pypi.org/project/stdeb/"
-#: ../../contributing/build-vyos.rst:35
+#: ../../contributing/build-vyos.rst:85
msgid "Installing Docker_ and prerequisites:"
msgstr "Installing Docker_ and prerequisites:"
@@ -654,23 +670,23 @@ msgstr "Installing Docker_ and prerequisites:"
msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
-#: ../../contributing/build-vyos.rst:632
+#: ../../contributing/build-vyos.rst:672
msgid "Intel NIC"
msgstr "Intel NIC"
-#: ../../contributing/build-vyos.rst:404
+#: ../../contributing/build-vyos.rst:444
msgid "Intel NIC drivers"
msgstr "Intel NIC drivers"
-#: ../../contributing/build-vyos.rst:661
+#: ../../contributing/build-vyos.rst:701
msgid "Intel QAT"
msgstr "Intel QAT"
-#: ../../contributing/build-vyos.rst:405
+#: ../../contributing/build-vyos.rst:445
msgid "Inter QAT"
msgstr "Inter QAT"
-#: ../../contributing/testing.rst:90
+#: ../../contributing/testing.rst:91
msgid "Interface based tests"
msgstr "Interface based tests"
@@ -690,11 +706,11 @@ msgstr "It's an Ada program and requires GNAT and gprbuild for building, depende
msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
-#: ../../contributing/testing.rst:17
+#: ../../contributing/testing.rst:18
msgid "Jenkins CI"
msgstr "Jenkins CI"
-#: ../../contributing/build-vyos.rst:816
+#: ../../contributing/build-vyos.rst:856
msgid "Just install using the following commands:"
msgstr "Just install using the following commands:"
@@ -710,7 +726,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi
msgid "Kernel"
msgstr "Kernel"
-#: ../../contributing/build-vyos.rst:787
+#: ../../contributing/build-vyos.rst:827
msgid "Launch Docker container and build package"
msgstr "Launch Docker container and build package"
@@ -734,7 +750,7 @@ msgstr "Like any other project we have some small guidelines about our source co
msgid "Limits:"
msgstr "Limits:"
-#: ../../contributing/build-vyos.rst:390
+#: ../../contributing/build-vyos.rst:430
msgid "Linux Kernel"
msgstr "Linux Kernel"
@@ -742,7 +758,7 @@ msgstr "Linux Kernel"
msgid "Live System"
msgstr "Live System"
-#: ../../contributing/testing.rst:101
+#: ../../contributing/testing.rst:102
msgid "MTU size"
msgstr "MTU size"
@@ -750,11 +766,11 @@ msgstr "MTU size"
msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
-#: ../../contributing/testing.rst:60
+#: ../../contributing/testing.rst:61
msgid "Manual Smoketest Run"
msgstr "Manual Smoketest Run"
-#: ../../contributing/testing.rst:168
+#: ../../contributing/testing.rst:169
msgid "Manual config load test"
msgstr "Manual config load test"
@@ -770,7 +786,7 @@ msgstr "Migrating old CLI"
msgid "Move default values to scripts"
msgstr "Move default values to scripts"
-#: ../../contributing/build-vyos.rst:147
+#: ../../contributing/build-vyos.rst:35
msgid "Native Build"
msgstr "Native Build"
@@ -807,23 +823,23 @@ msgstr "None"
msgid "Notes"
msgstr "Notes"
-#: ../../contributing/build-vyos.rst:199
+#: ../../contributing/build-vyos.rst:236
msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
-#: ../../contributing/build-vyos.rst:184
+#: ../../contributing/build-vyos.rst:217
msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
-#: ../../contributing/build-vyos.rst:384
+#: ../../contributing/build-vyos.rst:424
msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
-#: ../../contributing/build-vyos.rst:469
+#: ../../contributing/build-vyos.rst:509
msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
-#: ../../contributing/build-vyos.rst:133
+#: ../../contributing/build-vyos.rst:199
msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
@@ -831,7 +847,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t
msgid "Old concept/syntax"
msgstr "Old concept/syntax"
-#: ../../contributing/testing.rst:62
+#: ../../contributing/testing.rst:63
msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
@@ -843,7 +859,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with
msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
-#: ../../contributing/testing.rst:170
+#: ../../contributing/testing.rst:171
msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
@@ -851,6 +867,10 @@ msgstr "One is not bound to load all configurations one after another but can al
msgid "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
msgstr "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+#: ../../contributing/testing.rst:7
+msgid "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+msgstr "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+
#: ../../contributing/development.rst:665
msgid "Only applicable to leaf nodes"
msgstr "Only applicable to leaf nodes"
@@ -863,7 +883,7 @@ msgstr "Other packages (e.g. vyos-1x) add dependencies to the ISO build procedur
msgid "Our StrongSWAN build differs from the upstream:"
msgstr "Our StrongSWAN build differs from the upstream:"
-#: ../../contributing/testing.rst:19
+#: ../../contributing/testing.rst:20
msgid "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
msgstr "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
@@ -875,12 +895,12 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind
msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
-#: ../../contributing/testing.rst:92
+#: ../../contributing/testing.rst:93
msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
-#: ../../contributing/build-vyos.rst:697
-#: ../../contributing/build-vyos.rst:766
+#: ../../contributing/build-vyos.rst:737
+#: ../../contributing/build-vyos.rst:806
msgid "Packages"
msgstr "Packages"
@@ -904,11 +924,11 @@ msgstr "Please submit your patches using the well-known GitHub pull-request agai
msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
-#: ../../contributing/testing.rst:103
+#: ../../contributing/testing.rst:104
msgid "Port description"
msgstr "Port description"
-#: ../../contributing/testing.rst:104
+#: ../../contributing/testing.rst:105
msgid "Port disable"
msgstr "Port disable"
@@ -952,7 +972,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway?
msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
-#: ../../contributing/build-vyos.rst:745
+#: ../../contributing/build-vyos.rst:785
msgid "QEMU"
msgstr "QEMU"
@@ -968,16 +988,16 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca
msgid "Report a Bug"
msgstr "Report a Bug"
-#: ../../contributing/build-vyos.rst:747
+#: ../../contributing/build-vyos.rst:787
msgid "Run the following command after building the ISO image."
msgstr "Run the following command after building the ISO image."
-#: ../../contributing/build-vyos.rst:756
+#: ../../contributing/build-vyos.rst:796
msgid "Run the following command after building the QEMU image."
msgstr "Run the following command after building the QEMU image."
-#: ../../contributing/build-vyos.rst:637
-#: ../../contributing/build-vyos.rst:666
+#: ../../contributing/build-vyos.rst:677
+#: ../../contributing/build-vyos.rst:706
msgid "Simply use our wrapper script to build all of the driver modules."
msgstr "Simply use our wrapper script to build all of the driver modules."
@@ -985,19 +1005,19 @@ msgstr "Simply use our wrapper script to build all of the driver modules."
msgid "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
msgstr "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
-#: ../../contributing/testing.rst:29
+#: ../../contributing/testing.rst:30
msgid "Smoketests"
msgstr "Smoketests"
-#: ../../contributing/testing.rst:31
+#: ../../contributing/testing.rst:32
msgid "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
msgstr "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
-#: ../../contributing/testing.rst:44
+#: ../../contributing/testing.rst:45
msgid "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
msgstr "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
-#: ../../contributing/build-vyos.rst:136
+#: ../../contributing/build-vyos.rst:202
msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
@@ -1005,7 +1025,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver
msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
-#: ../../contributing/testing.rst:201
+#: ../../contributing/testing.rst:202
msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
@@ -1013,7 +1033,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos
msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
-#: ../../contributing/build-vyos.rst:229
+#: ../../contributing/build-vyos.rst:269
msgid "Start the build:"
msgstr "Start the build:"
@@ -1057,15 +1077,15 @@ msgstr "Text generation"
msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
-#: ../../contributing/build-vyos.rst:634
+#: ../../contributing/build-vyos.rst:674
msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
-#: ../../contributing/build-vyos.rst:662
+#: ../../contributing/build-vyos.rst:702
msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
-#: ../../contributing/build-vyos.rst:392
+#: ../../contributing/build-vyos.rst:432
msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
@@ -1089,7 +1109,7 @@ msgstr "The ``generate()`` function generates config files for system components
msgid "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
msgstr "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
-#: ../../contributing/testing.rst:47
+#: ../../contributing/testing.rst:48
msgid "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
msgstr "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
@@ -1101,19 +1121,19 @@ msgstr "The ``verify()`` function takes your internal representation of the conf
msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
-#: ../../contributing/build-vyos.rst:54
+#: ../../contributing/build-vyos.rst:116
msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
-#: ../../contributing/testing.rst:158
+#: ../../contributing/testing.rst:159
msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
-#: ../../contributing/build-vyos.rst:87
+#: ../../contributing/build-vyos.rst:149
msgid "The container can also be built directly from source:"
msgstr "The container can also be built directly from source:"
-#: ../../contributing/build-vyos.rst:62
+#: ../../contributing/build-vyos.rst:124
msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
@@ -1121,11 +1141,11 @@ msgstr "The container can be built by hand or by fetching the pre-built one from
msgid "The default template processor for VyOS code is Jinja2_."
msgstr "The default template processor for VyOS code is Jinja2_."
-#: ../../contributing/build-vyos.rst:773
+#: ../../contributing/build-vyos.rst:813
msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
-#: ../../contributing/testing.rst:163
+#: ../../contributing/testing.rst:164
msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
@@ -1137,6 +1157,10 @@ msgstr "The file can be placed in ``/tmp`` for one time debugging (as the file w
msgid "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
msgstr "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
+#: ../../contributing/build-vyos.rst:26
+msgid "The following includes the build process for VyOS 1.2 to the latest version."
+msgstr "The following includes the build process for VyOS 1.2 to the latest version."
+
#: ../../contributing/development.rst:71
msgid "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
msgstr "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
@@ -1149,11 +1173,11 @@ msgstr "The great thing about schemas is not only that people can know the compl
msgid "The information is used in three ways:"
msgstr "The information is used in three ways:"
-#: ../../contributing/build-vyos.rst:437
+#: ../../contributing/build-vyos.rst:477
msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
-#: ../../contributing/build-vyos.rst:425
+#: ../../contributing/build-vyos.rst:465
msgid "The most obvious reasons could be:"
msgstr "The most obvious reasons could be:"
@@ -1161,7 +1185,7 @@ msgstr "The most obvious reasons could be:"
msgid "The original repo is at https://github.com/dmbaturin/hvinfo"
msgstr "The original repo is at https://github.com/dmbaturin/hvinfo"
-#: ../../contributing/testing.rst:153
+#: ../../contributing/testing.rst:154
msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
@@ -1181,7 +1205,7 @@ msgstr "The reason is that the configuration migration backend is rewritten and
msgid "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
msgstr "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
-#: ../../contributing/testing.rst:53
+#: ../../contributing/testing.rst:54
msgid "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
msgstr "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
@@ -1205,7 +1229,7 @@ msgstr "The switch to the Python programming language for new code is not merely
msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
-#: ../../contributing/build-vyos.rst:310
+#: ../../contributing/build-vyos.rst:350
msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
@@ -1221,7 +1245,7 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo
msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
-#: ../../contributing/build-vyos.rst:257
+#: ../../contributing/build-vyos.rst:297
msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
@@ -1249,31 +1273,35 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https
msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
-#: ../../contributing/build-vyos.rst:572
+#: ../../contributing/build-vyos.rst:612
msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
-#: ../../contributing/build-vyos.rst:26
+#: ../../contributing/build-vyos.rst:76
+msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+
+#: ../../contributing/build-vyos.rst:28
msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
-#: ../../contributing/testing.rst:147
+#: ../../contributing/testing.rst:148
msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
-#: ../../contributing/testing.rst:97
+#: ../../contributing/testing.rst:98
msgid "Those common tests consists out of:"
msgstr "Those common tests consists out of:"
-#: ../../contributing/build-vyos.rst:107
+#: ../../contributing/build-vyos.rst:173
msgid "Tips and Tricks"
msgstr "Tips and Tricks"
-#: ../../contributing/build-vyos.rst:46
+#: ../../contributing/build-vyos.rst:108
msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
-#: ../../contributing/build-vyos.rst:149
+#: ../../contributing/build-vyos.rst:37
msgid "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
msgstr "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
@@ -1285,7 +1313,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every
msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
-#: ../../contributing/build-vyos.rst:333
+#: ../../contributing/build-vyos.rst:373
msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
@@ -1305,19 +1333,19 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll
msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
-#: ../../contributing/build-vyos.rst:75
+#: ../../contributing/build-vyos.rst:137
msgid "To manually download the container from DockerHub, run:"
msgstr "To manually download the container from DockerHub, run:"
-#: ../../contributing/build-vyos.rst:156
+#: ../../contributing/build-vyos.rst:46
msgid "To start, clone the repository to your local machine:"
msgstr "To start, clone the repository to your local machine:"
-#: ../../contributing/build-vyos.rst:812
+#: ../../contributing/build-vyos.rst:852
msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
-#: ../../contributing/build-vyos.rst:711
+#: ../../contributing/build-vyos.rst:751
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -1357,11 +1385,11 @@ msgstr "Useful commands are:"
msgid "VIF (incl. VIF-S/VIF-C)"
msgstr "VIF (incl. VIF-S/VIF-C)"
-#: ../../contributing/testing.rst:105
+#: ../../contributing/testing.rst:106
msgid "VLANs (QinQ and regular 802.1q)"
msgstr "VLANs (QinQ and regular 802.1q)"
-#: ../../contributing/build-vyos.rst:754
+#: ../../contributing/build-vyos.rst:794
msgid "VMware"
msgstr "VMware"
@@ -1373,7 +1401,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form."
msgid "Verbs **should** be avoided. If a verb can be omitted, omit it."
msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it."
-#: ../../contributing/build-vyos.rst:742
+#: ../../contributing/build-vyos.rst:782
msgid "Virtualization Platforms"
msgstr "Virtualization Platforms"
@@ -1381,7 +1409,11 @@ msgstr "Virtualization Platforms"
msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
-#: ../../contributing/build-vyos.rst:768
+#: ../../contributing/build-vyos.rst:168
+msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+
+#: ../../contributing/build-vyos.rst:808
msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
@@ -1389,19 +1421,19 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst
msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
-#: ../../contributing/build-vyos.rst:600
+#: ../../contributing/build-vyos.rst:640
msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:"
msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:"
-#: ../../contributing/testing.rst:24
+#: ../../contributing/testing.rst:25
msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
-#: ../../contributing/build-vyos.rst:349
+#: ../../contributing/build-vyos.rst:389
msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
-#: ../../contributing/build-vyos.rst:341
+#: ../../contributing/build-vyos.rst:381
msgid "We now need to mount some required, volatile filesystems"
msgstr "We now need to mount some required, volatile filesystems"
@@ -1425,7 +1457,7 @@ msgstr "What was the configuration prior to the change?"
msgid "What were you attempting to achieve?"
msgstr "What were you attempting to achieve?"
-#: ../../contributing/testing.rst:34
+#: ../../contributing/testing.rst:35
msgid "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
msgstr "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
@@ -1437,7 +1469,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is
msgid "When modifying the source code, remember these rules of the legacy elimination campaign:"
msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:"
-#: ../../contributing/build-vyos.rst:241
+#: ../../contributing/build-vyos.rst:281
msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
@@ -1449,7 +1481,7 @@ msgstr "When writing a new configuration migrator it may happen that you see an
msgid "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
msgstr "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
-#: ../../contributing/testing.rst:108
+#: ../../contributing/testing.rst:109
msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
@@ -1490,11 +1522,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was
msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
-#: ../../contributing/build-vyos.rst:827
+#: ../../contributing/build-vyos.rst:867
msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
-#: ../../contributing/build-vyos.rst:109
+#: ../../contributing/build-vyos.rst:175
msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
@@ -1506,7 +1538,7 @@ msgstr "You can type ``help`` to get an overview of the available commands, and
msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
-#: ../../contributing/build-vyos.rst:430
+#: ../../contributing/build-vyos.rst:470
msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
@@ -1526,7 +1558,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your
msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
-#: ../../contributing/testing.rst:106
+#: ../../contributing/testing.rst:107
msgid "..."
msgstr "..."
@@ -1582,7 +1614,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi
msgid "``set``"
msgstr "``set``"
-#: ../../contributing/build-vyos.rst:427
+#: ../../contributing/build-vyos.rst:467
msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
diff --git a/docs/_locale/pt/copyright.pot b/docs/_locale/pt/copyright.pot
index 63b2984b..6f47ee66 100644
--- a/docs/_locale/pt/copyright.pot
+++ b/docs/_locale/pt/copyright.pot
@@ -13,8 +13,8 @@ msgid "Copyright Notice"
msgstr "Copyright Notice"
#: ../../copyright.md:3
-msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors"
-msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors"
+msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors"
+msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors"
#: ../../copyright.md:9
msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one."
diff --git a/docs/_locale/pt/index.pot b/docs/_locale/pt/index.pot
index d4e7f62f..85461e8e 100644
--- a/docs/_locale/pt/index.pot
+++ b/docs/_locale/pt/index.pot
@@ -12,23 +12,23 @@ msgstr ""
msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
-#: ../../index.rst:70
+#: ../../index.rst:72
msgid "Adminguide"
msgstr "Adminguide"
-#: ../../index.rst:31
+#: ../../index.rst:33
msgid "Automate"
msgstr "Automate"
-#: ../../index.rst:23
+#: ../../index.rst:25
msgid "Configuration and Operation"
msgstr "Configuration and Operation"
-#: ../../index.rst:44
+#: ../../index.rst:46
msgid "Contribute and Community"
msgstr "Contribute and Community"
-#: ../../index.rst:83
+#: ../../index.rst:85
msgid "Development"
msgstr "Development"
@@ -36,31 +36,31 @@ msgstr "Development"
msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
-#: ../../index.rst:38
+#: ../../index.rst:40
msgid "Examples"
msgstr "Examples"
-#: ../../index.rst:61
+#: ../../index.rst:63
msgid "First Steps"
msgstr "First Steps"
-#: ../../index.rst:11
+#: ../../index.rst:12
msgid "Get / Build VyOS"
msgstr "Get / Build VyOS"
-#: ../../index.rst:40
+#: ../../index.rst:42
msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
-#: ../../index.rst:16
+#: ../../index.rst:18
msgid "Install VyOS"
msgstr "Install VyOS"
-#: ../../index.rst:33
+#: ../../index.rst:35
msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
-#: ../../index.rst:96
+#: ../../index.rst:98
msgid "Misc"
msgstr "Misc"
@@ -68,11 +68,11 @@ msgstr "Misc"
msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
-#: ../../index.rst:13
+#: ../../index.rst:15
msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
-#: ../../index.rst:18
+#: ../../index.rst:20
msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
@@ -80,7 +80,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:
msgid "There are many ways to contribute to the project."
msgstr "There are many ways to contribute to the project."
-#: ../../index.rst:25
+#: ../../index.rst:27
msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
diff --git a/docs/_locale/pt/installation.pot b/docs/_locale/pt/installation.pot
index afbea3d1..b6b01c69 100644
--- a/docs/_locale/pt/installation.pot
+++ b/docs/_locale/pt/installation.pot
@@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project."
msgid "**Early Production Access**"
msgstr "**Early Production Access**"
-#: ../../installation/install.rst:538
+#: ../../installation/install.rst:541
msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
@@ -56,7 +56,7 @@ msgstr "**Release Candidate**"
msgid "**Requirements**"
msgstr "**Requirements**"
-#: ../../installation/install.rst:543
+#: ../../installation/install.rst:546
msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
@@ -128,37 +128,35 @@ msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs"
msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 custom VyOS powder coat"
msgstr "APU4 custom VyOS powder coat"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop back"
msgstr "APU4 desktop back"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop closed"
msgstr "APU4 desktop closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack closed"
msgstr "APU4 rack closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack front"
msgstr "APU4 rack front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #1"
msgstr "APU4 rack module #1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #2"
msgstr "APU4 rack module #2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #3 with PSU"
msgstr "APU4 rack module #3 with PSU"
@@ -166,7 +164,7 @@ msgstr "APU4 rack module #3 with PSU"
msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
-#: ../../installation/install.rst:487
+#: ../../installation/install.rst:490
msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
@@ -234,7 +232,7 @@ msgstr "After installation - exit from the console using the key combination ``C
msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
-#: ../../installation/update.rst:81
+#: ../../installation/update.rst:88
msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
@@ -262,7 +260,7 @@ msgstr "An IP address"
msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
-#: ../../installation/install.rst:551
+#: ../../installation/install.rst:554
msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
@@ -338,7 +336,7 @@ msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected
msgid "Bits per second : 9600"
msgstr "Bits per second : 9600"
-#: ../../installation/install.rst:580
+#: ../../installation/install.rst:583
msgid "Black screen on install"
msgstr "Black screen on install"
@@ -358,39 +356,39 @@ msgstr "Building from source"
msgid "CLI"
msgstr "CLI"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Back"
msgstr "CSE-505-203B Back"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Front"
msgstr "CSE-505-203B Front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 1"
msgstr "CSE-505-203B Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 2"
msgstr "CSE-505-203B Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 3"
msgstr "CSE-505-203B Open 3"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open"
msgstr "CSE-505-203B w/ 10GE Open"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 1"
msgstr "CSE-505-203B w/ 10GE Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 2"
msgstr "CSE-505-203B w/ 10GE Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 3"
msgstr "CSE-505-203B w/ 10GE Open 3"
@@ -455,7 +453,7 @@ msgstr "Click to ``Instances`` and ``Launch Instance``"
msgid "Click to your new vm and find out your Public IP address."
msgstr "Click to your new vm and find out your Public IP address."
-#: ../../installation/install.rst:562
+#: ../../installation/install.rst:565
msgid "Client Boot"
msgstr "Client Boot"
@@ -491,7 +489,7 @@ msgstr "Configure Security Group. It's recommended that you configure ssh access
msgid "Configure a DHCP server to provide the client with:"
msgstr "Configure a DHCP server to provide the client with:"
-#: ../../installation/install.rst:476
+#: ../../installation/install.rst:479
msgid "Configure a TFTP server so that it serves the following:"
msgstr "Configure a TFTP server so that it serves the following:"
@@ -525,11 +523,8 @@ msgid "Connect to the instance by SSH key."
msgstr "Connect to the instance by SSH key."
#: ../../installation/cloud/index.rst:7
-#: ../../installation/cloud/index.rst:7
-#: ../../installation/index.rst:7
#: ../../installation/index.rst:7
#: ../../installation/virtual/index.rst:5
-#: ../../installation/virtual/index.rst:5
msgid "Content"
msgstr "Content"
@@ -649,7 +644,7 @@ msgstr "Disable XHCI"
msgid "Disk size"
msgstr "Disk size"
-#: ../../installation/install.rst:547
+#: ../../installation/install.rst:550
msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
@@ -727,15 +722,10 @@ msgid "Every version is contained in its own squashfs image that is mounted in a
msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts."
#: ../../installation/install.rst:17
-#: ../../installation/install.rst:17
-#: ../../installation/install.rst:21
#: ../../installation/install.rst:21
#: ../../installation/install.rst:25
-#: ../../installation/install.rst:25
-#: ../../installation/install.rst:29
#: ../../installation/install.rst:29
#: ../../installation/install.rst:33
-#: ../../installation/install.rst:33
#: ../../installation/install.rst:37
msgid "Everyone"
msgstr "Everyone"
@@ -752,11 +742,11 @@ msgstr "Example"
msgid "Example:"
msgstr "Example:"
-#: ../../installation/install.rst:519
+#: ../../installation/install.rst:522
msgid "Example of simple (no menu) configuration file:"
msgstr "Example of simple (no menu) configuration file:"
-#: ../../installation/install.rst:499
+#: ../../installation/install.rst:502
msgid "Example of the contents of the TFTP server:"
msgstr "Example of the contents of the TFTP server:"
@@ -768,7 +758,7 @@ msgstr "Extension Modules"
msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
-#: ../../installation/install.rst:564
+#: ../../installation/install.rst:567
msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
@@ -816,7 +806,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c
msgid "GPG verification"
msgstr "GPG verification"
-#: ../../installation/install.rst:582
+#: ../../installation/install.rst:585
msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
@@ -964,7 +954,7 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration
msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
-#: ../../installation/install.rst:491
+#: ../../installation/install.rst:494
msgid "In the example we configured our existent VyOS as the TFTP server too:"
msgstr "In the example we configured our existent VyOS as the TFTP server too:"
@@ -985,7 +975,7 @@ msgstr "Installation"
msgid "Installation and Image Management"
msgstr "Installation and Image Management"
-#: ../../installation/install.rst:594
+#: ../../installation/install.rst:597
msgid "Installation can then continue as outlined above."
msgstr "Installation can then continue as outlined above."
@@ -1021,7 +1011,7 @@ msgstr "It is advised that VyOS routers are configured in a resource group with
msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
-#: ../../installation/install.rst:575
+#: ../../installation/install.rst:578
msgid "Known Issues"
msgstr "Known Issues"
@@ -1057,7 +1047,7 @@ msgstr "Live installation"
msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)"
msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)"
-#: ../../installation/install.rst:555
+#: ../../installation/install.rst:558
msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
@@ -1138,7 +1128,7 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po
msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
-#: ../../installation/install.rst:569
+#: ../../installation/install.rst:572
msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
@@ -1462,11 +1452,11 @@ msgstr "Stayed in this stage. This is because the KVM console is chosen as the d
msgid "Step 1: DHCP"
msgstr "Step 1: DHCP"
-#: ../../installation/install.rst:474
+#: ../../installation/install.rst:477
msgid "Step 2: TFTP"
msgstr "Step 2: TFTP"
-#: ../../installation/install.rst:531
+#: ../../installation/install.rst:534
msgid "Step 3: HTTP"
msgstr "Step 3: HTTP"
@@ -1498,11 +1488,11 @@ msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be u
msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
-#: ../../installation/install.rst:479
+#: ../../installation/install.rst:482
msgid "The *ldlinux.c32* file from the Syslinux distribution"
msgstr "The *ldlinux.c32* file from the Syslinux distribution"
-#: ../../installation/install.rst:478
+#: ../../installation/install.rst:481
msgid "The *pxelinux.0* file from the Syslinux distribution"
msgstr "The *pxelinux.0* file from the Syslinux distribution"
@@ -1582,7 +1572,7 @@ msgstr "The image will be loaded and the last lines you will get will be:"
msgid "The import can be verified with:"
msgstr "The import can be verified with:"
-#: ../../installation/install.rst:483
+#: ../../installation/install.rst:486
msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
@@ -1590,7 +1580,7 @@ msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *ini
msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
-#: ../../installation/install.rst:480
+#: ../../installation/install.rst:483
msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
@@ -1598,7 +1588,7 @@ msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz
msgid "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
-#: ../../installation/update.rst:76
+#: ../../installation/update.rst:83
msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
@@ -1618,7 +1608,7 @@ msgstr "The system is fully operational."
msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
-#: ../../installation/install.rst:587
+#: ../../installation/install.rst:590
msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
@@ -1663,7 +1653,7 @@ msgstr "This guide was developed using an APU4C4 board with the following specs:
msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
-#: ../../installation/install.rst:577
+#: ../../installation/install.rst:580
msgid "This is a list of known issues that can arise during installation."
msgstr "This is a list of known issues that can arise during installation."
@@ -1695,6 +1685,10 @@ msgstr "To turn the template into a working VyOS machine, further steps are nece
msgid "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
+#: ../../installation/update.rst:81
+msgid "To use the `latest` option the \"system update-check url\" must be configured."
+msgstr "To use the `latest` option the \"system update-check url\" must be configured."
+
#: ../../installation/install.rst:248
msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
@@ -1827,7 +1821,7 @@ msgstr "Wait until you get the outcome (bytes copied). Be patient, in some compu
msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
-#: ../../installation/install.rst:533
+#: ../../installation/install.rst:536
msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
@@ -1879,6 +1873,10 @@ msgstr "You can go back to your Vyatta install using the ``set system image defa
msgid "You can now proceed with a regular image installation as described in :ref:`installation`."
msgstr "You can now proceed with a regular image installation as described in :ref:`installation`."
+#: ../../installation/update.rst:75
+msgid "You can use ``latest`` option. It loads the latest available Rolling release."
+msgstr "You can use ``latest`` option. It loads the latest available Rolling release."
+
#: ../../installation/migrate-from-vyatta.rst:28
msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
@@ -1923,7 +1921,7 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.
msgid "``gpg --recv-keys FD220285A0FE6D7E``"
msgstr "``gpg --recv-keys FD220285A0FE6D7E``"
-#: ../../installation/install.rst:590
+#: ../../installation/install.rst:593
msgid "`console=ttyS0,115200`"
msgstr "`console=ttyS0,115200`"
@@ -1955,7 +1953,7 @@ msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-
msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
-#: ../../installation/update.rst:79
+#: ../../installation/update.rst:86
msgid "https://vyos.net/get/nightly-builds/"
msgstr "https://vyos.net/get/nightly-builds/"
@@ -1971,6 +1969,6 @@ msgstr "https://www.oracle.com/cloud/"
msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
-#: ../../installation/install.rst:592
+#: ../../installation/install.rst:595
msgid "option, and type CTRL-X to boot."
msgstr "option, and type CTRL-X to boot."
diff --git a/docs/_locale/pt/quick-start.pot b/docs/_locale/pt/quick-start.pot
index 29eadcbc..eff80392 100644
--- a/docs/_locale/pt/quick-start.pot
+++ b/docs/_locale/pt/quick-start.pot
@@ -8,19 +8,19 @@ msgstr ""
"Language: pt\n"
"Plural-Forms: nplurals=2; plural=(n>=0 && n<=1) ? 0 : 1;\n"
-#: ../../quick-start.rst:178
+#: ../../quick-start.rst:189
msgid "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
msgstr "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
-#: ../../quick-start.rst:124
+#: ../../quick-start.rst:125
msgid "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
msgstr "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
-#: ../../quick-start.rst:180
+#: ../../quick-start.rst:191
msgid "A rule to ``accept`` packets from established and related connections."
msgstr "A rule to ``accept`` packets from established and related connections."
-#: ../../quick-start.rst:181
+#: ../../quick-start.rst:192
msgid "A rule to ``drop`` packets from invalid connections."
msgstr "A rule to ``drop`` packets from invalid connections."
@@ -40,27 +40,31 @@ msgstr "After switching to :ref:`quick-start-configuration-mode` issue the follo
msgid "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
msgstr "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
-#: ../../quick-start.rst:301
+#: ../../quick-start.rst:311
msgid "Allow Access to Services"
msgstr "Allow Access to Services"
-#: ../../quick-start.rst:257
+#: ../../quick-start.rst:267
msgid "Allow Management Access"
msgstr "Allow Management Access"
-#: ../../quick-start.rst:208
+#: ../../quick-start.rst:202
msgid "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
msgstr "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
+#: ../../quick-start.rst:219
+msgid "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+msgstr "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+
#: ../../quick-start.rst:167
msgid "Apply the firewall policies:"
msgstr "Apply the firewall policies:"
-#: ../../quick-start.rst:367
+#: ../../quick-start.rst:377
msgid "As above, commit your changes, save the configuration, and exit configuration mode:"
msgstr "As above, commit your changes, save the configuration, and exit configuration mode:"
-#: ../../quick-start.rst:227
+#: ../../quick-start.rst:237
msgid "Block Incoming Traffic"
msgstr "Block Incoming Traffic"
@@ -76,7 +80,7 @@ msgstr "By default, VyOS is in operational mode, and the command prompt displays
msgid "Commit and Save"
msgstr "Commit and Save"
-#: ../../quick-start.rst:327
+#: ../../quick-start.rst:337
msgid "Commit changes, save the configuration, and exit configuration mode:"
msgstr "Commit changes, save the configuration, and exit configuration mode:"
@@ -84,19 +88,19 @@ msgstr "Commit changes, save the configuration, and exit configuration mode:"
msgid "Configuration Mode"
msgstr "Configuration Mode"
-#: ../../quick-start.rst:143
+#: ../../quick-start.rst:138
msgid "Configure Firewall Groups"
msgstr "Configure Firewall Groups"
-#: ../../quick-start.rst:162
+#: ../../quick-start.rst:157
msgid "Configure Stateful Packet Filtering"
msgstr "Configure Stateful Packet Filtering"
-#: ../../quick-start.rst:271
+#: ../../quick-start.rst:281
msgid "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
msgstr "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
-#: ../../quick-start.rst:233
+#: ../../quick-start.rst:243
msgid "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
msgstr "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
@@ -120,35 +124,35 @@ msgstr "DHCP leases will hold for one day (86400 seconds)"
msgid "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
msgstr "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
-#: ../../quick-start.rst:341
+#: ../../quick-start.rst:351
msgid "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
msgstr "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
-#: ../../quick-start.rst:281
+#: ../../quick-start.rst:291
msgid "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
msgstr "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
-#: ../../quick-start.rst:357
+#: ../../quick-start.rst:367
msgid "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
msgstr "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
-#: ../../quick-start.rst:319
+#: ../../quick-start.rst:329
msgid "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
msgstr "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
-#: ../../quick-start.rst:122
+#: ../../quick-start.rst:123
msgid "Firewall"
msgstr "Firewall"
-#: ../../quick-start.rst:263
+#: ../../quick-start.rst:273
msgid "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
msgstr "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
-#: ../../quick-start.rst:339
+#: ../../quick-start.rst:349
msgid "Hardening"
msgstr "Hardening"
-#: ../../quick-start.rst:303
+#: ../../quick-start.rst:313
msgid "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
msgstr "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
@@ -156,7 +160,11 @@ msgstr "Here we're allowing the router to respond to pings. Then, we can allow a
msgid "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
msgstr "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
-#: ../../quick-start.rst:150
+#: ../../quick-start.rst:145
+msgid "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+msgstr "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+
+#: ../../quick-start.rst:144
msgid "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
msgstr "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
@@ -164,11 +172,15 @@ msgstr "In this case, we will create two interface groups—a ``WAN`` group for
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../quick-start.rst:109
+#: ../../quick-start.rst:170
+msgid "Most installations would choose this option, and will contain:"
+msgstr "Most installations would choose this option, and will contain:"
+
+#: ../../quick-start.rst:110
msgid "NAT"
msgstr "NAT"
-#: ../../quick-start.rst:229
+#: ../../quick-start.rst:239
msgid "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
msgstr "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
@@ -180,19 +192,31 @@ msgstr "Once your configuration works as expected, you can save it permanently b
msgid "Only hosts from your internal/LAN network can use the DNS recursor"
msgstr "Only hosts from your internal/LAN network can use the DNS recursor"
-#: ../../quick-start.rst:168
+#: ../../quick-start.rst:162
msgid "Option 1: Common Chain"
msgstr "Option 1: Common Chain"
-#: ../../quick-start.rst:206
+#: ../../quick-start.rst:163
+msgid "Option 1: Global State Policies"
+msgstr "Option 1: Global State Policies"
+
+#: ../../quick-start.rst:179
+msgid "Option 2: Common/Custom Chain"
+msgstr "Option 2: Common/Custom Chain"
+
+#: ../../quick-start.rst:200
msgid "Option 2: Per-Hook Chain"
msgstr "Option 2: Per-Hook Chain"
+#: ../../quick-start.rst:217
+msgid "Option 3: Per-Hook Chain"
+msgstr "Option 3: Per-Hook Chain"
+
#: ../../quick-start.rst:5
msgid "Quick Start"
msgstr "Quick Start"
-#: ../../quick-start.rst:344
+#: ../../quick-start.rst:354
msgid "Replace the default ``vyos`` system user:"
msgstr "Replace the default ``vyos`` system user:"
@@ -204,7 +228,7 @@ msgstr "Replace the default `vyos` system user:"
msgid "SSH Management"
msgstr "SSH Management"
-#: ../../quick-start.rst:350
+#: ../../quick-start.rst:360
msgid "Set up :ref:`ssh_key_based_authentication`:"
msgstr "Set up :ref:`ssh_key_based_authentication`:"
@@ -216,7 +240,7 @@ msgstr "The address range `192.168.0.2/24 - 192.168.0.8/24` will be reserved for
msgid "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
msgstr "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
-#: ../../quick-start.rst:176
+#: ../../quick-start.rst:187
msgid "The chain we will create is called ``CONN_FILTER`` and has three rules:"
msgstr "The chain we will create is called ``CONN_FILTER`` and has three rules:"
@@ -228,7 +252,7 @@ msgstr "The default gateway and DNS recursor address will be `192.168.0.1/24`"
msgid "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
msgstr "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
-#: ../../quick-start.rst:137
+#: ../../quick-start.rst:132
msgid "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
msgstr "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
@@ -236,11 +260,11 @@ msgstr "The firewall begins with the base ``filter`` tables you define for each
msgid "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
msgstr "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
-#: ../../quick-start.rst:111
+#: ../../quick-start.rst:112
msgid "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
msgstr "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
-#: ../../quick-start.rst:194
+#: ../../quick-start.rst:205
msgid "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
msgstr "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
@@ -260,31 +284,39 @@ msgstr "This chapter will guide you on how to get up to speed quickly using your
msgid "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
msgstr "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
-#: ../../quick-start.rst:145
+#: ../../quick-start.rst:140
msgid "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
msgstr "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
+#: ../../quick-start.rst:164
+msgid "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+msgstr "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+
#: ../../quick-start.rst:90
msgid "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
msgstr "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
-#: ../../quick-start.rst:170
+#: ../../quick-start.rst:181
msgid "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
msgstr "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
-#: ../../quick-start.rst:259
+#: ../../quick-start.rst:269
msgid "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
msgstr "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
-#: ../../quick-start.rst:247
+#: ../../quick-start.rst:257
msgid "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
msgstr "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
-#: ../../quick-start.rst:164
+#: ../../quick-start.rst:159
+msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+
+#: ../../quick-start.rst:158
msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
-#: ../../quick-start.rst:379
+#: ../../quick-start.rst:389
msgid "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
msgstr "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
diff --git a/docs/_locale/uk/404.pot b/docs/_locale/uk/404.pot
index bb2e577b..ba0c5417 100644
--- a/docs/_locale/uk/404.pot
+++ b/docs/_locale/uk/404.pot
@@ -25,5 +25,13 @@ msgid "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
msgstr "`1.3.x (equuleus) <https://docs.vyos.io/en/equuleus/>`_"
#: ../../404.rst:11
+msgid "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+msgstr "`1.4.x (sagitta) <https://docs.vyos.io/en/sagitta/>`_"
+
+#: ../../404.rst:12
+msgid "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+msgstr "`rolling release (circinus) <https://docs.vyos.io/en/latest/>`_"
+
+#: ../../404.rst:11
msgid "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
msgstr "`rolling release (sagitta) <https://docs.vyos.io/en/latest/>`_"
diff --git a/docs/_locale/uk/LC_MESSAGES/404.mo b/docs/_locale/uk/LC_MESSAGES/404.mo
index 32351c0c..931cdcbb 100644
--- a/docs/_locale/uk/LC_MESSAGES/404.mo
+++ b/docs/_locale/uk/LC_MESSAGES/404.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/automation.mo b/docs/_locale/uk/LC_MESSAGES/automation.mo
index 00db6b5d..c353f97f 100644
--- a/docs/_locale/uk/LC_MESSAGES/automation.mo
+++ b/docs/_locale/uk/LC_MESSAGES/automation.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/cli.mo b/docs/_locale/uk/LC_MESSAGES/cli.mo
index b982b301..468e41bb 100644
--- a/docs/_locale/uk/LC_MESSAGES/cli.mo
+++ b/docs/_locale/uk/LC_MESSAGES/cli.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/configexamples.mo b/docs/_locale/uk/LC_MESSAGES/configexamples.mo
index 15e600c6..923a9818 100644
--- a/docs/_locale/uk/LC_MESSAGES/configexamples.mo
+++ b/docs/_locale/uk/LC_MESSAGES/configexamples.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/configuration.mo b/docs/_locale/uk/LC_MESSAGES/configuration.mo
index a7fe23ad..7acb2117 100644
--- a/docs/_locale/uk/LC_MESSAGES/configuration.mo
+++ b/docs/_locale/uk/LC_MESSAGES/configuration.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/contributing.mo b/docs/_locale/uk/LC_MESSAGES/contributing.mo
index 2e02dea4..6d56979f 100644
--- a/docs/_locale/uk/LC_MESSAGES/contributing.mo
+++ b/docs/_locale/uk/LC_MESSAGES/contributing.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/installation.mo b/docs/_locale/uk/LC_MESSAGES/installation.mo
index 19eb5834..60c26968 100644
--- a/docs/_locale/uk/LC_MESSAGES/installation.mo
+++ b/docs/_locale/uk/LC_MESSAGES/installation.mo
Binary files differ
diff --git a/docs/_locale/uk/LC_MESSAGES/quick-start.mo b/docs/_locale/uk/LC_MESSAGES/quick-start.mo
index 7b0409bb..1db72477 100644
--- a/docs/_locale/uk/LC_MESSAGES/quick-start.mo
+++ b/docs/_locale/uk/LC_MESSAGES/quick-start.mo
Binary files differ
diff --git a/docs/_locale/uk/automation.pot b/docs/_locale/uk/automation.pot
index 168ae254..fd209459 100644
--- a/docs/_locale/uk/automation.pot
+++ b/docs/_locale/uk/automation.pot
@@ -32,22 +32,30 @@ msgstr "**user-data**: includes vyos-commands."
msgid "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
msgstr "**user-data** file must start with ``#cloud-config`` and contains vyos-commands. For example:"
-#: ../../automation/vyos-api.rst:285
+#: ../../automation/vyos-api.rst:322
msgid "/config-file"
msgstr "/config-file"
-#: ../../automation/vyos-api.rst:228
+#: ../../automation/vyos-api.rst:265
msgid "/configure"
msgstr "/configure"
-#: ../../automation/vyos-api.rst:209
+#: ../../automation/vyos-api.rst:246
msgid "/generate"
msgstr "/generate"
-#: ../../automation/vyos-api.rst:147
+#: ../../automation/vyos-api.rst:184
msgid "/image"
msgstr "/image"
+#: ../../automation/vyos-api.rst:165
+msgid "/poweroff"
+msgstr "/poweroff"
+
+#: ../../automation/vyos-api.rst:147
+msgid "/reboot"
+msgstr "/reboot"
+
#: ../../automation/vyos-api.rst:129
msgid "/reset"
msgstr "/reset"
@@ -56,7 +64,7 @@ msgstr "/reset"
msgid "/retrieve"
msgstr "/retrieve"
-#: ../../automation/vyos-api.rst:185
+#: ../../automation/vyos-api.rst:222
msgid "/show"
msgstr "/show"
@@ -178,6 +186,34 @@ msgstr "Configuration"
msgid "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
msgstr "Configuration commands are executed just like from a normal config session. For example, if you want to disable a BGP peer on VRRP transition to backup:"
+#: ../../automation/vyos-pyvyos.rst:94
+msgid "Configure, then Delete Object"
+msgstr "Configure, then Delete Object"
+
+#: ../../automation/vyos-pyvyos.rst:141
+msgid "Configure, then Load File"
+msgstr "Configure, then Load File"
+
+#: ../../automation/vyos-pyvyos.rst:101
+msgid "Configure, then Save"
+msgstr "Configure, then Save"
+
+#: ../../automation/vyos-pyvyos.rst:108
+msgid "Configure, then Save File"
+msgstr "Configure, then Save File"
+
+#: ../../automation/vyos-pyvyos.rst:68
+msgid "Configure, then Set"
+msgstr "Configure, then Set"
+
+#: ../../automation/vyos-pyvyos.rst:85
+msgid "Configure, then Show Object"
+msgstr "Configure, then Show Object"
+
+#: ../../automation/vyos-pyvyos.rst:77
+msgid "Configure, then Show a Single Object Value"
+msgstr "Configure, then Show a Single Object Value"
+
#: ../../automation/vyos-napalm.rst:89
msgid "Content of commands.conf"
msgstr "Content of commands.conf"
@@ -258,7 +294,7 @@ msgstr "For configuration and enabling the API see :ref:`http-api`"
msgid "For example, get the addresses of a ``dum0`` interface."
msgstr "For example, get the addresses of a ``dum0`` interface."
-#: ../../automation/vyos-api.rst:189
+#: ../../automation/vyos-api.rst:226
msgid "For example, show which images are installed."
msgstr "For example, show which images are installed."
@@ -270,10 +306,18 @@ msgstr "For more information on the NoCloud data source, visit its `page <https:
msgid "From cli or GUI, power on VM, and after it boots, verify configuration"
msgstr "From cli or GUI, power on VM, and after it boots, verify configuration"
+#: ../../automation/vyos-pyvyos.rst:123
+msgid "Generate Object"
+msgstr "Generate Object"
+
#: ../../automation/cloud-init.rst:268
msgid "Generate qcow image"
msgstr "Generate qcow image"
+#: ../../automation/vyos-pyvyos.rst:24
+msgid "Getting Started"
+msgstr "Getting Started"
+
#: ../../automation/command-scripting.rst:82
msgid "Here is a simple example:"
msgstr "Here is a simple example:"
@@ -306,6 +350,10 @@ msgstr "If you need to gather information from linux commands to configure VyOS,
msgid "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
msgstr "If you want to script the configs in a language other than bash you can have your script output commands and then source them in a bash script."
+#: ../../automation/vyos-pyvyos.rst:27
+msgid "Importing and Disabling Warnings for verify=False"
+msgstr "Importing and Disabling Warnings for verify=False"
+
#: ../../automation/cloud-init.rst:298
msgid "In Proxmox server three files are going to be used for this setup:"
msgstr "In Proxmox server three files are going to be used for this setup:"
@@ -326,6 +374,10 @@ msgstr "In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G.
msgid "Initial Configuration"
msgstr "Initial Configuration"
+#: ../../automation/vyos-pyvyos.rst:47
+msgid "Initializing a VyDevice Object"
+msgstr "Initializing a VyDevice Object"
+
#: ../../automation/cloud-init.rst:180
msgid "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
msgstr "Injecting configuration data is not limited to cloud platforms. Users can employ the NoCloud data source to inject user-data and meta-data on virtualization platforms such as VMware, Hyper-V and KVM."
@@ -334,6 +386,10 @@ msgstr "Injecting configuration data is not limited to cloud platforms. Users ca
msgid "Install ``napalm-vyos`` module"
msgstr "Install ``napalm-vyos`` module"
+#: ../../automation/vyos-pyvyos.rst:15
+msgid "Installation"
+msgstr "Installation"
+
#: ../../automation/vyos-salt.rst:98
msgid "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
msgstr "It is possible to configure VyOS via netmiko_ proxy module. It requires a minion with installed packet ``python3-netmiko`` module who has a connection to VyOS nodes. Salt-minion have to communicate with salt master"
@@ -451,6 +507,14 @@ msgstr "Proxmox IP address: **192.168.0.253/24**"
msgid "Proxmox `Cloud-init-Support`_."
msgstr "Proxmox `Cloud-init-Support`_."
+#: ../../automation/vyos-pyvyos.rst:6
+msgid "PyVyOS"
+msgstr "PyVyOS"
+
+#: ../../automation/vyos-pyvyos.rst:8
+msgid "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+msgstr "PyVyOS is a Python library for interacting with VyOS devices via their API. This documentation guides you on using PyVyOS to manage your VyOS devices programmatically. The complete PyVyOS documentation is available on [Read the Docs](https://pyvyos.readthedocs.io/en/latest/), and the library can be found on [GitHub](https://github.com/robertoberto/pyvyos) and [PyPI](https://pypi.org/project/pyvyos/)."
+
#: ../../automation/cloud-init.rst:416
msgid "References"
msgstr "References"
@@ -459,6 +523,10 @@ msgstr "References"
msgid "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
msgstr "Remove default dhcp client on first interface, and load other configuration during first boot, using cloud-init."
+#: ../../automation/vyos-pyvyos.rst:132
+msgid "Reset Object"
+msgstr "Reset Object"
+
#: ../../automation/vyos-ansible.rst:80
msgid "Run ansible"
msgstr "Run ansible"
@@ -487,11 +555,11 @@ msgstr "Salt"
msgid "Salt master configuration:"
msgstr "Salt master configuration:"
-#: ../../automation/vyos-api.rst:307
+#: ../../automation/vyos-api.rst:344
msgid "Save a running configuration to a file."
msgstr "Save a running configuration to a file."
-#: ../../automation/vyos-api.rst:289
+#: ../../automation/vyos-api.rst:326
msgid "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
msgstr "Save a running configuration to the startup configuration. When you don't specify the file when saving, it saves to ``/config/config.boot``."
@@ -503,6 +571,10 @@ msgstr "Script vyos-napalm.py"
msgid "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
msgstr "Scripts are run in alphabetical order. Their names must consist entirely of ASCII upper- and lower-case letters,ASCII digits, ASCII underscores, and ASCII minus-hyphens.No other characters are allowed."
+#: ../../automation/vyos-pyvyos.rst:115
+msgid "Show Object"
+msgstr "Show Object"
+
#: ../../automation/command-scripting.rst:52
msgid "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
msgstr "Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on a remote VyOS system."
@@ -523,7 +595,7 @@ msgstr "Structure of files"
msgid "System Defaults/Fallbacks"
msgstr "System Defaults/Fallbacks"
-#: ../../automation/vyos-api.rst:264
+#: ../../automation/vyos-api.rst:301
msgid "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
msgstr "The API pushes every request to a session and commit it. But some of VyOS components like DHCP and PPPoE Servers, IPSec, VXLAN, and other tunnels require full configuration for commit. The endpoint will process multiple commands when you pass them as a list to the ``data`` field."
@@ -535,11 +607,11 @@ msgstr "The ``/config/scripts/vyos-postconfig-bootup.script`` script is called o
msgid "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
msgstr "The ``/config/scripts/vyos-preconfig-bootup.script`` script is called on boot before the VyOS configuration during boot process."
-#: ../../automation/vyos-api.rst:187
+#: ../../automation/vyos-api.rst:224
msgid "The ``/show`` endpoint is to show everything in the operational mode."
msgstr "The ``/show`` endpoint is to show everything in the operational mode."
-#: ../../automation/vyos-api.rst:211
+#: ../../automation/vyos-api.rst:248
msgid "The ``generate`` endpoint run a ``generate`` command."
msgstr "The ``generate`` endpoint run a ``generate`` command."
@@ -568,7 +640,7 @@ msgstr "The default file looks like this:"
msgid "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
msgstr "The easiest way to configure the system via user-data is the Cloud-config syntax described below."
-#: ../../automation/vyos-api.rst:287
+#: ../../automation/vyos-api.rst:324
msgid "The endpoint ``/config-file`` is to save or load a configuration."
msgstr "The endpoint ``/config-file`` is to save or load a configuration."
@@ -604,11 +676,11 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
msgstr "This will result in the following error message: ``Set failed`` If this happens, a reboot is required to be able to edit the config manually again."
-#: ../../automation/vyos-api.rst:323
+#: ../../automation/vyos-api.rst:360
msgid "To Load a configuration file."
msgstr "To Load a configuration file."
-#: ../../automation/vyos-api.rst:149
+#: ../../automation/vyos-api.rst:186
msgid "To add or delete an image, use the ``/image`` endpoint."
msgstr "To add or delete an image, use the ``/image`` endpoint."
@@ -624,6 +696,10 @@ msgstr "To get the whole configuration, pass an empty list to the ``path`` field
msgid "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
msgstr "To include VyOS specific functions and aliases you need to ``source /opt/vyatta/etc/functions/script-template`` files at the top of your script."
+#: ../../automation/vyos-api.rst:149
+msgid "To initiate a reboot use the ``reboot`` endpoint."
+msgstr "To initiate a reboot use the ``reboot`` endpoint."
+
#: ../../automation/command-scripting.rst:128
msgid "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
msgstr "To make sure that a script is not accidentally called without the ``vyattacfg`` group, the script can be safeguarded like this:"
@@ -632,6 +708,10 @@ msgstr "To make sure that a script is not accidentally called without the ``vyat
msgid "To only get a part of the configuration, for example ``system syslog``."
msgstr "To only get a part of the configuration, for example ``system syslog``."
+#: ../../automation/vyos-api.rst:167
+msgid "To power off the system use the ``poweroff`` endpoint."
+msgstr "To power off the system use the ``poweroff`` endpoint."
+
#: ../../automation/cloud-init.rst:223
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -648,6 +728,14 @@ msgstr "User-data"
msgid "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
msgstr "User-data - User-data is specified by the user. This config source offers the ability to insert any CLI configuration commands into the configuration before the first boot."
+#: ../../automation/vyos-pyvyos.rst:35
+msgid "Using API Response Class"
+msgstr "Using API Response Class"
+
+#: ../../automation/vyos-pyvyos.rst:65
+msgid "Using PyVyOS"
+msgstr "Using PyVyOS"
+
#: ../../automation/cloud-init.rst:373
msgid "VM ID: in this example, VM ID used is 555."
msgstr "VM ID: in this example, VM ID used is 555."
@@ -736,11 +824,15 @@ msgstr "Without proxy it requires VyOS minion configuration and support op-mode
msgid "Without proxy it requires VyOS minion configuration and supports op-mode data:"
msgstr "Without proxy it requires VyOS minion configuration and supports op-mode data:"
-#: ../../automation/vyos-api.rst:230
+#: ../../automation/vyos-pyvyos.rst:17
+msgid "You can install PyVyOS using pip:"
+msgstr "You can install PyVyOS using pip:"
+
+#: ../../automation/vyos-api.rst:267
msgid "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
msgstr "You can pass a ``set``, ``delete`` or ``comment`` command to the ``/configure`` endpoint."
-#: ../../automation/vyos-api.rst:249
+#: ../../automation/vyos-api.rst:286
msgid "``delete`` a single command"
msgstr "``delete`` a single command"
@@ -748,7 +840,7 @@ msgstr "``delete`` a single command"
msgid "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
msgstr "``seed.iso`` was previously created in directory ``/tmp/``. It's necessary to move it to ``/var/lib/vz/template/iso``"
-#: ../../automation/vyos-api.rst:233
+#: ../../automation/vyos-api.rst:270
msgid "``set`` a single command"
msgstr "``set`` a single command"
@@ -764,7 +856,7 @@ msgstr "``vyos``/``vyos`` credentials if no others specified by data source."
msgid "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
msgstr "``write_files`` - this module allows to insert any files into the filesystem before the first boot, for example, pre-generated encryption keys, certificates, or even a whole ``config.boot`` file. The format is described in the cloudinit documentation `Cloud-init-write_files`_."
-#: ../../automation/vyos-api.rst:151
+#: ../../automation/vyos-api.rst:188
msgid "add an image"
msgstr "add an image"
@@ -784,7 +876,7 @@ msgstr "cloud-init logs to /var/log/cloud-init.log. This file can be helpful in
msgid "commands.txt"
msgstr "commands.txt"
-#: ../../automation/vyos-api.rst:168
+#: ../../automation/vyos-api.rst:205
msgid "delete an image, for example ``1.3-rolling-202006070117``"
msgstr "delete an image, for example ``1.3-rolling-202006070117``"
diff --git a/docs/_locale/uk/cli.pot b/docs/_locale/uk/cli.pot
index b97a7d99..40f3c22e 100644
--- a/docs/_locale/uk/cli.pot
+++ b/docs/_locale/uk/cli.pot
@@ -124,15 +124,19 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to `
msgid "Get a collection of all the set commands required which led to the running configuration."
msgstr "Get a collection of all the set commands required which led to the running configuration."
-#: ../../cli.rst:930
+#: ../../cli.rst:933
msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config."
-#: ../../cli.rst:916
+#: ../../cli.rst:919
msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:"
#: ../../cli.rst:413
+msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`"
+
+#: ../../cli.rst:413
msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`"
@@ -168,7 +172,7 @@ msgstr "Remote Archive"
msgid "Rename a configuration element."
msgstr "Rename a configuration element."
-#: ../../cli.rst:914
+#: ../../cli.rst:917
msgid "Restore Default"
msgstr "Restore Default"
@@ -184,7 +188,7 @@ msgstr "Rollback Changes"
msgid "Rollback to revision N (currently requires reboot)"
msgstr "Rollback to revision N (currently requires reboot)"
-#: ../../cli.rst:881
+#: ../../cli.rst:884
msgid "Saving and loading manually"
msgstr "Saving and loading manually"
@@ -244,11 +248,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:
msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command."
-#: ../../cli.rst:869
+#: ../../cli.rst:872
msgid "The number of revisions don't affect the commit-archive."
msgstr "The number of revisions don't affect the commit-archive."
-#: ../../cli.rst:927
+#: ../../cli.rst:930
msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too."
@@ -280,7 +284,7 @@ msgstr "To remove an existing comment from your current configuration, specify a
msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_."
-#: ../../cli.rst:892
+#: ../../cli.rst:895
msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address."
@@ -352,7 +356,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper
msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt."
-#: ../../cli.rst:886
+#: ../../cli.rst:889
msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:"
@@ -364,6 +368,10 @@ msgstr "When viewing in page mode the following commands are available:"
msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+#: ../../cli.rst:370
+msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time."
+
#: ../../cli.rst:618
msgid "You can also rename config subtrees:"
msgstr "You can also rename config subtrees:"
@@ -384,15 +392,15 @@ msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down wit
msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally."
-#: ../../cli.rst:883
+#: ../../cli.rst:886
msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files."
-#: ../../cli.rst:871
+#: ../../cli.rst:874
msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:"
-#: ../../cli.rst:924
+#: ../../cli.rst:927
msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active."
@@ -404,6 +412,18 @@ msgstr "``b`` will scroll back one page"
msgid "``ftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``ftp://<user>:<passwd>@<host>/<dir>``"
+#: ../../cli.rst:870
+msgid "``git+https://<user>:<passwd>@<host>/<path>``"
+msgstr "``git+https://<user>:<passwd>@<host>/<path>``"
+
+#: ../../cli.rst:864
+msgid "``http://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``http://<user>:<passwd>@<host>:/<dir>``"
+
+#: ../../cli.rst:865
+msgid "``https://<user>:<passwd>@<host>:/<dir>``"
+msgstr "``https://<user>:<passwd>@<host>:/<dir>``"
+
#: ../../cli.rst:71
msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size."
@@ -416,11 +436,11 @@ msgstr "``q`` key can be used to cancel output"
msgid "``return`` will scroll down one line"
msgstr "``return`` will scroll down one line"
-#: ../../cli.rst:864
+#: ../../cli.rst:868
msgid "``scp://<user>:<passwd>@<host>:/<dir>``"
msgstr "``scp://<user>:<passwd>@<host>:/<dir>``"
-#: ../../cli.rst:865
+#: ../../cli.rst:867
msgid "``sftp://<user>:<passwd>@<host>/<dir>``"
msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
@@ -428,7 +448,7 @@ msgstr "``sftp://<user>:<passwd>@<host>/<dir>``"
msgid "``space`` will scroll down one page"
msgstr "``space`` will scroll down one page"
-#: ../../cli.rst:867
+#: ../../cli.rst:869
msgid "``tftp://<host>/<dir>``"
msgstr "``tftp://<host>/<dir>``"
diff --git a/docs/_locale/uk/configexamples.pot b/docs/_locale/uk/configexamples.pot
index 8e5f83cd..d009b64c 100644
--- a/docs/_locale/uk/configexamples.pot
+++ b/docs/_locale/uk/configexamples.pot
@@ -211,22 +211,18 @@ msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them."
msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them."
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102
msgid "64496:1"
msgstr "64496:1"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108
msgid "64496:100"
msgstr "64496:100"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104
msgid "64496:2"
msgstr "64496:2"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106
msgid "64496:50"
msgstr "64496:50"
@@ -276,7 +272,7 @@ msgstr "A brief excursion into VRFs: This has been one of the longest-standing f
msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device."
-#: ../../configexamples/index.rst:35
+#: ../../configexamples/index.rst:37
msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test."
@@ -322,10 +318,22 @@ msgstr "Active Directory on Windows server"
msgid "Add (temporary) default route"
msgstr "Add (temporary) default route"
+#: ../../configexamples/ansible.rst:73
+msgid "Add all the hosts of VyOS:"
+msgstr "Add all the hosts of VyOS:"
+
+#: ../../configexamples/ansible.rst:85
+msgid "Add general variables:"
+msgstr "Add general variables:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47
msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`"
+#: ../../configexamples/ansible.rst:99
+msgid "Add the simple playbook with the tasks for each router:"
+msgstr "Add the simple playbook with the tasks for each router:"
+
#: ../../configexamples/wan-load-balancing.rst:167
msgid "Adding a rule for the second interface"
msgstr "Adding a rule for the second interface"
@@ -426,11 +434,15 @@ msgstr "And show all DHCP Leases"
msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig."
msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig."
-#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:None
-#: ../../configexamples/autotest/Wireguard/Wireguard.rst:None
+#: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1
msgid "Ansible Example topology image"
msgstr "Ansible Example topology image"
+#: ../../configexamples/ansible.rst:7
+msgid "Ansible example"
+msgstr "Ansible example"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10
msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**."
@@ -559,6 +571,10 @@ msgstr "Basic Firewall"
msgid "Basic Setup (via console)"
msgstr "Basic Setup (via console)"
+#: ../../configexamples/ansible.rst:64
+msgid "Basik configuration of the ansible.cfg:"
+msgstr "Basik configuration of the ansible.cfg:"
+
#: ../../configexamples/qos.rst:74
msgid "Before the interface eth0 on router VyOS3"
msgstr "Before the interface eth0 on router VyOS3"
@@ -611,6 +627,14 @@ msgstr "Check the result"
msgid "Check the result."
msgstr "Check the result."
+#: ../../configexamples/ansible.rst:142
+msgid "Check the result on the vyos10 router:"
+msgstr "Check the result on the vyos10 router:"
+
+#: ../../configexamples/ansible.rst:51
+msgid "Check the version:"
+msgstr "Check the version:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164
msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF."
@@ -619,6 +643,10 @@ msgstr "Checking the routing table of the VRF should reveal both static and conn
msgid "Checking through op-mode commands"
msgstr "Checking through op-mode commands"
+#: ../../configexamples/site-2-site-cisco.rst:71
+msgid "Cisco"
+msgstr "Cisco"
+
#: ../../configexamples/ha.rst:90
msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch"
@@ -652,6 +680,7 @@ msgstr "Conclusions"
#: ../../configexamples/ospf-unnumbered.rst:12
#: ../../configexamples/policy-based-ipsec-and-firewall.rst:47
#: ../../configexamples/segment-routing-isis.rst:24
+#: ../../configexamples/site-2-site-cisco.rst:18
msgid "Configuration"
msgstr "Configuration"
@@ -675,7 +704,7 @@ msgstr "Configuration 'dcsp' and shaper using QoS"
msgid "Configuration Blueprints"
msgstr "Configuration Blueprints"
-#: ../../configexamples/index.rst:28
+#: ../../configexamples/index.rst:30
msgid "Configuration Blueprints (autotest)"
msgstr "Configuration Blueprints (autotest)"
@@ -856,7 +885,7 @@ msgstr "Dynamic routing used between CE and PE nodes and eBGP peering establishe
msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same."
-#: ../../configexamples/index.rst:32
+#: ../../configexamples/index.rst:34
msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect."
@@ -962,6 +991,10 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman
msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP."
+#: ../../configexamples/site-2-site-cisco.rst:9
+msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES."
+
#: ../../configexamples/ha.rst:60
msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16"
@@ -998,6 +1031,10 @@ msgstr "From Management to Outside (fails as intended)"
msgid "Full configuration from all devices"
msgstr "Full configuration from all devices"
+#: ../../configexamples/site-2-site-cisco.rst:23
+msgid "GRE:"
+msgstr "GRE:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19
msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter."
@@ -1062,6 +1099,10 @@ msgstr "IPSec configuration:"
msgid "IP Schema"
msgstr "IP Schema"
+#: ../../configexamples/site-2-site-cisco.rst:34
+msgid "IPsec:"
+msgstr "IPsec:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85
msgid "IPv4 Network"
msgstr "IPv4 Network"
@@ -1171,6 +1212,10 @@ msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS sys
msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is."
+#: ../../configexamples/ansible.rst:216
+msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables."
+
#: ../../configexamples/ha.rst:154
msgid "In this case, the hardware router has a different IP, so it would be"
msgstr "In this case, the hardware router has a different IP, so it would be"
@@ -1191,6 +1236,10 @@ msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream
msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over."
+#: ../../configexamples/ansible.rst:12
+msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42
msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication."
msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication."
@@ -1215,6 +1264,14 @@ msgstr "Information about Ethernet Virtual Private Networks"
msgid "Information about prefix-sid and label-operation from VyOS"
msgstr "Information about prefix-sid and label-operation from VyOS"
+#: ../../configexamples/ansible.rst:37
+msgid "Install the Ansible:"
+msgstr "Install the Ansible:"
+
+#: ../../configexamples/ansible.rst:44
+msgid "Install the paramiko:"
+msgstr "Install the paramiko:"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3
msgid "Inter-VRF Routing over VRF Lite"
msgstr "Inter-VRF Routing over VRF Lite"
@@ -1276,7 +1333,7 @@ msgstr "Keep networks isolated is -in general- a good principle, but there are c
msgid "L3VPN EVPN with VyOS"
msgstr "L3VPN EVPN with VyOS"
-#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:None
+#: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1
msgid "L3VPN EVPN with VyOS topology image"
msgstr "L3VPN EVPN with VyOS topology image"
@@ -1403,29 +1460,14 @@ msgstr "Network Cabling"
msgid "Network Topology"
msgstr "Network Topology"
-#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:None
-#: ../../configexamples/l3vpn-hub-and-spoke.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/nmp.rst:None
-#: ../../configexamples/pppoe-ipv6-basic.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/qos.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/wan-load-balancing.rst:None
-#: ../../configexamples/zone-policy.rst:None
+#: ../../configexamples/ansible.rst:-1
+#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1
+#: ../../configexamples/l3vpn-hub-and-spoke.rst:-1
+#: ../../configexamples/nmp.rst:-1
+#: ../../configexamples/pppoe-ipv6-basic.rst:-1
+#: ../../configexamples/qos.rst:-1
+#: ../../configexamples/wan-load-balancing.rst:-1
+#: ../../configexamples/zone-policy.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -1457,7 +1499,7 @@ msgstr "Node"
msgid "Note that router1 is a VM that runs on one of the compute nodes."
msgstr "Note that router1 is a VM that runs on one of the compute nodes."
-#: ../../configexamples/pppoe-ipv6-basic.rst:111
+#: ../../configexamples/pppoe-ipv6-basic.rst:115
msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)."
@@ -1554,7 +1596,7 @@ msgstr "One cable/logical connection between LAN2 and Management"
msgid "OpenVPN with LDAP"
msgstr "OpenVPN with LDAP"
-#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:None
+#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1
msgid "OpenVPN with LDAP topology image"
msgstr "OpenVPN with LDAP topology image"
@@ -1793,6 +1835,10 @@ msgstr "Sets your LAN interface's IP address"
msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF."
+#: ../../configexamples/ansible.rst:10
+msgid "Setting up Ansible on a server running the Debian operating system."
+msgstr "Setting up Ansible on a server running the Debian operating system."
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51
msgid "Setup the ipv6 default route to the tunnel interface"
msgstr "Setup the ipv6 default route to the tunnel interface"
@@ -1809,6 +1855,10 @@ msgstr "Similarly, to attach the firewall, you would use `set interfaces etherne
msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address."
+#: ../../configexamples/site-2-site-cisco.rst:128
+msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information"
+
#: ../../configexamples/zone-policy.rst:236
msgid "Since we have 4 zones, we need to setup the following rulesets."
msgstr "Since we have 4 zones, we need to setup the following rulesets."
@@ -1821,6 +1871,10 @@ msgstr "Single LAN Setup"
msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:"
+#: ../../configexamples/site-2-site-cisco.rst:4
+msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN"
+
#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179
msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:"
@@ -1838,6 +1892,10 @@ msgstr "Spoke"
msgid "Start by setting the interface and default action for each zone."
msgstr "Start by setting the interface and default action for each zone."
+#: ../../configexamples/ansible.rst:122
+msgid "Start the playbook:"
+msgstr "Start the playbook:"
+
#: ../../configexamples/zone-policy.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
@@ -1909,6 +1967,11 @@ msgstr "Testdate: 2023-05-11"
msgid "Testdate: 2023-08-31"
msgstr "Testdate: 2023-08-31"
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:6
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7
+msgid "Testdate: 2024-01-13"
+msgstr "Testdate: 2024-01-13"
+
#: ../../configexamples/ha.rst:276
#: ../../configexamples/ha.rst:337
msgid "Testing"
@@ -1979,7 +2042,11 @@ msgstr "The format of these addresses:"
msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers."
-#: ../../configexamples/index.rst:30
+#: ../../configexamples/site-2-site-cisco.rst:14
+msgid "The lab was built using EVE-NG."
+msgstr "The lab was built using EVE-NG."
+
+#: ../../configexamples/index.rst:32
msgid "The next pages contains automatic full tested configuration examples."
msgstr "The next pages contains automatic full tested configuration examples."
@@ -1987,7 +2054,7 @@ msgstr "The next pages contains automatic full tested configuration examples."
msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order."
-#: ../../configexamples/index.rst:38
+#: ../../configexamples/index.rst:40
msgid "The process will do the following steps:"
msgstr "The process will do the following steps:"
@@ -1999,6 +2066,10 @@ msgstr "The scope of this document is to cover such cases in a dynamic way witho
msgid "The setup used in this example is shown in the following diagram:"
msgstr "The setup used in this example is shown in the following diagram:"
+#: ../../configexamples/ansible.rst:161
+msgid "The simple way without configuration of the hostname (one task for all routers):"
+msgstr "The simple way without configuration of the hostname (one task for all routers):"
+
#: ../../configexamples/ha.rst:339
msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router."
@@ -2079,6 +2150,10 @@ msgstr "This example uses the failover mode."
msgid "This gives us MPLS segment routing enabled and labels forwarding :"
msgstr "This gives us MPLS segment routing enabled and labels forwarding :"
+#: ../../configexamples/site-2-site-cisco.rst:6
+msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel."
+
#: ../../configexamples/azure-vpn-dual-bgp.rst:8
msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates."
@@ -2196,7 +2271,7 @@ msgstr "Transport:"
msgid "Tunnelbroker.net (IPv6)"
msgstr "Tunnelbroker.net (IPv6)"
-#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:None
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1
msgid "Tunnelbroker topology image"
msgstr "Tunnelbroker topology image"
@@ -2212,6 +2287,7 @@ msgstr "Two rules will be created, the first rule directs traffic coming in from
msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that."
+#: ../../configexamples/ansible.rst:15
#: ../../configexamples/qos.rst:16
msgid "Using the general schema for example:"
msgstr "Using the general schema for example:"
@@ -2245,6 +2321,7 @@ msgstr "VRRP Configuration"
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829
+#: ../../configexamples/site-2-site-cisco.rst:134
msgid "Verification"
msgstr "Verification"
@@ -2264,9 +2341,18 @@ msgid "Version: 1.4-rolling-202308240020"
msgstr "Version: 1.4-rolling-202308240020"
#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
+#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8
+msgid "Version: 1.5-rolling-202401121239"
+msgstr "Version: 1.5-rolling-202401121239"
+
+#: ../../configexamples/autotest/Wireguard/Wireguard.rst:7
msgid "Version: vyos-1.4-rolling-202302150317"
msgstr "Version: vyos-1.4-rolling-202302150317"
+#: ../../configexamples/site-2-site-cisco.rst:21
+msgid "VyOS"
+msgstr "VyOS"
+
#: ../../configexamples/l3vpn-hub-and-spoke.rst:1025
msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE"
@@ -2434,6 +2520,10 @@ msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF t
msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources."
+#: ../../configexamples/ansible.rst:22
+msgid "We have four pre-configured routers with this configuration:"
+msgstr "We have four pre-configured routers with this configuration:"
+
#: ../../configexamples/zone-policy.rst:25
msgid "We have three networks."
msgstr "We have three networks."
@@ -2623,15 +2713,15 @@ msgstr "compute3 - Port 11 of each switch"
msgid "compute3 (VMware ESXi 6.5)"
msgstr "compute3 (VMware ESXi 6.5)"
-#: ../../configexamples/index.rst:41
+#: ../../configexamples/index.rst:43
msgid "configure each host in the lab"
msgstr "configure each host in the lab"
-#: ../../configexamples/index.rst:40
+#: ../../configexamples/index.rst:42
msgid "create the lab on a eve-ng server"
msgstr "create the lab on a eve-ng server"
-#: ../../configexamples/index.rst:42
+#: ../../configexamples/index.rst:44
msgid "do some defined tests"
msgstr "do some defined tests"
@@ -2652,7 +2742,7 @@ msgstr "extended community and remote label of specific destination"
msgid "first the PCA"
msgstr "first the PCA"
-#: ../../configexamples/index.rst:44
+#: ../../configexamples/index.rst:46
msgid "generate the documentation and include files"
msgstr "generate the documentation and include files"
@@ -2664,7 +2754,7 @@ msgstr "green uses local routing table id and VNI 4000"
msgid "information between PE and CE:"
msgstr "information between PE and CE:"
-#: ../../configexamples/index.rst:43
+#: ../../configexamples/index.rst:45
msgid "optional do an upgrade to a higher version and do step 3 again."
msgstr "optional do an upgrade to a higher version and do step 3 again."
@@ -2680,7 +2770,7 @@ msgstr "router2 (Random 1RU machine with 4 NICs)"
msgid "save the output to a file and import it in nearly all openvpn clients."
msgstr "save the output to a file and import it in nearly all openvpn clients."
-#: ../../configexamples/index.rst:45
+#: ../../configexamples/index.rst:47
msgid "shutdown and destroy the lab, if there is no error"
msgstr "shutdown and destroy the lab, if there is no error"
@@ -2700,6 +2790,22 @@ msgstr "switch2 (Nexus 10gb Switch)"
msgid "v6 pairs would be:"
msgstr "v6 pairs would be:"
+#: ../../configexamples/ansible.rst:34
+msgid "vyos10 - 192.0.2.108"
+msgstr "vyos10 - 192.0.2.108"
+
+#: ../../configexamples/ansible.rst:31
+msgid "vyos7 - 192.0.2.105"
+msgstr "vyos7 - 192.0.2.105"
+
+#: ../../configexamples/ansible.rst:32
+msgid "vyos8 - 192.0.2.106"
+msgstr "vyos8 - 192.0.2.106"
+
+#: ../../configexamples/ansible.rst:33
+msgid "vyos9 - 192.0.2.107"
+msgstr "vyos9 - 192.0.2.107"
+
#: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571
msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail."
diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot
index 1a912c61..62a76e08 100644
--- a/docs/_locale/uk/configuration.pot
+++ b/docs/_locale/uk/configuration.pot
@@ -40,6 +40,10 @@ msgstr "\"Managed address configuration\" flag"
msgid "\"Other configuration\" flag"
msgstr "\"Other configuration\" flag"
+#: ../../configuration/firewall/flowtables.rst:5
+msgid "###################ä############# Flowtables Firewall Configuration #################################"
+msgstr "###################ä############# Flowtables Firewall Configuration #################################"
+
#: ../../configuration/protocols/babel.rst:146
msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves."
@@ -100,11 +104,19 @@ msgstr "**Applies to:** Outbound traffic."
msgid "**Apply the traffic policy to an interface ingress or egress**."
msgstr "**Apply the traffic policy to an interface ingress or egress**."
+#: ../../configuration/firewall/index.rst:22
+msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not."
+
+#: ../../configuration/firewall/index.rst:23
+msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not."
+
#: ../../configuration/interfaces/tunnel.rst:137
msgid "**Cisco IOS Router:**"
msgstr "**Cisco IOS Router:**"
-#: ../../configuration/service/pppoe-server.rst:69
+#: ../../configuration/service/pppoe-server.rst:66
msgid "**Client IP address via IP range definition**"
msgstr "**Client IP address via IP range definition**"
@@ -116,56 +128,49 @@ msgstr "**Client IP subnets via CIDR notation**"
msgid "**Cluster-List length check**"
msgstr "**Cluster-List length check**"
+#: ../../configuration/firewall/index.rst:35
+msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``."
+
#: ../../configuration/trafficpolicy/index.rst:30
msgid "**Create a traffic policy**."
msgstr "**Create a traffic policy**."
+#: ../../configuration/interfaces/wwan.rst:53
#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-common-with-dhcp.txt:9
-#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021q.txt:97
#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../_include/interface-common-with-dhcp.txt:9
#: ../../_include/interface-vlan-8021q.txt:97
-#: ../../_include/interface-vlan-8021ad.txt:121
-#: ../../configuration/interfaces/wwan.rst:53
msgid "**DHCP(v6)**"
msgstr "**DHCP(v6)**"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:1
msgid "**DHCPv6 Prefix Delegation (PD)**"
msgstr "**DHCPv6 Prefix Delegation (PD)**"
+#: ../../configuration/firewall/index.rst:41
+msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/firewall/index.rst:43
+msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/index.rst:44
+msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**."
+
+#: ../../configuration/firewall/bridge.rst:9
+#: ../../configuration/firewall/flowtables.rst:9
+msgid "**Documentation under development**"
+msgstr "**Documentation under development**"
+
#: ../../configuration/trafficpolicy/index.rst:169
msgid "**Ethernet (protocol, destination address or source address)**"
msgstr "**Ethernet (protocol, destination address or source address)**"
-#: ../../configuration/service/dhcp-server.rst:235
-#: ../../configuration/service/dhcp-server.rst:657
-#: ../../configuration/service/dhcp-server.rst:694
+#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/service/dhcp-server.rst:587
+#: ../../configuration/service/dhcp-server.rst:626
msgid "**Example:**"
msgstr "**Example:**"
@@ -177,10 +182,30 @@ msgstr "**External check**"
msgid "**Firewall mark**"
msgstr "**Firewall mark**"
-#: ../../configuration/firewall/index.rst:41
+#: ../../configuration/firewall/flowtables.rst:51
+msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html"
+
+#: ../../configuration/firewall/index.rst:152
msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_"
+#: ../../configuration/firewall/index.rst:58
+msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:86
+msgid "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/index.rst:87
+msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:"
+
+#: ../../configuration/firewall/flowtables.rst:83
+msgid "**Hardware offload:** should be supported by the NICs used."
+msgstr "**Hardware offload:** should be supported by the NICs used."
+
#: ../../configuration/protocols/bgp.rst:94
msgid "**IGP cost check**"
msgstr "**IGP cost check**"
@@ -205,6 +230,17 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr
msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm"
+#: ../../configuration/firewall/ipv4.rst:60
+#: ../../configuration/firewall/ipv6.rst:60
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**"
+
+#: ../../configuration/firewall/bridge.rst:143
+#: ../../configuration/firewall/ipv4.rst:190
+#: ../../configuration/firewall/ipv6.rst:190
+msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**."
+
#: ../../configuration/firewall/general.rst:72
msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."
@@ -221,23 +257,35 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term
msgid "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
msgstr "**Important note on usage of terms:** The firewall makes use of the terms `in`, `out`, and `local` for firewall policy. Users experienced with netfilter often confuse `in` to be a reference to the `INPUT` chain, and `out` the `OUTPUT` chain from netfilter. This is not the case. These instead indicate the use of the `FORWARD` chain and either the input or output interface. The `INPUT` chain, which is used for local traffic to the OS, is a reference to as `local` with respect to its input interface."
+#: ../../configuration/firewall/index.rst:48
+msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:49
+msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/trafficpolicy/index.rst:170
msgid "**Interface name**"
msgstr "**Interface name**"
-#: ../../configuration/vpn/site2site_ipsec.rst:299
+#: ../../configuration/vpn/site2site_ipsec.rst:303
msgid "**LEFT**"
msgstr "**LEFT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:283
+#: ../../configuration/vpn/site2site_ipsec.rst:287
msgid "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
msgstr "**LEFT:** * WAN interface on `eth0.201` * `eth0.201` interface IP: `172.18.201.10/24` * `vti10` interface IP: `10.0.0.2/31` * `dum0` interface IP: `10.0.11.1/24` (for testing purposes)"
-#: ../../configuration/interfaces/vxlan.rst:214
+#: ../../configuration/firewall/bridge.rst:48
+msgid "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+msgstr "**Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic is sent to the router to this IP (for example using such IP as default gateway), then rules defined for **bridge firewall** won't match, and firewall analysis continues at **IP layer**."
+
+#: ../../configuration/interfaces/vxlan.rst:235
msgid "**Leaf2 configuration:**"
msgstr "**Leaf2 configuration:**"
-#: ../../configuration/interfaces/vxlan.rst:239
+#: ../../configuration/interfaces/vxlan.rst:260
msgid "**Leaf3 configuration:**"
msgstr "**Leaf3 configuration:**"
@@ -261,33 +309,33 @@ msgstr "**MED check**"
msgid "**Multi-path check**"
msgstr "**Multi-path check**"
-#: ../../configuration/protocols/bgp.rst:1192
+#: ../../configuration/protocols/bgp.rst:1193
msgid "**Node1:**"
msgstr "**Node1:**"
-#: ../../configuration/protocols/bgp.rst:1220
+#: ../../configuration/protocols/bgp.rst:1221
msgid "**Node2:**"
msgstr "**Node2:**"
#: ../../configuration/protocols/ospf.rst:840
#: ../../configuration/protocols/ospf.rst:913
#: ../../configuration/protocols/ospf.rst:985
-#: ../../configuration/protocols/ospf.rst:1348
+#: ../../configuration/protocols/ospf.rst:1350
#: ../../configuration/protocols/segment-routing.rst:281
msgid "**Node 1**"
msgstr "**Node 1**"
#: ../../configuration/protocols/babel.rst:192
-#: ../../configuration/protocols/bgp.rst:1102
-#: ../../configuration/protocols/bgp.rst:1129
-#: ../../configuration/protocols/bgp.rst:1147
-#: ../../configuration/protocols/bgp.rst:1175
-#: ../../configuration/protocols/isis.rst:313
-#: ../../configuration/protocols/isis.rst:388
-#: ../../configuration/protocols/isis.rst:429
-#: ../../configuration/protocols/isis.rst:467
+#: ../../configuration/protocols/bgp.rst:1103
+#: ../../configuration/protocols/bgp.rst:1130
+#: ../../configuration/protocols/bgp.rst:1148
+#: ../../configuration/protocols/bgp.rst:1176
+#: ../../configuration/protocols/isis.rst:341
+#: ../../configuration/protocols/isis.rst:416
+#: ../../configuration/protocols/isis.rst:457
+#: ../../configuration/protocols/isis.rst:495
#: ../../configuration/protocols/ospf.rst:948
-#: ../../configuration/protocols/ospf.rst:1318
+#: ../../configuration/protocols/ospf.rst:1320
#: ../../configuration/protocols/rip.rst:243
#: ../../configuration/protocols/segment-routing.rst:195
msgid "**Node 1:**"
@@ -296,20 +344,20 @@ msgstr "**Node 1:**"
#: ../../configuration/protocols/ospf.rst:850
#: ../../configuration/protocols/ospf.rst:930
#: ../../configuration/protocols/ospf.rst:1001
-#: ../../configuration/protocols/ospf.rst:1363
+#: ../../configuration/protocols/ospf.rst:1365
#: ../../configuration/protocols/segment-routing.rst:296
msgid "**Node 2**"
msgstr "**Node 2**"
#: ../../configuration/protocols/babel.rst:202
-#: ../../configuration/protocols/bgp.rst:1113
-#: ../../configuration/protocols/bgp.rst:1135
-#: ../../configuration/protocols/bgp.rst:1159
-#: ../../configuration/protocols/bgp.rst:1181
-#: ../../configuration/protocols/isis.rst:324
-#: ../../configuration/protocols/isis.rst:404
-#: ../../configuration/protocols/isis.rst:483
-#: ../../configuration/protocols/ospf.rst:1327
+#: ../../configuration/protocols/bgp.rst:1114
+#: ../../configuration/protocols/bgp.rst:1136
+#: ../../configuration/protocols/bgp.rst:1160
+#: ../../configuration/protocols/bgp.rst:1182
+#: ../../configuration/protocols/isis.rst:352
+#: ../../configuration/protocols/isis.rst:432
+#: ../../configuration/protocols/isis.rst:511
+#: ../../configuration/protocols/ospf.rst:1329
#: ../../configuration/protocols/rip.rst:251
#: ../../configuration/protocols/segment-routing.rst:211
msgid "**Node 2:**"
@@ -331,15 +379,39 @@ msgstr "**One gateway:**"
msgid "**Origin check**"
msgstr "**Origin check**"
+#: ../../configuration/firewall/index.rst:64
+msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
+#: ../../configuration/firewall/index.rst:65
+msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:"
+
#: ../../configuration/protocols/bgp.rst:125
msgid "**Peer address**"
msgstr "**Peer address**"
+#: ../../configuration/firewall/index.rst:38
+msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``."
+
#: ../../configuration/policy/examples.rst:5
msgid "**Policy definition:**"
msgstr "**Policy definition:**"
-#: ../../configuration/service/dhcp-server.rst:450
+#: ../../configuration/firewall/index.rst:76
+msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:"
+
+#: ../../configuration/firewall/index.rst:29
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/firewall/index.rst:28
+msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:"
+
+#: ../../configuration/service/dhcp-server.rst:391
msgid "**Primary**"
msgstr "**Primary**"
@@ -401,19 +473,19 @@ msgstr "**R2**"
msgid "**R2 Static Key**"
msgstr "**R2 Static Key**"
-#: ../../configuration/service/pppoe-server.rst:104
+#: ../../configuration/service/pppoe-server.rst:91
msgid "**RADIUS based IP pools (Framed-IP-Address)**"
msgstr "**RADIUS based IP pools (Framed-IP-Address)**"
-#: ../../configuration/service/pppoe-server.rst:128
+#: ../../configuration/service/pppoe-server.rst:115
msgid "**RADIUS sessions management DM/CoA**"
msgstr "**RADIUS sessions management DM/CoA**"
-#: ../../configuration/vpn/site2site_ipsec.rst:335
+#: ../../configuration/vpn/site2site_ipsec.rst:343
msgid "**RIGHT**"
msgstr "**RIGHT**"
-#: ../../configuration/vpn/site2site_ipsec.rst:289
+#: ../../configuration/vpn/site2site_ipsec.rst:293
msgid "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172.18.202.10/24` * `vti10` interface IP: `10.0.0.3/31` * `dum0` interface IP: `10.0.12.1/24` (for testing purposes)"
@@ -421,15 +493,15 @@ msgstr "**RIGHT:** * WAN interface on `eth0.202` * `eth0.201` interface IP: `172
msgid "**Router-ID check**"
msgstr "**Router-ID check**"
-#: ../../configuration/protocols/igmp.rst:46
+#: ../../configuration/protocols/pim.rst:228
msgid "**Router 1**"
msgstr "**Router 1**"
-#: ../../configuration/protocols/igmp.rst:74
+#: ../../configuration/protocols/pim.rst:256
msgid "**Router 2**"
msgstr "**Router 2**"
-#: ../../configuration/protocols/igmp.rst:59
+#: ../../configuration/protocols/pim.rst:241
msgid "**Router 3**"
msgstr "**Router 3**"
@@ -449,7 +521,7 @@ msgstr "**SW1**"
msgid "**SW2**"
msgstr "**SW2**"
-#: ../../configuration/service/dhcp-server.rst:459
+#: ../../configuration/service/dhcp-server.rst:400
msgid "**Secondary**"
msgstr "**Secondary**"
@@ -461,15 +533,19 @@ msgstr "**Setting up IPSec**"
msgid "**Setting up the GRE tunnel**"
msgstr "**Setting up the GRE tunnel**"
-#: ../../configuration/interfaces/vxlan.rst:191
+#: ../../configuration/firewall/index.rst:80
+msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``."
+
+#: ../../configuration/interfaces/vxlan.rst:212
msgid "**Spine1 Configuration:**"
msgstr "**Spine1 Configuration:**"
-#: ../../configuration/protocols/ospf.rst:1378
+#: ../../configuration/protocols/ospf.rst:1380
msgid "**Status**"
msgstr "**Status**"
-#: ../../configuration/protocols/ospf.rst:1336
+#: ../../configuration/protocols/ospf.rst:1338
msgid "**To see the redistributed routes:**"
msgstr "**To see the redistributed routes:**"
@@ -490,48 +566,12 @@ msgstr "**VyOS Router:**"
msgid "**Weight check**"
msgstr "**Weight check**"
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
-#: ../../_include/interface-dhcp-options.txt:69
+#: ../../_include/interface-dhcp-options.txt:74
msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24"
#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
#: ../../_include/interface-address.txt:6
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:7
msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64"
@@ -579,51 +619,19 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe
msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces."
-#: ../../configuration/vpn/sstp.rst:188
+#: ../../configuration/vpn/sstp.rst:199
msgid "**deny** - deny mppe"
msgstr "**deny** - deny mppe"
-#: ../../configuration/nat/nat44.rst:201
+#: ../../configuration/nat/nat44.rst:213
msgid "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
msgstr "**destination** - specify which packets the translation will be applied to, only based on the destination address and/or port number configured."
#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:9
msgid "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
msgstr "**dhcp** interface address is received by DHCP from a DHCP server on this segment."
#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
-#: ../../_include/interface-address-with-dhcp.txt:11
msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment."
@@ -631,7 +639,7 @@ msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server
msgid "**discard:** Received packets which already contain relay information will be discarded."
msgstr "**discard:** Received packets which already contain relay information will be discarded."
-#: ../../configuration/protocols/igmp.rst:195
+#: ../../configuration/protocols/igmp-proxy.rst:23
msgid "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
msgstr "**downstream:** Downstream network interfaces are the distribution interfaces to the destination networks, where multicast clients can join groups and receive multicast data. One or more downstream interfaces must be configured."
@@ -643,7 +651,7 @@ msgstr "**exporter**: aggregates packets into flows and exports flow records tow
msgid "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
-#: ../../configuration/firewall/general.rst:99
+#: ../../configuration/firewall/global-options.rst:36
msgid "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
msgstr "**firewall global-options all-ping** affects only to LOCAL and it always behaves in the most restrictive way"
@@ -655,6 +663,10 @@ msgstr "**forward:** All packets are forwarded, relay information already presen
msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to."
+#: ../../configuration/nat/nat44.rst:165
+msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
#: ../../configuration/interfaces/bonding.rst:161
msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is"
@@ -739,7 +751,11 @@ msgstr "**on-failure**: Restart containers when they exit with a non-zero exit c
msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to."
-#: ../../configuration/vpn/sstp.rst:187
+#: ../../configuration/nat/nat44.rst:149
+msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported."
+
+#: ../../configuration/vpn/sstp.rst:198
msgid "**prefer** - ask client for mppe, if it rejects don't fail"
msgstr "**prefer** - ask client for mppe, if it rejects don't fail"
@@ -751,7 +767,7 @@ msgstr "**process** When dnssec is set to process the behavior is similar to pro
msgid "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
msgstr "**process-no-validate** In this mode the recursor acts as a \"security aware, non-validating\" nameserver, meaning it will set the DO-bit on outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for them (by means of a DO-bit in the query), except for zones provided through the auth-zones setting. It will not do any validation in this mode, not even when requested by the client."
-#: ../../configuration/nat/nat44.rst:169
+#: ../../configuration/nat/nat44.rst:181
msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols."
@@ -767,7 +783,7 @@ msgstr "**remote side - commands**"
msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set."
-#: ../../configuration/vpn/sstp.rst:186
+#: ../../configuration/vpn/sstp.rst:197
msgid "**require** - ask client for mppe, if it rejects drop connection"
msgstr "**require** - ask client for mppe, if it rejects drop connection"
@@ -779,7 +795,7 @@ msgstr "**right**"
msgid "**setpcap**: Capability sets (from bounded or inherited set)"
msgstr "**setpcap**: Capability sets (from bounded or inherited set)"
-#: ../../configuration/nat/nat44.rst:183
+#: ../../configuration/nat/nat44.rst:195
msgid "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
msgstr "**source** - specifies which packets the NAT translation rule applies to based on the packets source IP address and/or source port. Only matching packets are considered for NAT."
@@ -795,7 +811,7 @@ msgstr "**sys-time**: Permission to set system clock"
msgid "**transition** - Send and accept both styles of TLVs during transition."
msgstr "**transition** - Send and accept both styles of TLVs during transition."
-#: ../../configuration/protocols/igmp.rst:191
+#: ../../configuration/protocols/igmp-proxy.rst:19
msgid "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
msgstr "**upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. There can only be one upstream interface."
@@ -860,25 +876,6 @@ msgid "011110"
msgstr "011110"
#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
-#: ../../_include/interface-ipv6.txt:79
msgid "0: Disable DAD"
msgstr "0: Disable DAD"
@@ -890,7 +887,7 @@ msgstr "0 if not defined, which means no refreshing."
msgid "0 if not defined."
msgstr "0 if not defined."
-#: ../../configuration/service/dhcp-server.rst:270
+#: ../../configuration/service/dhcp-server.rst:237
#: ../../configuration/system/syslog.rst:114
#: ../../configuration/system/syslog.rst:173
#: ../../configuration/trafficpolicy/index.rst:801
@@ -898,7 +895,7 @@ msgstr "0 if not defined."
msgid "1"
msgstr "1"
-#: ../../configuration/nat/nat44.rst:588
+#: ../../configuration/nat/nat44.rst:612
msgid "1-to-1 NAT"
msgstr "1-to-1 NAT"
@@ -953,7 +950,7 @@ msgstr "10 - 10 MBit/s"
msgid "11"
msgstr "11"
-#: ../../configuration/service/dhcp-server.rst:352
+#: ../../configuration/service/dhcp-server.rst:319
msgid "119"
msgstr "119"
@@ -963,11 +960,11 @@ msgstr "119"
msgid "12"
msgstr "12"
-#: ../../configuration/service/dhcp-server.rst:357
+#: ../../configuration/service/dhcp-server.rst:324
msgid "121, 249"
msgstr "121, 249"
-#: ../../configuration/service/dhcp-server.rst:337
+#: ../../configuration/service/dhcp-server.rst:304
#: ../../configuration/system/syslog.rst:138
#: ../../configuration/trafficpolicy/index.rst:870
msgid "13"
@@ -979,7 +976,7 @@ msgstr "13"
msgid "14"
msgstr "14"
-#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:264
#: ../../configuration/system/syslog.rst:142
#: ../../configuration/trafficpolicy/index.rst:866
msgid "15"
@@ -1003,7 +1000,7 @@ msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)"
msgid "18"
msgstr "18"
-#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:269
#: ../../configuration/system/syslog.rst:150
msgid "19"
msgstr "19"
@@ -1016,25 +1013,10 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)"
msgid "1. Create an event handler"
msgstr "1. Create an event handler"
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
-#: ../../_include/interface-ipv6.txt:80
+#: ../../configuration/firewall/flowtables.rst:144
+msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1."
+
#: ../../_include/interface-ipv6.txt:80
msgid "1: Enable DAD (default)"
msgstr "1: Enable DAD (default)"
@@ -1043,7 +1025,7 @@ msgstr "1: Enable DAD (default)"
msgid "1 if not defined."
msgstr "1 if not defined."
-#: ../../configuration/service/dhcp-server.rst:276
+#: ../../configuration/service/dhcp-server.rst:243
#: ../../configuration/system/syslog.rst:116
#: ../../configuration/system/syslog.rst:178
#: ../../configuration/trafficpolicy/index.rst:799
@@ -1077,7 +1059,7 @@ msgstr "25000 - 25 GBit/s"
msgid "2500 - 2.5 GBit/s"
msgstr "2500 - 2.5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dhcp-server.rst:329
msgid "252"
msgstr "252"
@@ -1097,30 +1079,15 @@ msgstr "2FA OTP support"
msgid "2. Add regex to the script"
msgstr "2. Add regex to the script"
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
-#: ../../_include/interface-ipv6.txt:81
+#: ../../configuration/firewall/flowtables.rst:148
+msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid."
+
#: ../../_include/interface-ipv6.txt:81
msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found."
-#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:249
#: ../../configuration/system/syslog.rst:118
#: ../../configuration/system/syslog.rst:181
#: ../../configuration/trafficpolicy/index.rst:797
@@ -1148,7 +1115,7 @@ msgstr "38"
msgid "3. Add a full path to the script"
msgstr "3. Add a full path to the script"
-#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:254
#: ../../configuration/system/syslog.rst:120
#: ../../configuration/system/syslog.rst:183
#: ../../configuration/trafficpolicy/index.rst:795
@@ -1164,11 +1131,11 @@ msgstr "40000 - 40 GBit/s"
msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel."
-#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:274
msgid "42"
msgstr "42"
-#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:279
msgid "44"
msgstr "44"
@@ -1180,6 +1147,10 @@ msgstr "46"
msgid "4. Add optional parameters"
msgstr "4. Add optional parameters"
+#: ../../configuration/firewall/flowtables.rst:153
+msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10."
+
#: ../../configuration/system/syslog.rst:122
#: ../../configuration/system/syslog.rst:185
#: ../../configuration/trafficpolicy/index.rst:793
@@ -1195,16 +1166,20 @@ msgstr "50000 - 50 GBit/s"
msgid "5000 - 5 GBit/s"
msgstr "5000 - 5 GBit/s"
-#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:284
msgid "54"
msgstr "54"
+#: ../../configuration/firewall/flowtables.rst:157
+msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection."
+
#: ../../configuration/highavailability/index.rst:257
#: ../../configuration/highavailability/index.rst:288
msgid "5 if not defined."
msgstr "5 if not defined."
-#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:259
#: ../../configuration/system/syslog.rst:124
#: ../../configuration/system/syslog.rst:189
#: ../../configuration/trafficpolicy/index.rst:791
@@ -1212,7 +1187,7 @@ msgstr "5 if not defined."
msgid "6"
msgstr "6"
-#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:294
msgid "66"
msgstr "66"
@@ -1220,14 +1195,18 @@ msgstr "66"
msgid "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
msgstr "66% of traffic is routed to eth0, eth1 gets 33% of traffic."
-#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:299
msgid "67"
msgstr "67"
-#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:309
msgid "69"
msgstr "69"
+#: ../../configuration/firewall/flowtables.rst:161
+msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**."
+
#: ../../configuration/interfaces/tunnel.rst:81
msgid "6in4 (SIT)"
msgstr "6in4 (SIT)"
@@ -1243,7 +1222,7 @@ msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defin
msgid "7"
msgstr "7"
-#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:314
msgid "70"
msgstr "70"
@@ -1252,11 +1231,6 @@ msgid "8"
msgstr "8"
#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
-#: ../../_include/interface-vlan-8021q.txt:21
msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``."
@@ -1325,22 +1299,31 @@ msgstr "<x.x.x.x>-<x.x.x.x>: IP range to match."
msgid "<x.x.x.x>: IP address to match."
msgstr "<x.x.x.x>: IP address to match."
+#: ../../configuration/pki/index.rst:252
+msgid "ACME"
+msgstr "ACME"
+
+#: ../../configuration/pki/index.rst:281
+msgid "ACME Directory Resource URI."
+msgstr "ACME Directory Resource URI."
+
+#: ../../configuration/service/https.rst:59
+msgid "API"
+msgstr "API"
+
#: ../../configuration/protocols/static.rst:150
msgid "ARP"
msgstr "ARP"
-#: ../../configuration/firewall/general.rst:302
-#: ../../configuration/firewall/general-legacy.rst:257
+#: ../../configuration/firewall/groups.rst:129
msgid "A **domain group** represents a collection of domains."
msgstr "A **domain group** represents a collection of domains."
-#: ../../configuration/firewall/general.rst:284
-#: ../../configuration/firewall/general-legacy.rst:242
+#: ../../configuration/firewall/groups.rst:111
msgid "A **mac group** represents a collection of mac addresses."
msgstr "A **mac group** represents a collection of mac addresses."
-#: ../../configuration/firewall/general.rst:259
-#: ../../configuration/firewall/general-legacy.rst:217
+#: ../../configuration/firewall/groups.rst:86
msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`."
@@ -1368,7 +1351,7 @@ msgstr "A GRE tunnel operates at layer 3 of the OSI model and is represented by
msgid "A Rule-Set can be applied to every interface:"
msgstr "A Rule-Set can be applied to every interface:"
-#: ../../configuration/service/dhcp-server.rst:631
+#: ../../configuration/service/dhcp-server.rst:561
msgid "A SNTP server address can be specified for DHCPv6 clients."
msgstr "A SNTP server address can be specified for DHCPv6 clients."
@@ -1380,11 +1363,11 @@ msgstr "A VRF device is created with an associated route table. Network interfac
msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)."
-#: ../../configuration/service/dns.rst:149
+#: ../../configuration/service/dns.rst:162
msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com."
-#: ../../configuration/service/dhcp-server.rst:603
+#: ../../configuration/service/dhcp-server.rst:533
msgid "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients."
@@ -1392,7 +1375,7 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used
msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well."
-#: ../../configuration/firewall/zone.rst:54
+#: ../../configuration/firewall/zone.rst:73
msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`."
@@ -1413,7 +1396,7 @@ msgstr "A common example is the case of some policies which, in order to be effe
msgid "A complete LDAP auth OpenVPN configuration could look like the following example:"
msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:"
-#: ../../configuration/vpn/sstp.rst:323
+#: ../../configuration/vpn/sstp.rst:335
msgid "A connection attempt will be shown as:"
msgstr "A connection attempt will be shown as:"
@@ -1433,7 +1416,7 @@ msgstr "A disabled group will be removed from the VRRP process and your router w
msgid "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
msgstr "A domain name is the label (name) assigned to a computer network and is thus unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`."
-#: ../../configuration/nat/nat44.rst:685
+#: ../../configuration/nat/nat44.rst:709
msgid "A dummy interface for the provider-assigned IP;"
msgstr "A dummy interface for the provider-assigned IP;"
@@ -1445,7 +1428,7 @@ msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availabi
msgid "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
msgstr "A full example of a Tunnelbroker.net config can be found at :ref:`here <examples-tunnelbroker-ipv6>`."
-#: ../../configuration/service/dhcp-server.rst:187
+#: ../../configuration/service/dhcp-server.rst:152
msgid "A generic `<name>` referencing this sync service."
msgstr "A generic `<name>` referencing this sync service."
@@ -1489,6 +1472,10 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik
msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:"
+#: ../../configuration/firewall/flowtables.rst:44
+msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path."
+
#: ../../configuration/protocols/bgp.rst:698
msgid "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
msgstr "A penalty of 1000 is assessed each time the route fails. When the penalties reach a predefined threshold (suppress-value), the router stops advertising the route."
@@ -1497,12 +1484,12 @@ msgstr "A penalty of 1000 is assessed each time the route fails. When the penalt
msgid "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
msgstr "A physical interface is required to connect this MACsec instance to. Traffic leaving this interface will now be authenticated/encrypted."
-#: ../../configuration/nat/nat44.rst:360
+#: ../../configuration/nat/nat44.rst:374
msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"
msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:"
-#: ../../configuration/firewall/general.rst:761
-#: ../../configuration/firewall/general-legacy.rst:506
+#: ../../configuration/firewall/ipv4.rst:485
+#: ../../configuration/firewall/ipv6.rst:491
msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."
msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``."
@@ -1536,23 +1523,14 @@ msgid "A segment ID that contains an IP address prefix calculated by an IGP in t
msgstr "A segment ID that contains an IP address prefix calculated by an IGP in the service provider core network. Prefix SIDs are globally unique, this value indentify it"
#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
-#: ../../_include/interface-disable-flow-control.txt:11
msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up."
-#: ../../configuration/service/dhcp-server.rst:659
+#: ../../configuration/service/dhcp-server.rst:589
msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``"
-#: ../../configuration/protocols/bgp.rst:1145
+#: ../../configuration/protocols/bgp.rst:1146
msgid "A simple BGP configuration via IPv6."
msgstr "A simple BGP configuration via IPv6."
@@ -1560,7 +1538,7 @@ msgstr "A simple BGP configuration via IPv6."
msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate."
-#: ../../configuration/protocols/bgp.rst:1100
+#: ../../configuration/protocols/bgp.rst:1101
msgid "A simple eBGP configuration:"
msgstr "A simple eBGP configuration:"
@@ -1572,6 +1550,14 @@ msgstr "A simple example of Shaper using priorities."
msgid "A simple example of an FQ-CoDel policy working inside a Shaper one."
msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one."
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take."
+
+#: ../../configuration/firewall/index.rst:14
+msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take."
+
#: ../../configuration/nat/nat66.rst:28
msgid "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
msgstr "A single internal network and external network. Use the NAT66 device to connect a single internal network and public network, and the hosts in the internal network use IPv6 address prefixes that only support routing within the local range. When a host in the internal network accesses the external network, the source IPv6 address prefix in the message will be converted into a global unicast IPv6 address prefix by the NAT66 device."
@@ -1584,11 +1570,11 @@ msgstr "A station acts as a Wi-Fi client accessing the network through an availa
msgid "A sync group allows VRRP groups to transition together."
msgstr "A sync group allows VRRP groups to transition together."
-#: ../../configuration/protocols/ospf.rst:1316
+#: ../../configuration/protocols/ospf.rst:1318
msgid "A typical configuration using 2 nodes."
msgstr "A typical configuration using 2 nodes."
-#: ../../configuration/nat/nat44.rst:400
+#: ../../configuration/nat/nat44.rst:414
msgid "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
msgstr "A typical problem with using NAT and hosting public servers is the ability for internal systems to reach an internal server using it's external IP address. The solution to this is usually the use of split-DNS to correctly point host systems to the internal address when requests are made internally. Because many smaller networks lack DNS infrastructure, a work-around is commonly deployed to facilitate the traffic by NATing the request from internal hosts to the source address of the internal interface on the firewall."
@@ -1612,11 +1598,11 @@ msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header
msgid "A very small buffer will soon start dropping packets."
msgstr "A very small buffer will soon start dropping packets."
-#: ../../configuration/firewall/zone.rst:33
+#: ../../configuration/firewall/zone.rst:52
msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone."
-#: ../../configuration/service/dns.rst:384
+#: ../../configuration/service/dns.rst:397
msgid "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
msgstr "Above, command syntax isn noted to configure dynamic dns on a specific interface. It is possible to overlook the additional address option, web, when completeing those commands. ddclient_ has another way to determine the WAN IP address, using a web-based url to determine the external IP. Each of the commands above will need to be modified to use 'web' as the 'interface' specified if this functionality is to be utilized."
@@ -1652,12 +1638,14 @@ msgstr "Action must be taken immediately - A condition that should be corrected
msgid "Action which will be run once the ctrl-alt-del keystroke is received."
msgstr "Action which will be run once the ctrl-alt-del keystroke is received."
-#: ../../configuration/firewall/general.rst:327
+#: ../../configuration/firewall/bridge.rst:65
+#: ../../configuration/firewall/ipv4.rst:81
+#: ../../configuration/firewall/ipv6.rst:81
#: ../../configuration/policy/route.rst:238
msgid "Actions"
msgstr "Actions"
-#: ../../configuration/interfaces/openvpn.rst:431
+#: ../../configuration/interfaces/openvpn.rst:483
msgid "Active Directory"
msgstr "Active Directory"
@@ -1737,7 +1725,7 @@ msgstr "Add the private key portion of this certificate to the CLI. This should
msgid "Add the public CA certificate for the CA named `name` to the VyOS CLI."
msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI."
-#: ../../configuration/vpn/openconnect.rst:169
+#: ../../configuration/vpn/openconnect.rst:176
msgid "Adding a 2FA with an OTP-key"
msgstr "Adding a 2FA with an OTP-key"
@@ -1753,7 +1741,7 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing
msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side."
-#: ../../configuration/nat/nat44.rst:738
+#: ../../configuration/nat/nat44.rst:760
msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)"
@@ -1765,7 +1753,7 @@ msgstr "Additionally you should keep in mind that this feature fundamentally dis
msgid "Address"
msgstr "Address"
-#: ../../configuration/nat/nat44.rst:219
+#: ../../configuration/nat/nat44.rst:231
msgid "Address Conversion"
msgstr "Address Conversion"
@@ -1773,20 +1761,19 @@ msgstr "Address Conversion"
msgid "Address Families"
msgstr "Address Families"
-#: ../../configuration/firewall/general.rst:192
-#: ../../configuration/firewall/general-legacy.rst:168
+#: ../../configuration/firewall/groups.rst:19
msgid "Address Groups"
msgstr "Address Groups"
-#: ../../configuration/service/dhcp-server.rst:662
+#: ../../configuration/service/dhcp-server.rst:592
msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``."
-#: ../../configuration/service/dhcp-server.rst:652
+#: ../../configuration/service/dhcp-server.rst:582
msgid "Address pools"
msgstr "Address pools"
-#: ../../configuration/service/https.rst:42
+#: ../../configuration/service/https.rst:33
msgid "Address to listen for HTTPS requests"
msgstr "Address to listen for HTTPS requests"
@@ -1798,7 +1785,7 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for
msgid "Administrative Distance"
msgstr "Administrative Distance"
-#: ../../configuration/nat/nat44.rst:289
+#: ../../configuration/nat/nat44.rst:301
msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them."
@@ -1818,7 +1805,7 @@ msgstr "Advertising a Prefix"
msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:"
-#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:325
msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3."
@@ -1846,7 +1833,7 @@ msgstr "Algorithm"
msgid "Aliases"
msgstr "Aliases"
-#: ../../configuration/service/dns.rst:154
+#: ../../configuration/service/dns.rst:167
msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1"
@@ -1874,7 +1861,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes
msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop."
-#: ../../configuration/service/dns.rst:156
+#: ../../configuration/service/dns.rst:169
msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff"
@@ -1882,6 +1869,10 @@ msgstr "All other DNS requests will be forwarded to a different set of DNS serve
msgid "All reply sizes are accepted by default."
msgstr "All reply sizes are accepted by default."
+#: ../../configuration/protocols/pim.rst:91
+msgid "All routers in the PIM network must agree on these values."
+msgstr "All routers in the PIM network must agree on these values."
+
#: ../../configuration/system/task-scheduler.rst:10
msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration."
@@ -1894,11 +1885,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an
msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS."
-#: ../../configuration/firewall/zone.rst:36
+#: ../../configuration/firewall/zone.rst:55
msgid "All traffic between zones is affected by existing policies"
msgstr "All traffic between zones is affected by existing policies"
-#: ../../configuration/firewall/zone.rst:35
+#: ../../configuration/firewall/zone.rst:54
msgid "All traffic to and from an interface within a zone is permitted."
msgstr "All traffic to and from an interface within a zone is permitted."
@@ -1922,7 +1913,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy
msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces."
-#: ../../configuration/service/dns.rst:346
+#: ../../configuration/service/dns.rst:359
msgid "Allow explicit IPv6 address for the interface."
msgstr "Allow explicit IPv6 address for the interface."
@@ -1930,15 +1921,24 @@ msgstr "Allow explicit IPv6 address for the interface."
msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP."
+#: ../../configuration/service/mdns.rst:43
+msgid "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+msgstr "Allow listing additional custom domains to be browsed (in addition to the default ``local``) so that they can be reflected."
+
#: ../../configuration/protocols/bfd.rst:34
msgid "Allow this BFD peer to not be directly connected"
msgstr "Allow this BFD peer to not be directly connected"
-#: ../../configuration/firewall/general.rst:1137
#: ../../configuration/firewall/general-legacy.rst:694
msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."
+#: ../../configuration/firewall/ipv4.rst:812
+#: ../../configuration/firewall/ipv6.rst:821
+#: ../../configuration/system/conntrack.rst:199
+msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example."
+
#: ../../configuration/interfaces/bridge.rst:162
msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen."
@@ -1959,7 +1959,9 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP
msgid "Already learned known_hosts files of clients need an update as the public key will change."
msgstr "Already learned known_hosts files of clients need an update as the public key will change."
-#: ../../configuration/firewall/general.rst:377
+#: ../../configuration/firewall/bridge.rst:123
+#: ../../configuration/firewall/ipv4.rst:166
+#: ../../configuration/firewall/ipv6.rst:166
msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."
@@ -1971,7 +1973,7 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic
msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:"
-#: ../../configuration/nat/nat44.rst:276
+#: ../../configuration/nat/nat44.rst:288
msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one."
@@ -1983,15 +1985,15 @@ msgstr "Alternate Routing Tables"
msgid "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
msgstr "Alternate routing tables are used with policy based routing by utilizing :ref:`vrf`."
-#: ../../configuration/interfaces/vxlan.rst:321
+#: ../../configuration/interfaces/vxlan.rst:342
msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:"
-#: ../../configuration/service/dhcp-server.rst:130
+#: ../../configuration/service/dhcp-server.rst:116
msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server."
-#: ../../configuration/firewall/general.rst:241
+#: ../../configuration/firewall/groups.rst:68
msgid "An **interface group** represents a collection of interfaces."
msgstr "An **interface group** represents a collection of interfaces."
@@ -2035,6 +2037,10 @@ msgstr "An agent is a network-management software module that resides on a manag
msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)"
+#: ../../configuration/firewall/ipv4.rst:373
+msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion."
+
#: ../../configuration/firewall/general-legacy.rst:424
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2043,7 +2049,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."
-#: ../../configuration/firewall/general.rst:619
+#: ../../configuration/firewall/ipv6.rst:371
msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"
@@ -2072,7 +2078,7 @@ msgstr "An example of creating a VLAN-aware bridge is as follows:"
msgid "An example of key generation:"
msgstr "An example of key generation:"
-#: ../../configuration/vpn/openconnect.rst:291
+#: ../../configuration/vpn/openconnect.rst:298
msgid "An example of the data captured by a FREERADIUS server with sql accounting:"
msgstr "An example of the data captured by a FREERADIUS server with sql accounting:"
@@ -2080,10 +2086,34 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti
msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``&quot;`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``."
+#: ../../configuration/firewall/flowtables.rst:142
+msgid "Analysis on what happens for desired connection:"
+msgstr "Analysis on what happens for desired connection:"
+
+#: ../../configuration/firewall/bridge.rst:297
+msgid "And, to print only bridge firewall information:"
+msgstr "And, to print only bridge firewall information:"
+
+#: ../../configuration/firewall/ipv4.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:57
+msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``"
+
#: ../../configuration/policy/route.rst:76
msgid "And for ipv6:"
msgstr "And for ipv6:"
+#: ../../configuration/firewall/groups.rst:165
+msgid "And next, some configuration example where groups are used:"
+msgstr "And next, some configuration example where groups are used:"
+
+#: ../../configuration/firewall/bridge.rst:349
+msgid "And op-mode commands:"
+msgstr "And op-mode commands:"
+
#: ../../configuration/system/ip.rst:84
msgid "And the different IPv4 **reset** commands available:"
msgstr "And the different IPv4 **reset** commands available:"
@@ -2093,7 +2123,7 @@ msgstr "And the different IPv4 **reset** commands available:"
msgid "And then hash is reduced modulo slave count."
msgstr "And then hash is reduced modulo slave count."
-#: ../../configuration/nat/nat44.rst:590
+#: ../../configuration/nat/nat44.rst:614
msgid "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT configuration, both DNAT and SNAT are used to NAT all traffic from an external IP address to an internal IP address and vice-versa."
@@ -2118,7 +2148,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo
msgid "Apply routing policy to **inbound** direction of out VLAN interfaces"
msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces"
-#: ../../configuration/firewall/zone.rst:82
+#: ../../configuration/firewall/zone.rst:101
msgid "Applying a Rule-Set to a Zone"
msgstr "Applying a Rule-Set to a Zone"
@@ -2151,49 +2181,11 @@ msgstr "Arista EOS"
msgid "Aruba/HP"
msgstr "Aruba/HP"
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/pppoe.rst:207
#: ../../configuration/interfaces/pppoe.rst:253
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
#: ../../configuration/interfaces/sstp-client.rst:79
#: ../../_include/interface-ip.txt:4
#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
-#: ../../_include/interface-ip.txt:4
-#: ../../_include/interface-ipv6.txt:60
msgid "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of a SYN packet. By setting the MSS value, you are telling the remote side unequivocally 'do not try to send me packets bigger than this value'."
@@ -2209,6 +2201,10 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de
msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors."
+#: ../../configuration/firewall/index.rst:7
+msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)."
+
#: ../../configuration/interfaces/wwan.rst:326
msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed."
@@ -2221,10 +2217,14 @@ msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte b
msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel."
-#: ../../configuration/firewall/zone.rst:49
+#: ../../configuration/firewall/zone.rst:68
msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs."
+#: ../../configuration/firewall/flowtables.rst:109
+msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch."
+
#: ../../configuration/system/option.rst:80
msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs."
@@ -2241,6 +2241,10 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys
msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1."
+#: ../../configuration/firewall/groups.rst:147
+msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules."
+
#: ../../configuration/trafficpolicy/index.rst:196
msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_."
@@ -2249,11 +2253,11 @@ msgstr "As shown in the example above, one of the possibilities to match packets
msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies."
-#: ../../configuration/firewall/index.rst:81
+#: ../../configuration/firewall/index.rst:176
msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface."
-#: ../../configuration/firewall/index.rst:60
+#: ../../configuration/firewall/index.rst:182
msgid "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
msgstr "As the example image below shows, the device was configured with rules blocking inbound or outbound traffic on each interface."
@@ -2281,7 +2285,7 @@ msgstr "As with other policies, you can define different type of matching rules
msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:"
-#: ../../configuration/interfaces/vxlan.rst:264
+#: ../../configuration/interfaces/vxlan.rst:285
msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:"
@@ -2309,7 +2313,7 @@ msgstr "Assign member interfaces to PortChannel"
msgid "Assign static IP address to `<user>` account."
msgstr "Assign static IP address to `<user>` account."
-#: ../../configuration/service/dhcp-server.rst:111
+#: ../../configuration/service/dhcp-server.rst:97
msgid "Assign the IP address to this machine for `<time>` seconds."
msgstr "Assign the IP address to this machine for `<time>` seconds."
@@ -2377,7 +2381,6 @@ msgstr "Assured Forwarding(AF) 43"
msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."
-#: ../../configuration/firewall/general.rst:1489
#: ../../configuration/firewall/general-legacy.rst:972
msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"
@@ -2434,7 +2437,7 @@ msgstr "Authentication – to verify that the message is from a valid source."
msgid "Authorization token"
msgstr "Authorization token"
-#: ../../configuration/service/pppoe-server.rst:172
+#: ../../configuration/service/pppoe-server.rst:159
msgid "Automatic VLAN Creation"
msgstr "Automatic VLAN Creation"
@@ -2442,6 +2445,10 @@ msgstr "Automatic VLAN Creation"
msgid "Automatic VLAN creation"
msgstr "Automatic VLAN creation"
+#: ../../configuration/protocols/pim.rst:137
+msgid "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+msgstr "Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed."
+
#: ../../configuration/system/option.rst:19
msgid "Automatically reboot system on kernel panic after 60 seconds."
msgstr "Automatically reboot system on kernel panic after 60 seconds."
@@ -2450,7 +2457,7 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds."
msgid "Autonomous Systems"
msgstr "Autonomous Systems"
-#: ../../configuration/nat/nat44.rst:370
+#: ../../configuration/nat/nat44.rst:384
msgid "Avoiding \"leaky\" NAT"
msgstr "Avoiding \"leaky\" NAT"
@@ -2530,7 +2537,7 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add
msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable."
-#: ../../configuration/vrf/index.rst:411
+#: ../../configuration/vrf/index.rst:413
msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN."
@@ -2563,7 +2570,7 @@ msgid "Balancing based on domain name"
msgstr "Balancing based on domain name"
#: ../../configuration/service/ipoe-server.rst:122
-#: ../../configuration/service/pppoe-server.rst:195
+#: ../../configuration/service/pppoe-server.rst:182
#: ../../configuration/vpn/l2tp.rst:113
msgid "Bandwidth Shaping"
msgstr "Bandwidth Shaping"
@@ -2573,7 +2580,7 @@ msgstr "Bandwidth Shaping"
msgid "Bandwidth Shaping for local users"
msgstr "Bandwidth Shaping for local users"
-#: ../../configuration/service/pppoe-server.rst:197
+#: ../../configuration/service/pppoe-server.rst:184
msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes."
@@ -2585,7 +2592,14 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att
msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes."
-#: ../../configuration/vpn/dmvpn.rst:34
+#: ../../configuration/firewall/ipv4.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``"
+
+#: ../../configuration/firewall/ipv6.rst:54
+msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``"
+
#: ../../configuration/vpn/dmvpn.rst:34
msgid "Baseline DMVPN topology"
msgstr "Baseline DMVPN topology"
@@ -2594,7 +2608,6 @@ msgstr "Baseline DMVPN topology"
msgid "Basic Concepts"
msgstr "Basic Concepts"
-#: ../../configuration/protocols/igmp.rst:91
#: ../../configuration/protocols/pim6.rst:26
msgid "Basic commands"
msgstr "Basic commands"
@@ -2611,7 +2624,7 @@ msgstr "Basic filtering could also be applied to IPv6 traffic."
msgid "Basic setup"
msgstr "Basic setup"
-#: ../../configuration/vpn/openconnect.rst:255
+#: ../../configuration/vpn/openconnect.rst:262
msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group."
@@ -2631,11 +2644,11 @@ msgstr "Because existing sessions do not automatically fail over to a new path,
msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted."
-#: ../../configuration/firewall/zone.rst:84
+#: ../../configuration/firewall/zone.rst:103
msgid "Before you are able to apply a rule-set to a zone you have to create the zones first."
msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first."
-#: ../../configuration/vpn/site2site_ipsec.rst:413
+#: ../../configuration/vpn/site2site_ipsec.rst:422
msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured."
@@ -2663,7 +2676,7 @@ msgstr "Binary value"
msgid "Bind listener to specific interface/address, mandatory for IPv6"
msgstr "Bind listener to specific interface/address, mandatory for IPv6"
-#: ../../configuration/interfaces/vxlan.rst:285
+#: ../../configuration/interfaces/vxlan.rst:306
msgid "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
msgstr "Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge."
@@ -2695,15 +2708,15 @@ msgstr "Bond / Link Aggregation"
msgid "Bond options"
msgstr "Bond options"
-#: ../../configuration/service/dhcp-server.rst:339
+#: ../../configuration/service/dhcp-server.rst:306
msgid "Boot image length in 512-octet blocks"
msgstr "Boot image length in 512-octet blocks"
-#: ../../configuration/service/dhcp-server.rst:334
+#: ../../configuration/service/dhcp-server.rst:301
msgid "Bootstrap file name"
msgstr "Bootstrap file name"
-#: ../../configuration/interfaces/vxlan.rst:102
+#: ../../configuration/interfaces/vxlan.rst:123
msgid "Both IPv4 and IPv6 multicast is possible."
msgstr "Both IPv4 and IPv6 multicast is possible."
@@ -2712,25 +2725,6 @@ msgid "Both local administered and remote administered :abbr:`RADIUS (Remote Aut
msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Authentication Dial-In User Service)` accounts are supported."
#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
-#: ../../_include/interface-ip.txt:88
msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on."
@@ -2746,10 +2740,18 @@ msgstr "Bridge"
msgid "Bridge:"
msgstr "Bridge:"
+#: ../../configuration/firewall/bridge.rst:7
+msgid "Bridge Firewall Configuration"
+msgstr "Bridge Firewall Configuration"
+
#: ../../configuration/interfaces/bridge.rst:66
msgid "Bridge Options"
msgstr "Bridge Options"
+#: ../../configuration/firewall/bridge.rst:56
+msgid "Bridge Rules"
+msgstr "Bridge Rules"
+
#: ../../configuration/interfaces/bridge.rst:198
#: ../../configuration/interfaces/bridge.rst:233
msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64"
@@ -2779,7 +2781,7 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if
msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client."
-#: ../../configuration/service/dns.rst:380
+#: ../../configuration/service/dns.rst:393
msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP."
@@ -2792,7 +2794,7 @@ msgstr "By default, enabling RPKI does not change best path selection. In partic
msgid "By default, it supports both planned and unplanned outages."
msgstr "By default, it supports both planned and unplanned outages."
-#: ../../configuration/service/https.rst:54
+#: ../../configuration/service/https.rst:45
msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts."
@@ -2808,8 +2810,7 @@ msgstr "By default, the BGP prefix is advertised even if it's not present in the
msgid "By default, this bridging is allowed."
msgstr "By default, this bridging is allowed."
-#: ../../configuration/firewall/general.rst:90
-#: ../../configuration/firewall/general-legacy.rst:42
+#: ../../configuration/firewall/global-options.rst:27
msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall."
@@ -2876,7 +2877,7 @@ msgstr "Certificates"
msgid "Change system keyboard layout to given language."
msgstr "Change system keyboard layout to given language."
-#: ../../configuration/firewall/zone.rst:75
+#: ../../configuration/firewall/zone.rst:94
msgid "Change the default-action with this setting."
msgstr "Change the default-action with this setting."
@@ -2896,6 +2897,10 @@ msgstr "Changing the keymap only has an effect on the system console, using SSH
msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173"
+#: ../../configuration/system/updates.rst:28
+msgid "Check:"
+msgstr "Check:"
+
#: ../../configuration/system/acceleration.rst:32
msgid "Check if the Intel® QAT device is up and ready to do the job."
msgstr "Check if the Intel® QAT device is up and ready to do the job."
@@ -2908,10 +2913,14 @@ msgstr "Check status"
msgid "Check the many parameters available for the `show ipv6 route` command:"
msgstr "Check the many parameters available for the `show ipv6 route` command:"
-#: ../../configuration/service/pppoe-server.rst:320
+#: ../../configuration/service/pppoe-server.rst:307
msgid "Checking connections"
msgstr "Checking connections"
+#: ../../configuration/firewall/flowtables.rst:165
+msgid "Checks"
+msgstr "Checks"
+
#: ../../configuration/service/tftp-server.rst:21
msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated."
@@ -2921,25 +2930,6 @@ msgid "Cisco Catalyst"
msgstr "Cisco Catalyst"
#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
-#: ../../_include/interface-ip.txt:168
msgid "Cisco and Allied Telesyn call it Private VLAN"
msgstr "Cisco and Allied Telesyn call it Private VLAN"
@@ -2955,7 +2945,7 @@ msgstr "Class treatment"
msgid "Classes"
msgstr "Classes"
-#: ../../configuration/service/dhcp-server.rst:359
+#: ../../configuration/service/dhcp-server.rst:326
msgid "Classless static route"
msgstr "Classless static route"
@@ -2975,7 +2965,7 @@ msgstr "Client:"
msgid "Client Address Pools"
msgstr "Client Address Pools"
-#: ../../configuration/interfaces/openvpn.rst:388
+#: ../../configuration/interfaces/openvpn.rst:440
msgid "Client Authentication"
msgstr "Client Authentication"
@@ -2983,7 +2973,7 @@ msgstr "Client Authentication"
msgid "Client Configuration"
msgstr "Client Configuration"
-#: ../../configuration/vpn/sstp.rst:278
+#: ../../configuration/vpn/sstp.rst:289
msgid "Client IP addresses will be provided from pool `192.0.2.0/25`"
msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`"
@@ -2995,11 +2985,11 @@ msgstr "Client Side"
msgid "Client configuration"
msgstr "Client configuration"
-#: ../../configuration/service/dhcp-server.rst:299
+#: ../../configuration/service/dhcp-server.rst:266
msgid "Client domain name"
msgstr "Client domain name"
-#: ../../configuration/service/dhcp-server.rst:354
+#: ../../configuration/service/dhcp-server.rst:321
msgid "Client domain search"
msgstr "Client domain search"
@@ -3011,7 +3001,7 @@ msgstr "Client isolation can be used to prevent low-level bridging of frames bet
msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:"
-#: ../../configuration/service/dhcp-server.rst:590
+#: ../../configuration/service/dhcp-server.rst:514
msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``."
@@ -3023,7 +3013,9 @@ msgstr "Clock daemon"
msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."
-#: ../../configuration/firewall/general.rst:530
+#: ../../configuration/firewall/bridge.rst:216
+#: ../../configuration/firewall/ipv4.rst:298
+#: ../../configuration/firewall/ipv6.rst:298
msgid "Command for disabling a rule but keep it in the configuration."
msgstr "Command for disabling a rule but keep it in the configuration."
@@ -3031,12 +3023,16 @@ msgstr "Command for disabling a rule but keep it in the configuration."
msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."
-#: ../../configuration/firewall/general.rst:1544
-#: ../../configuration/firewall/general-legacy.rst:1054
+#: ../../configuration/firewall/ipv4.rst:1179
+#: ../../configuration/firewall/ipv6.rst:1195
msgid "Command used to update GeoIP database and firewall sets."
msgstr "Command used to update GeoIP database and firewall sets."
-#: ../../configuration/service/dhcp-server.rst:438
+#: ../../configuration/firewall/flowtables.rst:119
+msgid "Commands"
+msgstr "Commands"
+
+#: ../../configuration/service/dhcp-server.rst:379
msgid "Common configuration, valid for both primary and secondary node."
msgstr "Common configuration, valid for both primary and secondary node."
@@ -3072,7 +3068,9 @@ msgid "Confidentiality – Encryption of packets to prevent snooping by an unaut
msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source."
#: ../../configuration/container/index.rst:12
-#: ../../configuration/firewall/zone.rst:47
+#: ../../configuration/firewall/global-options.rst:23
+#: ../../configuration/firewall/groups.rst:11
+#: ../../configuration/firewall/zone.rst:66
#: ../../configuration/interfaces/bonding.rst:17
#: ../../configuration/interfaces/bridge.rst:21
#: ../../configuration/interfaces/dummy.rst:28
@@ -3081,6 +3079,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/l2tpv3.rst:31
#: ../../configuration/interfaces/loopback.rst:26
#: ../../configuration/interfaces/macsec.rst:20
+#: ../../configuration/interfaces/openvpn.rst:585
#: ../../configuration/interfaces/pppoe.rst:59
#: ../../configuration/interfaces/pseudo-ethernet.rst:45
#: ../../configuration/interfaces/sstp-client.rst:20
@@ -3090,7 +3089,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/interfaces/wireless.rst:30
#: ../../configuration/interfaces/wwan.rst:16
#: ../../configuration/loadbalancing/reverse-proxy.rst:13
-#: ../../configuration/nat/nat44.rst:681
+#: ../../configuration/nat/nat44.rst:705
#: ../../configuration/policy/access-list.rst:13
#: ../../configuration/policy/as-path-list.rst:10
#: ../../configuration/policy/community-list.rst:10
@@ -3101,7 +3100,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/policy/route-map.rst:10
#: ../../configuration/protocols/bfd.rst:143
#: ../../configuration/protocols/bgp.rst:164
-#: ../../configuration/protocols/igmp.rst:186
+#: ../../configuration/protocols/igmp-proxy.rst:14
#: ../../configuration/protocols/isis.rst:28
#: ../../configuration/protocols/ospf.rst:22
#: ../../configuration/protocols/ospf.rst:1076
@@ -3112,13 +3111,13 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/service/dhcp-relay.rst:19
#: ../../configuration/service/dhcp-relay.rst:137
#: ../../configuration/service/dhcp-server.rst:22
-#: ../../configuration/service/dhcp-server.rst:586
+#: ../../configuration/service/dhcp-server.rst:510
#: ../../configuration/service/dns.rst:8
-#: ../../configuration/service/dns.rst:214
+#: ../../configuration/service/dns.rst:227
#: ../../configuration/service/https.rst:14
#: ../../configuration/service/ipoe-server.rst:28
#: ../../configuration/service/lldp.rst:36
-#: ../../configuration/service/mdns.rst:18
+#: ../../configuration/service/mdns.rst:19
#: ../../configuration/service/ntp.rst:40
#: ../../configuration/service/pppoe-server.rst:17
#: ../../configuration/service/salt-minion.rst:25
@@ -3131,28 +3130,31 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau
#: ../../configuration/system/login.rst:241
#: ../../configuration/system/login.rst:310
#: ../../configuration/system/sflow.rst:12
+#: ../../configuration/system/updates.rst:8
#: ../../configuration/vpn/dmvpn.rst:38
#: ../../configuration/vpn/dmvpn.rst:182
#: ../../configuration/vpn/openconnect.rst:21
#: ../../configuration/vpn/sstp.rst:65
#: ../../configuration/vrf/index.rst:16
#: ../../configuration/vrf/index.rst:253
-#: ../../configuration/vrf/index.rst:286
-#: ../../configuration/vrf/index.rst:434
+#: ../../configuration/vrf/index.rst:288
+#: ../../configuration/vrf/index.rst:436
msgid "Configuration"
msgstr "Configuration"
+#: ../../configuration/firewall/flowtables.rst:100
#: ../../configuration/protocols/babel.rst:188
-#: ../../configuration/protocols/ospf.rst:1314
+#: ../../configuration/protocols/ospf.rst:1316
#: ../../configuration/protocols/pim6.rst:78
#: ../../configuration/protocols/rip.rst:239
#: ../../configuration/protocols/segment-routing.rst:187
#: ../../configuration/system/login.rst:279
-#: ../../configuration/system/login.rst:348
+#: ../../configuration/system/login.rst:350
msgid "Configuration Example"
msgstr "Configuration Example"
-#: ../../configuration/nat/nat44.rst:313
+#: ../../configuration/nat/nat44.rst:325
+#: ../../configuration/nat/nat64.rst:38
#: ../../configuration/nat/nat66.rst:109
msgid "Configuration Examples"
msgstr "Configuration Examples"
@@ -3165,6 +3167,10 @@ msgstr "Configuration Guide"
msgid "Configuration Options"
msgstr "Configuration Options"
+#: ../../configuration/firewall/global-options.rst:17
+msgid "Configuration commands covered in this section:"
+msgstr "Configuration commands covered in this section:"
+
#: ../../configuration/vpn/ipsec.rst:284
msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
@@ -3173,7 +3179,11 @@ msgstr "Configuration commands for the private and public key will be displayed
msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:"
-#: ../../configuration/vrf/index.rst:428
+#: ../../configuration/firewall/bridge.rst:323
+msgid "Configuration example:"
+msgstr "Configuration example:"
+
+#: ../../configuration/vrf/index.rst:430
msgid "Configuration for these exported routes must, at a minimum, specify these two parameters."
msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters."
@@ -3181,11 +3191,11 @@ msgstr "Configuration for these exported routes must, at a minimum, specify thes
msgid "Configuration of :ref:`routing-static`"
msgstr "Configuration of :ref:`routing-static`"
-#: ../../configuration/service/dhcp-server.rst:430
+#: ../../configuration/service/dhcp-server.rst:371
msgid "Configuration of a DHCP failover pair"
msgstr "Configuration of a DHCP failover pair"
-#: ../../configuration/vrf/index.rst:436
+#: ../../configuration/vrf/index.rst:438
msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family."
@@ -3198,11 +3208,11 @@ msgstr "Configure"
msgid "Configure BFD"
msgstr "Configure BFD"
-#: ../../configuration/service/dns.rst:245
+#: ../../configuration/service/dns.rst:258
msgid "Configure DNS `<record>` which should be updated. This can be set multiple times."
msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times."
-#: ../../configuration/service/dns.rst:240
+#: ../../configuration/service/dns.rst:253
msgid "Configure DNS `<zone>` to be updated."
msgstr "Configure DNS `<zone>` to be updated."
@@ -3224,59 +3234,42 @@ msgstr "Configure Graceful Restart :rfc:`3623` restarting support. When enabled,
msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets."
-#: ../../configuration/vpn/sstp.rst:203
+#: ../../configuration/vpn/sstp.rst:214
msgid "Configure RADIUS `<server>` and its required port for authentication requests."
msgstr "Configure RADIUS `<server>` and its required port for authentication requests."
-#: ../../configuration/vpn/sstp.rst:207
+#: ../../configuration/vpn/sstp.rst:218
msgid "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
msgstr "Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server."
-#: ../../configuration/nat/nat44.rst:210
+#: ../../configuration/nat/nat44.rst:222
msgid "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
msgstr "Configure SNAT rule (40) to only NAT packets with a destination address of 192.0.2.1."
#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
-#: ../../_include/interface-mtu.txt:4
msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link."
-#: ../../configuration/system/login.rst:373
+#: ../../configuration/system/login.rst:375
msgid "Configure `<message>` which is shown after user has logged in to the system."
msgstr "Configure `<message>` which is shown after user has logged in to the system."
-#: ../../configuration/system/login.rst:368
+#: ../../configuration/system/login.rst:370
msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in."
msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in."
-#: ../../configuration/service/dns.rst:328
+#: ../../configuration/service/dns.rst:341
msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`."
-#: ../../configuration/service/dns.rst:321
+#: ../../configuration/service/dns.rst:334
msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service>`. For Namecheap, set the <domain> you wish to update."
+#: ../../configuration/system/updates.rst:17
+msgid "Configure a URL that contains information about images."
+msgstr "Configure a URL that contains information about images."
+
#: ../../configuration/system/flow-accounting.rst:158
msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface."
@@ -3311,7 +3304,7 @@ msgstr "Configure agent IP address associated with this interface."
msgid "Configure aggregation delay timer interval."
msgstr "Configure aggregation delay timer interval."
-#: ../../configuration/vpn/openconnect.rst:278
+#: ../../configuration/vpn/openconnect.rst:285
msgid "Configure an accounting server and enable accounting with:"
msgstr "Configure an accounting server and enable accounting with:"
@@ -3323,10 +3316,18 @@ msgstr "Configure and enable collection of flow information for the interface id
msgid "Configure and enable collection of flow information for the interface identified by `<interface>`."
msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`."
+#: ../../configuration/system/updates.rst:12
+msgid "Configure auto-checking for new images"
+msgstr "Configure auto-checking for new images"
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:114
msgid "Configure backend `<name>` mode TCP or HTTP"
msgstr "Configure backend `<name>` mode TCP or HTTP"
+#: ../../configuration/nat/nat66.rst:148
+msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:"
+
#: ../../configuration/service/console-server.rst:49
msgid "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
msgstr "Configure either one or two stop bits. This defaults to one stop bits if left unconfigured."
@@ -3339,75 +3340,16 @@ msgstr "Configure either seven or eight data bits. This defaults to eight data b
msgid "Configure individual bridge port `<priority>`."
msgstr "Configure individual bridge port `<priority>`."
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/pppoe.rst:223
#: ../../configuration/interfaces/pppoe.rst:269
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
#: ../../configuration/interfaces/sstp-client.rst:95
#: ../../_include/interface-ip.txt:59
#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
-#: ../../_include/interface-ip.txt:59
-#: ../../_include/interface-ipv6.txt:48
msgid "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
msgstr "Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface."
#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address.txt:3
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
-#: ../../_include/interface-address-with-dhcp.txt:5
msgid "Configure interface `<interface>` with one or more interface addresses."
msgstr "Configure interface `<interface>` with one or more interface addresses."
@@ -3439,7 +3381,7 @@ msgstr "Configure one or more attributes to the given NTP server."
msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`."
-#: ../../configuration/service/dns.rst:251
+#: ../../configuration/service/dns.rst:264
msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds."
@@ -3452,14 +3394,10 @@ msgid "Configure physical interface speed setting."
msgstr "Configure physical interface speed setting."
#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
-#: ../../_include/interface-mirror.txt:16
msgid "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` inbound traffic and copy the traffic to `monitor-interface`"
#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
-#: ../../_include/interface-mirror.txt:28
msgid "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
msgstr "Configure port mirroring for `interface` outbound traffic and copy the traffic to `monitor-interface`"
@@ -3491,7 +3429,7 @@ msgstr "Configure service `<name>` mode TCP or HTTP"
msgid "Configure service `<name>` to use the backend <name>"
msgstr "Configure service `<name>` to use the backend <name>"
-#: ../../configuration/system/login.rst:392
+#: ../../configuration/system/login.rst:394
msgid "Configure session timeout after which the user will be logged out."
msgstr "Configure session timeout after which the user will be logged out."
@@ -3499,7 +3437,15 @@ msgstr "Configure session timeout after which the user will be logged out."
msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen."
-#: ../../configuration/service/dns.rst:234
+#: ../../configuration/nat/nat66.rst:182
+msgid "Configure the A-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the A-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/nat/nat66.rst:204
+msgid "Configure the B-side router for NPTv6 using the prefixes above:"
+msgstr "Configure the B-side router for NPTv6 using the prefixes above:"
+
+#: ../../configuration/service/dns.rst:247
msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment."
@@ -3524,26 +3470,13 @@ msgid "Configure the load-balancing reverse-proxy service for HTTP."
msgstr "Configure the load-balancing reverse-proxy service for HTTP."
#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
-#: ../../_include/interface-mac.txt:4
msgid "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
msgstr "Configure user defined :abbr:`MAC (Media Access Control)` address on given `<interface>`."
+#: ../../configuration/protocols/pim.rst:180
+msgid "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+msgstr "Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups."
+
#: ../../configuration/vrf/index.rst:28
msgid "Configured routing table `<id>` is used by VRF `<name>`."
msgstr "Configured routing table `<id>` is used by VRF `<name>`."
@@ -3556,7 +3489,7 @@ msgstr "Configured value"
msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group."
-#: ../../configuration/vpn/openconnect.rst:272
+#: ../../configuration/vpn/openconnect.rst:279
msgid "Configuring RADIUS accounting"
msgstr "Configuring RADIUS accounting"
@@ -3569,11 +3502,15 @@ msgstr "Configuring a listen-address is essential for the service to work."
msgid "Connect/Disconnect"
msgstr "Connect/Disconnect"
-#: ../../configuration/vpn/sstp.rst:144
+#: ../../configuration/vpn/sstp.rst:155
msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6."
#: ../../configuration/protocols/rpki.rst:129
+msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
+
+#: ../../configuration/protocols/rpki.rst:129
msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection."
@@ -3585,10 +3522,18 @@ msgstr "Conntrack"
msgid "Conntrack Sync"
msgstr "Conntrack Sync"
-#: ../../configuration/service/conntrack-sync.rst:None
+#: ../../configuration/service/conntrack-sync.rst:-1
msgid "Conntrack Sync Example"
msgstr "Conntrack Sync Example"
+#: ../../configuration/system/conntrack.rst:178
+msgid "Conntrack ignore rules"
+msgstr "Conntrack ignore rules"
+
+#: ../../configuration/system/conntrack.rst:204
+msgid "Conntrack log"
+msgstr "Conntrack log"
+
#: ../../configuration/system/syslog.rst:21
msgid "Console"
msgstr "Console"
@@ -3605,6 +3550,10 @@ msgstr "Constrain the memory available to the container."
msgid "Container"
msgstr "Container"
+#: ../../configuration/system/conntrack.rst:65
+msgid "Contrack Timeouts"
+msgstr "Contrack Timeouts"
+
#: ../../configuration/nat/nat66.rst:98
msgid "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
msgstr "Convert the address prefix of a single `fc00::/64` network to `fc01::/64`"
@@ -3629,11 +3578,11 @@ msgstr "Creat community-list policy identified by name <text>."
msgid "Creat extcommunity-list policy identified by name <text>."
msgstr "Creat extcommunity-list policy identified by name <text>."
-#: ../../configuration/service/dhcp-server.rst:118
+#: ../../configuration/service/dhcp-server.rst:104
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool starts at address `<address>`."
-#: ../../configuration/service/dhcp-server.rst:124
+#: ../../configuration/service/dhcp-server.rst:110
msgid "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are taken from this pool. The pool stops with address `<address>`."
@@ -3657,16 +3606,11 @@ msgstr "Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using
msgid "Create a load balancing rule, it can be a number between 1 and 9999:"
msgstr "Create a load balancing rule, it can be a number between 1 and 9999:"
-#: ../../configuration/service/dhcp-server.rst:218
+#: ../../configuration/service/dhcp-server.rst:183
msgid "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
msgstr "Create a new DHCP static mapping named `<description>` which is valid for the host identified by its MAC `<address>`."
#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
-#: ../../_include/interface-vlan-8021q.txt:26
msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`."
@@ -3714,6 +3658,22 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho
msgid "Create as-path-policy identified by name <text>."
msgstr "Create as-path-policy identified by name <text>."
+#: ../../configuration/firewall/flowtables.rst:64
+msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``."
+
+#: ../../configuration/firewall/flowtables.rst:95
+msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:90
+msgid "Create firewall rule in forward chain, and set action to ``offload``."
+msgstr "Create firewall rule in forward chain, and set action to ``offload``."
+
+#: ../../configuration/firewall/flowtables.rst:61
+msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable."
+
#: ../../configuration/policy/large-community-list.rst:17
msgid "Create large-community-list policy identified by name <text>."
msgstr "Create large-community-list policy identified by name <text>."
@@ -3726,7 +3686,7 @@ msgstr "Create named `<alias>` for the configured static mapping for `<hostname>
msgid "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
msgstr "Create new VRF instance with `<name>`. The name is used when placing individual interfaces into the VRF."
-#: ../../configuration/service/dns.rst:221
+#: ../../configuration/service/dns.rst:234
msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`."
@@ -3750,10 +3710,18 @@ msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broa
msgid "Creating a bridge interface is very simple. In this example, we will have:"
msgstr "Creating a bridge interface is very simple. In this example, we will have:"
+#: ../../configuration/firewall/flowtables.rst:67
+msgid "Creating a flow table:"
+msgstr "Creating a flow table:"
+
#: ../../configuration/trafficpolicy/index.rst:335
msgid "Creating a traffic policy"
msgstr "Creating a traffic policy"
+#: ../../configuration/firewall/flowtables.rst:85
+msgid "Creating rules for using flow tables:"
+msgstr "Creating rules for using flow tables:"
+
#: ../../configuration/system/syslog.rst:178
msgid "Critical"
msgstr "Critical"
@@ -3794,15 +3762,27 @@ msgstr "Currently dynamic routing is supported for the following protocols:"
msgid "Custom File"
msgstr "Custom File"
+#: ../../configuration/firewall/bridge.rst:44
+msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain."
+
#: ../../configuration/firewall/general.rst:77
msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+#: ../../configuration/firewall/ipv4.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
+#: ../../configuration/firewall/ipv6.rst:65
+msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain."
+
#: ../../configuration/highavailability/index.rst:373
msgid "Custom health-check script allows checking real-server availability"
msgstr "Custom health-check script allows checking real-server availability"
-#: ../../configuration/system/conntrack.rst:167
+#: ../../configuration/system/conntrack.rst:180
msgid "Customized ignore rules, based on a packet and flow selector."
msgstr "Customized ignore rules, based on a packet and flow selector."
@@ -3822,20 +3802,19 @@ msgstr "DHCP Relay"
msgid "DHCP Server"
msgstr "DHCP Server"
-#: ../../configuration/service/dhcp-server.rst:384
+#: ../../configuration/service/dhcp-server.rst:351
msgid "DHCP failover parameters"
msgstr "DHCP failover parameters"
-#: ../../configuration/service/dhcp-server.rst:374
+#: ../../configuration/service/dhcp-server.rst:341
msgid "DHCP lease range"
msgstr "DHCP lease range"
-#: ../../configuration/service/dhcp-server.rst:436
+#: ../../configuration/service/dhcp-server.rst:377
msgid "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
msgstr "DHCP range spans from `192.168.189.10` - `192.168.189.250`"
#: ../../configuration/service/dhcp-relay.rst:96
-#: ../../configuration/service/dhcp-relay.rst:96
msgid "DHCP relay example"
msgstr "DHCP relay example"
@@ -3843,20 +3822,19 @@ msgstr "DHCP relay example"
msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``."
-#: ../../configuration/service/dhcp-server.rst:654
+#: ../../configuration/service/dhcp-server.rst:584
msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario."
-#: ../../configuration/service/dhcp-relay.rst:182
-#: ../../configuration/service/dhcp-relay.rst:182
+#: ../../configuration/service/dhcp-relay.rst:184
msgid "DHCPv6 relay example"
msgstr "DHCPv6 relay example"
-#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-relay.rst:176
msgid "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
msgstr "DHCPv6 requests are received by the router on `listening interface` ``eth1``"
-#: ../../configuration/nat/nat44.rst:735
+#: ../../configuration/nat/nat44.rst:757
msgid "DH Group 14"
msgstr "DH Group 14"
@@ -3884,11 +3862,11 @@ msgstr "DNAT"
msgid "DNAT66"
msgstr "DNAT66"
-#: ../../configuration/nat/nat44.rst:494
+#: ../../configuration/nat/nat44.rst:514
msgid "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
msgstr "DNAT is typically referred to as a **Port Forward**. When using VyOS as a NAT router and firewall, a common configuration task is to redirect incoming traffic to a system behind the firewall."
-#: ../../configuration/nat/nat44.rst:268
+#: ../../configuration/nat/nat44.rst:280
msgid "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
msgstr "DNAT rule 10 replaces the destination address of an inbound packet with 192.0.2.10"
@@ -3909,11 +3887,11 @@ msgstr "DNS name servers"
msgid "DNS search list to advertise"
msgstr "DNS search list to advertise"
-#: ../../configuration/service/dhcp-server.rst:294
+#: ../../configuration/service/dhcp-server.rst:261
msgid "DNS server IPv4 address"
msgstr "DNS server IPv4 address"
-#: ../../configuration/service/dhcp-server.rst:661
+#: ../../configuration/service/dhcp-server.rst:591
msgid "DNS server is located at ``2001:db8::ffff``"
msgstr "DNS server is located at ``2001:db8::ffff``"
@@ -3925,8 +3903,8 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:"
msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"
-#: ../../configuration/firewall/general.rst:714
-#: ../../configuration/firewall/general-legacy.rst:480
+#: ../../configuration/firewall/ipv4.rst:444
+#: ../../configuration/firewall/ipv6.rst:451
msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."
@@ -3943,28 +3921,13 @@ msgid "Default"
msgstr "Default"
#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
-#: ../../_include/interface-ipv6.txt:94
msgid "Default: 1"
msgstr "Default: 1"
+#: ../../configuration/service/https.rst:42
+msgid "Default: 443"
+msgstr "Default: 443"
+
#: ../../configuration/protocols/failover.rst:58
msgid "Default 1."
msgstr "Default 1."
@@ -3977,11 +3940,11 @@ msgstr "Default Gateway/Route"
msgid "Default Router Preference"
msgstr "Default Router Preference"
-#: ../../configuration/vpn/sstp.rst:190
+#: ../../configuration/vpn/sstp.rst:201
msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute."
-#: ../../configuration/service/dhcp-server.rst:433
+#: ../../configuration/service/dhcp-server.rst:374
msgid "Default gateway and DNS server is at `192.0.2.254`"
msgstr "Default gateway and DNS server is at `192.0.2.254`"
@@ -3998,25 +3961,6 @@ msgid "Default is ``icmp``."
msgstr "Default is ``icmp``."
#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
-#: ../../_include/interface-disable-link-detect.txt:7
msgid "Default is to detects physical link state changes."
msgstr "Default is to detects physical link state changes."
@@ -4044,36 +3988,31 @@ msgstr "Define Conection Timeouts"
msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted."
-#: ../../configuration/firewall/general.rst:225
-#: ../../configuration/firewall/general-legacy.rst:201
+#: ../../configuration/firewall/groups.rst:52
msgid "Define a IPv4 or IPv6 Network group."
msgstr "Define a IPv4 or IPv6 Network group."
-#: ../../configuration/firewall/general.rst:201
-#: ../../configuration/firewall/general-legacy.rst:177
+#: ../../configuration/firewall/groups.rst:28
msgid "Define a IPv4 or a IPv6 address group"
msgstr "Define a IPv4 or a IPv6 address group"
-#: ../../configuration/firewall/zone.rst:59
+#: ../../configuration/firewall/zone.rst:78
msgid "Define a Zone"
msgstr "Define a Zone"
-#: ../../configuration/nat/nat44.rst:246
+#: ../../configuration/nat/nat44.rst:258
msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20"
-#: ../../configuration/firewall/general.rst:306
-#: ../../configuration/firewall/general-legacy.rst:261
+#: ../../configuration/firewall/groups.rst:133
msgid "Define a domain group."
msgstr "Define a domain group."
-#: ../../configuration/firewall/general.rst:288
-#: ../../configuration/firewall/general-legacy.rst:246
+#: ../../configuration/firewall/groups.rst:115
msgid "Define a mac group."
msgstr "Define a mac group."
-#: ../../configuration/firewall/general.rst:268
-#: ../../configuration/firewall/general-legacy.rst:226
+#: ../../configuration/firewall/groups.rst:95
msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http"
@@ -4081,119 +4020,51 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service
msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers."
-#: ../../configuration/firewall/general.rst:245
+#: ../../configuration/firewall/groups.rst:72
msgid "Define an interface group. Wildcard are accepted too."
msgstr "Define an interface group. Wildcard are accepted too."
#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
-#: ../../_include/interface-ip.txt:85
msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table."
#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
-#: ../../_include/interface-ip.txt:69
msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`."
#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
-#: ../../_include/interface-ip.txt:121
msgid "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
msgstr "Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:"
#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
-#: ../../_include/interface-ip.txt:101
msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."
-#: ../../configuration/firewall/general.rst:476
-#: ../../configuration/firewall/general-legacy.rst:361
+#: ../../configuration/firewall/flowtables.rst:71
+msgid "Define interfaces to be used in the flowtable."
+msgstr "Define interfaces to be used in the flowtable."
+
+#: ../../configuration/firewall/bridge.rst:187
+#: ../../configuration/firewall/ipv4.rst:252
+#: ../../configuration/firewall/ipv6.rst:252
msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."
-#: ../../configuration/firewall/general.rst:450
-#: ../../configuration/firewall/general-legacy.rst:347
+#: ../../configuration/firewall/bridge.rst:173
+#: ../../configuration/firewall/ipv4.rst:230
+#: ../../configuration/firewall/ipv6.rst:230
msgid "Define log-level. Only applicable if rule log is enable."
msgstr "Define log-level. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:463
-#: ../../configuration/firewall/general-legacy.rst:354
+#: ../../configuration/firewall/bridge.rst:180
+#: ../../configuration/firewall/ipv4.rst:241
+#: ../../configuration/firewall/ipv6.rst:241
msgid "Define log group to send message to. Only applicable if rule log is enable."
msgstr "Define log group to send message to. Only applicable if rule log is enable."
-#: ../../configuration/firewall/general.rst:490
-#: ../../configuration/firewall/general-legacy.rst:369
+#: ../../configuration/firewall/bridge.rst:195
+#: ../../configuration/firewall/ipv4.rst:264
+#: ../../configuration/firewall/ipv6.rst:264
msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."
@@ -4201,15 +4072,19 @@ msgstr "Define number of packets to queue inside the kernel before sending them
msgid "Define the time interval to update the local cache"
msgstr "Define the time interval to update the local cache"
-#: ../../configuration/firewall/zone.rst:70
+#: ../../configuration/firewall/zone.rst:89
msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself."
+#: ../../configuration/firewall/flowtables.rst:80
+msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used."
+
#: ../../configuration/protocols/rpki.rst:114
msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used."
-#: ../../configuration/protocols/igmp.rst:202
+#: ../../configuration/protocols/igmp-proxy.rst:30
msgid "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
msgstr "Defines alternate sources for multicasting and IGMP data. The network address must be on the following format 'a.b.c.d/n'. By default, the router will accept data from sources on the same network as configured on an interface. If the multicast source lies on a remote network, one must define from where traffic should be accepted."
@@ -4233,7 +4108,7 @@ msgstr "Defines next-hop distance for this route, routes with smaller administra
msgid "Defines protocols for checking ARP, ICMP, TCP"
msgstr "Defines protocols for checking ARP, ICMP, TCP"
-#: ../../configuration/vpn/sstp.rst:167
+#: ../../configuration/vpn/sstp.rst:178
msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset."
@@ -4245,7 +4120,7 @@ msgstr "Defines the specified device as a system console. Available console devi
msgid "Defining Peers"
msgstr "Defining Peers"
-#: ../../configuration/service/dhcp-server.rst:649
+#: ../../configuration/service/dhcp-server.rst:579
msgid "Delegate prefixes from the range indicated by the start and stop qualifier."
msgstr "Delegate prefixes from the range indicated by the start and stop qualifier."
@@ -4282,7 +4157,6 @@ msgid "Depending on the location, not all of these channels may be available for
msgstr "Depending on the location, not all of these channels may be available for use!"
#: ../../configuration/service/router-advert.rst:1
-#: ../../configuration/service/router-advert.rst:1
#: ../../configuration/system/syslog.rst:107
#: ../../configuration/system/syslog.rst:167
#: ../../configuration/trafficpolicy/index.rst:262
@@ -4297,11 +4171,11 @@ msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets
msgid "Despite the fact that AD is a superset of LDAP"
msgstr "Despite the fact that AD is a superset of LDAP"
-#: ../../configuration/nat/nat44.rst:261
+#: ../../configuration/nat/nat44.rst:273
msgid "Destination Address"
msgstr "Destination Address"
-#: ../../configuration/nat/nat44.rst:492
+#: ../../configuration/nat/nat44.rst:512
msgid "Destination NAT"
msgstr "Destination NAT"
@@ -4326,6 +4200,7 @@ msgid "Devices evaluating whether an IPv4 address is public must be updated to r
msgstr "Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6."
#: ../../configuration/nat/nat44.rst:71
+#: ../../configuration/nat/nat64.rst:21
#: ../../configuration/nat/nat66.rst:18
msgid "Different NAT Types"
msgstr "Different NAT Types"
@@ -4350,7 +4225,8 @@ msgstr "Disable a BFD peer"
msgid "Disable a container."
msgstr "Disable a container."
-#: ../../configuration/firewall/general.rst:1283
+#: ../../configuration/firewall/ipv4.rst:930
+#: ../../configuration/firewall/ipv6.rst:939
msgid "Disable conntrack loose track option"
msgstr "Disable conntrack loose track option"
@@ -4363,29 +4239,6 @@ msgid "Disable dhcpv6-relay service."
msgstr "Disable dhcpv6-relay service."
#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
-#: ../../_include/interface-disable.txt:4
msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state."
@@ -4397,6 +4250,10 @@ msgstr "Disable immediate session reset if peer's connected link goes down."
msgid "Disable password based authentication. Login via SSH keys only. This hardens security!"
msgstr "Disable password based authentication. Login via SSH keys only. This hardens security!"
+#: ../../configuration/protocols/pim.rst:167
+msgid "Disable sending and receiving PIM control packets on the interface."
+msgstr "Disable sending and receiving PIM control packets on the interface."
+
#: ../../configuration/service/ssh.rst:64
msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible."
@@ -4413,7 +4270,7 @@ msgstr "Disable this IPv4 static route entry."
msgid "Disable this IPv6 static route entry."
msgstr "Disable this IPv6 static route entry."
-#: ../../configuration/protocols/igmp.rst:228
+#: ../../configuration/protocols/igmp-proxy.rst:56
msgid "Disable this service."
msgstr "Disable this service."
@@ -4437,7 +4294,7 @@ msgstr "Disables interface-based IPv4 static route."
msgid "Disables interface-based IPv6 static route."
msgstr "Disables interface-based IPv6 static route."
-#: ../../configuration/protocols/igmp.rst:215
+#: ../../configuration/protocols/igmp-proxy.rst:43
msgid "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
msgstr "Disables quickleave mode. In this mode the daemon will not send a Leave IGMP message upstream as soon as it receives a Leave message for any downstream interface. The daemon will not ask for Membership reports on the downstream interfaces, and if a report is received the group is not joined again the upstream."
@@ -4534,25 +4391,6 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege
msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows."
#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
-#: ../../_include/interface-ipv6.txt:37
msgid "Do not assign a link-local IPv6 address to this interface."
msgstr "Do not assign a link-local IPv6 address to this interface."
@@ -4565,25 +4403,6 @@ msgid "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP se
msgstr "Do not use the local ``/etc/hosts`` file in name resolution. VyOS DHCP server will use this file to add resolvers to assigned addresses."
#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
-#: ../../_include/interface-ip.txt:162
msgid "Does not need to be used together with proxy_arp."
msgstr "Does not need to be used together with proxy_arp."
@@ -4591,8 +4410,7 @@ msgstr "Does not need to be used together with proxy_arp."
msgid "Domain"
msgstr "Domain"
-#: ../../configuration/firewall/general.rst:300
-#: ../../configuration/firewall/general-legacy.rst:255
+#: ../../configuration/firewall/groups.rst:127
msgid "Domain Groups"
msgstr "Domain Groups"
@@ -4600,7 +4418,7 @@ msgstr "Domain Groups"
msgid "Domain Name"
msgstr "Domain Name"
-#: ../../configuration/service/https.rst:59
+#: ../../configuration/service/https.rst:50
msgid "Domain name(s) for which to obtain certificate"
msgstr "Domain name(s) for which to obtain certificate"
@@ -4608,6 +4426,10 @@ msgstr "Domain name(s) for which to obtain certificate"
msgid "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
msgstr "Domain names can include letters, numbers, hyphens and periods with a maximum length of 253 characters."
+#: ../../configuration/pki/index.rst:259
+msgid "Domain names to apply, multiple domain-names can be specified."
+msgstr "Domain names to apply, multiple domain-names can be specified."
+
#: ../../configuration/system/name-server.rst:13
#: ../../configuration/system/name-server.rst:45
msgid "Domain search order"
@@ -4617,15 +4439,15 @@ msgstr "Domain search order"
msgid "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
msgstr "Don't be afraid that you need to re-do your configuration. Key transformation is handled, as always, by our migration scripts, so this will be a smooth transition for you!"
-#: ../../configuration/protocols/bgp.rst:1171
+#: ../../configuration/protocols/bgp.rst:1172
msgid "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement **MUST exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/protocols/bgp.rst:1125
+#: ../../configuration/protocols/bgp.rst:1126
msgid "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
msgstr "Don't forget, the CIDR declared in the network statement MUST **exist in your routing table (dynamic or static), the best way to make sure that is true is creating a static route:**"
-#: ../../configuration/vpn/site2site_ipsec.rst:295
+#: ../../configuration/vpn/site2site_ipsec.rst:299
msgid "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
msgstr "Don't get confused about the used /31 tunnel subnet. :rfc:`3021` gives you additional information for using /31 subnets on point-to-point links."
@@ -4657,7 +4479,7 @@ msgstr "Drop rate"
msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets"
-#: ../../configuration/service/pppoe-server.rst:380
+#: ../../configuration/service/pppoe-server.rst:367
msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
@@ -4665,7 +4487,7 @@ msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation"
msgid "Dummy"
msgstr "Dummy"
-#: ../../configuration/nat/nat44.rst:692
+#: ../../configuration/nat/nat44.rst:716
msgid "Dummy interface"
msgstr "Dummy interface"
@@ -4677,11 +4499,15 @@ msgstr "Dummy interfaces can be used as interfaces that always stay up (in the s
msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers."
+#: ../../configuration/pki/index.rst:285
+msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/service/ssh.rst:113
msgid "Dynamic-protection"
msgstr "Dynamic-protection"
-#: ../../configuration/service/dns.rst:199
+#: ../../configuration/service/dns.rst:212
msgid "Dynamic DNS"
msgstr "Dynamic DNS"
@@ -4689,7 +4515,7 @@ msgstr "Dynamic DNS"
msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter."
-#: ../../configuration/nat/nat44.rst:731
+#: ../../configuration/nat/nat44.rst:753
msgid "ESP Phase:"
msgstr "ESP Phase:"
@@ -4757,10 +4583,14 @@ msgstr "Each site-to-site peer has the next options:"
msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
-#: ../../configuration/service/https.rst:63
+#: ../../configuration/service/https.rst:54
msgid "Email address to associate with certificate"
msgstr "Email address to associate with certificate"
+#: ../../configuration/pki/index.rst:265
+msgid "Email used for registration and recovery contact."
+msgstr "Email used for registration and recovery contact."
+
#: ../../configuration/trafficpolicy/index.rst:300
msgid "Embedding one policy into another one"
msgstr "Embedding one policy into another one"
@@ -4809,6 +4639,10 @@ msgstr "Enable DHCP failover configuration for this address pool."
msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``"
+#: ../../configuration/system/frr.rst:24
+msgid "Enable ICMP Router Discovery Protocol support"
+msgstr "Enable ICMP Router Discovery Protocol support"
+
#: ../../configuration/interfaces/bridge.rst:81
msgid "Enable IGMP and MLD querier."
msgstr "Enable IGMP and MLD querier."
@@ -4817,23 +4651,23 @@ msgstr "Enable IGMP and MLD querier."
msgid "Enable IGMP and MLD snooping."
msgstr "Enable IGMP and MLD snooping."
-#: ../../configuration/service/dhcp-server.rst:304
+#: ../../configuration/service/dhcp-server.rst:271
msgid "Enable IP forwarding on client"
msgstr "Enable IP forwarding on client"
-#: ../../configuration/protocols/isis.rst:311
+#: ../../configuration/protocols/isis.rst:339
msgid "Enable IS-IS"
msgstr "Enable IS-IS"
-#: ../../configuration/protocols/isis.rst:427
+#: ../../configuration/protocols/isis.rst:455
msgid "Enable IS-IS and IGP-LDP synchronization"
msgstr "Enable IS-IS and IGP-LDP synchronization"
-#: ../../configuration/protocols/isis.rst:386
+#: ../../configuration/protocols/isis.rst:414
msgid "Enable IS-IS and redistribute routes not natively in IS-IS"
msgstr "Enable IS-IS and redistribute routes not natively in IS-IS"
-#: ../../configuration/protocols/isis.rst:465
+#: ../../configuration/protocols/isis.rst:493
#: ../../configuration/protocols/segment-routing.rst:193
msgid "Enable IS-IS with Segment Routing (Experimental)"
msgstr "Enable IS-IS with Segment Routing (Experimental)"
@@ -4883,6 +4717,10 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k
msgid "Enable SNMP queries of the LLDP database"
msgstr "Enable SNMP queries of the LLDP database"
+#: ../../configuration/system/frr.rst:28
+msgid "Enable SNMP support for an individual routing daemon."
+msgstr "Enable SNMP support for an individual routing daemon."
+
#: ../../configuration/interfaces/bridge.rst:197
#: ../../configuration/interfaces/bridge.rst:232
msgid "Enable STP"
@@ -4900,6 +4738,14 @@ msgstr "Enable VHT TXOP Power Save Mode"
msgid "Enable VLAN-Aware Bridge"
msgstr "Enable VLAN-Aware Bridge"
+#: ../../configuration/system/frr.rst:13
+msgid "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+msgstr "Enable :abbr:`BMP (BGP Monitoring Protocol)` support"
+
+#: ../../configuration/service/https.rst:46
+msgid "Enable automatic redirect from http to https."
+msgstr "Enable automatic redirect from http to https."
+
#: ../../configuration/vpn/dmvpn.rst:132
msgid "Enable creation of shortcut routes."
msgstr "Enable creation of shortcut routes."
@@ -4916,18 +4762,22 @@ msgstr "Enable given legacy protocol on this LLDP instance. Legacy protocols inc
msgid "Enable layer 7 HTTP health check"
msgstr "Enable layer 7 HTTP health check"
-#: ../../configuration/firewall/general.rst:177
-#: ../../configuration/firewall/general-legacy.rst:126
+#: ../../configuration/firewall/bridge.rst:157
+#: ../../configuration/firewall/ipv4.rst:206
+#: ../../configuration/firewall/ipv6.rst:206
+msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled."
+
+#: ../../configuration/firewall/global-options.rst:114
msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:169
-#: ../../configuration/firewall/general-legacy.rst:119
+#: ../../configuration/firewall/global-options.rst:106
msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:426
-#: ../../configuration/firewall/general-legacy.rst:340
+#: ../../configuration/firewall/ipv4.rst:173
+#: ../../configuration/firewall/ipv6.rst:173
msgid "Enable or disable logging for the matched packet."
msgstr "Enable or disable logging for the matched packet."
@@ -4935,28 +4785,9 @@ msgstr "Enable or disable logging for the matched packet."
msgid "Enable ospf on an interface and set associated area."
msgstr "Enable ospf on an interface and set associated area."
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/pppoe.rst:228
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
#: ../../configuration/interfaces/sstp-client.rst:100
#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
-#: ../../_include/interface-ip.txt:177
msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended."
@@ -5002,18 +4833,22 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic
msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters."
-#: ../../configuration/vrf/index.rst:459
+#: ../../configuration/vrf/index.rst:461
msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained."
-#: ../../configuration/vpn/sstp.rst:266
+#: ../../configuration/vpn/sstp.rst:277
msgid "Enables bandwidth shaping via RADIUS."
msgstr "Enables bandwidth shaping via RADIUS."
-#: ../../configuration/vrf/index.rst:481
+#: ../../configuration/vrf/index.rst:483
msgid "Enables import or export of routes between the current unicast VRF and VPN."
msgstr "Enables import or export of routes between the current unicast VRF and VPN."
+#: ../../configuration/interfaces/vxlan.rst:72
+msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword."
+
#: ../../configuration/protocols/bfd.rst:30
msgid "Enables the echo transmission mode"
msgstr "Enables the echo transmission mode"
@@ -5022,7 +4857,7 @@ msgstr "Enables the echo transmission mode"
msgid "Enabling Advertisments"
msgstr "Enabling Advertisments"
-#: ../../configuration/interfaces/openvpn.rst:627
+#: ../../configuration/interfaces/openvpn.rst:679
msgid "Enabling OpenVPN DCO"
msgstr "Enabling OpenVPN DCO"
@@ -5030,11 +4865,11 @@ msgstr "Enabling OpenVPN DCO"
msgid "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
msgstr "Enabling SSH only requires you to specify the port ``<port>`` you want SSH to listen on. By default, SSH runs on port 22."
-#: ../../configuration/protocols/igmp.rst:224
+#: ../../configuration/protocols/igmp-proxy.rst:52
msgid "Enabling this function increases the risk of bandwidth saturation."
msgstr "Enabling this function increases the risk of bandwidth saturation."
-#: ../../configuration/service/https.rst:37
+#: ../../configuration/service/https.rst:73
msgid "Enforce strict path checking"
msgstr "Enforce strict path checking"
@@ -5051,25 +4886,6 @@ msgid "Enterprise installations usually ship a kind of directory service which i
msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend."
#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
-#: ../../_include/interface-ip.txt:172
msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)"
@@ -5090,15 +4906,6 @@ msgid "Ethernet"
msgstr "Ethernet"
#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
-#: ../../_include/interface-disable-flow-control.txt:4
msgid "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
msgstr "Ethernet flow control is a mechanism for temporarily stopping the transmission of data on Ethernet family computer networks. The goal of this mechanism is to ensure zero packet loss in the presence of network congestion."
@@ -5130,7 +4937,7 @@ msgstr "Event handler script"
msgid "Event handler that monitors the state of interface eth0."
msgstr "Event handler that monitors the state of interface eth0."
-#: ../../configuration/nat/nat44.rst:221
+#: ../../configuration/nat/nat44.rst:233
msgid "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
msgstr "Every NAT rule has a translation command defined. The address defined for the translation is the address used when the address information in a packet is replaced."
@@ -5162,441 +4969,90 @@ msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which
msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection."
+#: ../../configuration/firewall/bridge.rst:321
#: ../../configuration/highavailability/index.rst:397
#: ../../configuration/interfaces/bonding.rst:291
#: ../../configuration/interfaces/l2tpv3.rst:86
#: ../../configuration/interfaces/pppoe.rst:323
#: ../../configuration/interfaces/virtual-ethernet.rst:92
-#: ../../configuration/interfaces/vxlan.rst:166
+#: ../../configuration/interfaces/vxlan.rst:187
#: ../../configuration/interfaces/wwan.rst:294
#: ../../configuration/protocols/failover.rst:63
-#: ../../configuration/protocols/igmp.rst:35
-#: ../../configuration/protocols/igmp.rst:233
+#: ../../configuration/protocols/igmp-proxy.rst:61
+#: ../../configuration/protocols/pim.rst:217
#: ../../configuration/protocols/rpki.rst:156
#: ../../configuration/service/broadcast-relay.rst:55
#: ../../configuration/service/conntrack-sync.rst:186
#: ../../configuration/service/dhcp-relay.rst:85
-#: ../../configuration/service/dhcp-relay.rst:172
-#: ../../configuration/service/dhcp-server.rst:421
-#: ../../configuration/service/dns.rst:147
-#: ../../configuration/service/dns.rst:263
+#: ../../configuration/service/dhcp-relay.rst:174
+#: ../../configuration/service/dhcp-server.rst:362
+#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:276
#: ../../configuration/service/eventhandler.rst:83
#: ../../configuration/service/ipoe-server.rst:150
-#: ../../configuration/service/mdns.rst:34
+#: ../../configuration/service/mdns.rst:50
#: ../../configuration/service/monitoring.rst:134
#: ../../configuration/service/snmp.rst:94
#: ../../configuration/service/snmp.rst:145
#: ../../configuration/service/tftp-server.rst:47
#: ../../configuration/system/acceleration.rst:58
-#: ../../configuration/system/login.rst:395
+#: ../../configuration/system/login.rst:397
#: ../../configuration/system/name-server.rst:28
#: ../../configuration/system/name-server.rst:63
#: ../../configuration/system/sflow.rst:49
+#: ../../configuration/system/updates.rst:21
#: ../../configuration/trafficpolicy/index.rst:530
#: ../../configuration/trafficpolicy/index.rst:1122
#: ../../configuration/vpn/dmvpn.rst:161
#: ../../configuration/vpn/openconnect.rst:97
-#: ../../configuration/vpn/sstp.rst:275
+#: ../../configuration/vpn/sstp.rst:286
#: ../../configuration/vrf/index.rst:99
#: ../../configuration/vrf/index.rst:232
msgid "Example"
msgstr "Example"
-#: ../../configuration/service/pppoe-server.rst:144
+#: ../../configuration/service/pppoe-server.rst:131
msgid "Example, from radius-server send command for disconnect client with username test"
msgstr "Example, from radius-server send command for disconnect client with username test"
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-eapol.txt:18
-#: ../../_include/interface-eapol.txt:33
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/pppoe.rst:127
#: ../../configuration/interfaces/pppoe.rst:140
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-vrf.txt:9
#: ../../configuration/interfaces/sstp-client.rst:49
#: ../../configuration/interfaces/sstp-client.rst:62
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
+#: ../../configuration/nat/nat44.rst:170
+#: ../../configuration/nat/nat44.rst:185
+#: ../../configuration/nat/nat44.rst:199
+#: ../../configuration/nat/nat44.rst:220
+#: ../../configuration/nat/nat44.rst:256
+#: ../../configuration/nat/nat44.rst:278
+#: ../../configuration/nat/nat44.rst:425
+#: ../../configuration/nat/nat66.rst:78
+#: ../../configuration/nat/nat66.rst:96
+#: ../../configuration/protocols/static.rst:174
+#: ../../configuration/service/dns.rst:363
+#: ../../configuration/service/monitoring.rst:69
+#: ../../configuration/service/monitoring.rst:98
+#: ../../configuration/service/ssh.rst:165
+#: ../../configuration/service/ssh.rst:200
+#: ../../configuration/system/flow-accounting.rst:164
+#: ../../configuration/vpn/l2tp.rst:41
+#: ../../configuration/vpn/site2site_ipsec.rst:162
+#: ../../configuration/vpn/site2site_ipsec.rst:273
#: ../../_include/interface-address-with-dhcp.txt:22
+#: ../../_include/interface-address.txt:9
#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
#: ../../_include/interface-dhcp-options.txt:10
#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-address.txt:9
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
+#: ../../_include/interface-dhcp-options.txt:39
+#: ../../_include/interface-dhcp-options.txt:51
+#: ../../_include/interface-dhcp-options.txt:62
+#: ../../_include/interface-dhcp-options.txt:77
+#: ../../_include/interface-dhcp-options.txt:91
#: ../../_include/interface-disable-flow-control.txt:19
#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-flow-control.txt:19
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-per-client-thread.txt:10
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mac.txt:7
-#: ../../_include/interface-mtu.txt:7
+#: ../../_include/interface-eapol.txt:18
+#: ../../_include/interface-eapol.txt:33
#: ../../_include/interface-ip.txt:27
#: ../../_include/interface-ip.txt:50
#: ../../_include/interface-ip.txt:144
@@ -5606,120 +5062,22 @@ msgstr "Example, from radius-server send command for disconnect client with user
#: ../../_include/interface-ipv6.txt:51
#: ../../_include/interface-ipv6.txt:83
#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
#: ../../_include/interface-mac.txt:7
#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
-#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../_include/interface-address-with-dhcp.txt:22
-#: ../../_include/interface-description.txt:7
-#: ../../_include/interface-disable.txt:7
-#: ../../_include/interface-disable-link-detect.txt:9
-#: ../../_include/interface-mtu.txt:7
-#: ../../_include/interface-ip.txt:27
-#: ../../_include/interface-ip.txt:50
-#: ../../_include/interface-ip.txt:144
-#: ../../_include/interface-ipv6.txt:15
-#: ../../_include/interface-ipv6.txt:28
-#: ../../_include/interface-ipv6.txt:39
-#: ../../_include/interface-ipv6.txt:51
-#: ../../_include/interface-ipv6.txt:83
-#: ../../_include/interface-ipv6.txt:96
+#: ../../_include/interface-per-client-thread.txt:10
#: ../../_include/interface-vrf.txt:9
-#: ../../_include/interface-dhcp-options.txt:10
-#: ../../_include/interface-dhcp-options.txt:22
-#: ../../_include/interface-dhcp-options.txt:34
-#: ../../_include/interface-dhcp-options.txt:46
-#: ../../_include/interface-dhcp-options.txt:57
-#: ../../_include/interface-dhcp-options.txt:72
-#: ../../configuration/nat/nat44.rst:153
-#: ../../configuration/nat/nat44.rst:163
-#: ../../configuration/nat/nat44.rst:173
-#: ../../configuration/nat/nat44.rst:187
-#: ../../configuration/nat/nat44.rst:208
-#: ../../configuration/nat/nat44.rst:244
-#: ../../configuration/nat/nat44.rst:266
-#: ../../configuration/nat/nat44.rst:411
-#: ../../configuration/nat/nat66.rst:78
-#: ../../configuration/nat/nat66.rst:96
-#: ../../configuration/protocols/static.rst:174
-#: ../../configuration/service/dns.rst:350
-#: ../../configuration/service/monitoring.rst:69
-#: ../../configuration/service/monitoring.rst:98
-#: ../../configuration/service/ssh.rst:165
-#: ../../configuration/service/ssh.rst:200
-#: ../../configuration/system/flow-accounting.rst:164
-#: ../../configuration/vpn/l2tp.rst:41
-#: ../../configuration/vpn/site2site_ipsec.rst:158
-#: ../../configuration/vpn/site2site_ipsec.rst:269
msgid "Example:"
msgstr "Example:"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:36
msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation."
-#: ../../configuration/nat/nat44.rst:357
+#: ../../configuration/nat/nat44.rst:371
msgid "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
msgstr "Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:54
msgid "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
msgstr "Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface."
@@ -5769,24 +5127,24 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is `
msgid "Example Configuration"
msgstr "Example Configuration"
-#: ../../configuration/service/dns.rst:365
+#: ../../configuration/service/dns.rst:378
msgid "Example IPv6 only:"
msgstr "Example IPv6 only:"
-#: ../../configuration/nat/nat44.rst:666
+#: ../../configuration/nat/nat44.rst:690
msgid "Example Network"
msgstr "Example Network"
-#: ../../configuration/firewall/general.rst:1495
-#: ../../configuration/firewall/general-legacy.rst:979
+#: ../../configuration/firewall/ipv4.rst:1130
+#: ../../configuration/firewall/ipv6.rst:1153
msgid "Example Partial Config"
msgstr "Example Partial Config"
-#: ../../configuration/protocols/ospf.rst:1346
+#: ../../configuration/protocols/ospf.rst:1348
msgid "Example configuration for WireGuard interfaces:"
msgstr "Example configuration for WireGuard interfaces:"
-#: ../../configuration/service/pppoe-server.rst:160
+#: ../../configuration/service/pppoe-server.rst:147
msgid "Example for changing rate-limit via RADIUS CoA."
msgstr "Example for changing rate-limit via RADIUS CoA."
@@ -5794,28 +5152,31 @@ msgstr "Example for changing rate-limit via RADIUS CoA."
msgid "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (works with native Windows and Mac VPN clients):"
-#: ../../configuration/nat/nat44.rst:280
+#: ../../configuration/nat/nat44.rst:292
msgid "Example of redirection:"
msgstr "Example of redirection:"
-#: ../../configuration/firewall/general.rst:1278
+#: ../../configuration/firewall/ipv4.rst:925
+#: ../../configuration/firewall/ipv6.rst:934
msgid "Example synproxy"
msgstr "Example synproxy"
+#: ../../configuration/firewall/groups.rst:145
#: ../../configuration/interfaces/bridge.rst:187
#: ../../configuration/interfaces/macsec.rst:153
#: ../../configuration/interfaces/wireless.rst:541
#: ../../configuration/loadbalancing/reverse-proxy.rst:187
#: ../../configuration/policy/index.rst:46
-#: ../../configuration/protocols/bgp.rst:1095
-#: ../../configuration/protocols/isis.rst:308
+#: ../../configuration/protocols/bgp.rst:1096
+#: ../../configuration/protocols/isis.rst:336
#: ../../configuration/protocols/ospf.rst:834
-#: ../../configuration/service/pppoe-server.rst:356
+#: ../../configuration/service/pppoe-server.rst:343
#: ../../configuration/service/webproxy.rst:419
msgid "Examples"
msgstr "Examples"
-#: ../../configuration/vpn/site2site_ipsec.rst:153
+#: ../../configuration/nat/nat44.rst:154
+#: ../../configuration/vpn/site2site_ipsec.rst:157
msgid "Examples:"
msgstr "Examples:"
@@ -5847,11 +5208,15 @@ msgstr "Exit policy on match: go to rule <1-65535>"
msgid "Expedited forwarding (EF)"
msgstr "Expedited forwarding (EF)"
+#: ../../configuration/firewall/flowtables.rst:140
+msgid "Explanation"
+msgstr "Explanation"
+
#: ../../configuration/service/salt-minion.rst:33
msgid "Explicitly declare ID for this minion to use (default: hostname)"
msgstr "Explicitly declare ID for this minion to use (default: hostname)"
-#: ../../configuration/service/dhcp-relay.rst:176
+#: ../../configuration/service/dhcp-relay.rst:178
msgid "External DHCPv6 server is at 2001:db8::4"
msgstr "External DHCPv6 server is at 2001:db8::4"
@@ -5879,11 +5244,15 @@ msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds
msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it."
+#: ../../configuration/system/frr.rst:5
+msgid "FRR"
+msgstr "FRR"
+
#: ../../configuration/protocols/ospf.rst:213
msgid "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
msgstr "FRR offers only partial support for some of the routing protocol extensions that are used with MPLS-TE; it does not support a complete RSVP-TE solution."
-#: ../../configuration/interfaces/vxlan.rst:138
+#: ../../configuration/interfaces/vxlan.rst:159
msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`."
@@ -5905,8 +5274,8 @@ msgstr "Facility Code"
#: ../../configuration/loadbalancing/wan.rst:218
#: ../../configuration/protocols/failover.rst:3
-#: ../../configuration/service/dhcp-server.rst:171
-#: ../../configuration/service/dhcp-server.rst:428
+#: ../../configuration/service/dhcp-server.rst:136
+#: ../../configuration/service/dhcp-server.rst:369
msgid "Failover"
msgstr "Failover"
@@ -5942,15 +5311,15 @@ msgstr "Features of the Current Implementation"
msgid "Field"
msgstr "Field"
-#: ../../configuration/service/dns.rst:228
+#: ../../configuration/service/dns.rst:241
msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server."
-#: ../../configuration/service/pppoe-server.rst:241
+#: ../../configuration/service/pppoe-server.rst:228
msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)"
-#: ../../configuration/service/pppoe-server.rst:167
+#: ../../configuration/service/pppoe-server.rst:154
msgid "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS CoA request."
@@ -5982,6 +5351,14 @@ msgstr "Firewall"
msgid "Firewall-Legacy"
msgstr "Firewall-Legacy"
+#: ../../configuration/firewall/ipv4.rst:72
+msgid "Firewall - IPv4 Rules"
+msgstr "Firewall - IPv4 Rules"
+
+#: ../../configuration/firewall/ipv6.rst:72
+msgid "Firewall - IPv6 Rules"
+msgstr "Firewall - IPv6 Rules"
+
#: ../../configuration/firewall/general.rst:7
msgid "Firewall Configuration"
msgstr "Firewall Configuration"
@@ -5990,7 +5367,9 @@ msgstr "Firewall Configuration"
msgid "Firewall Configuration (Deprecated)"
msgstr "Firewall Configuration (Deprecated)"
-#: ../../configuration/firewall/general.rst:495
+#: ../../configuration/firewall/bridge.rst:199
+#: ../../configuration/firewall/ipv4.rst:268
+#: ../../configuration/firewall/ipv6.rst:268
msgid "Firewall Description"
msgstr "Firewall Description"
@@ -5999,7 +5378,9 @@ msgstr "Firewall Description"
msgid "Firewall Exceptions"
msgstr "Firewall Exceptions"
-#: ../../configuration/firewall/general.rst:410
+#: ../../configuration/firewall/bridge.rst:149
+#: ../../configuration/firewall/ipv4.rst:196
+#: ../../configuration/firewall/ipv6.rst:196
msgid "Firewall Logs"
msgstr "Firewall Logs"
@@ -6007,6 +5388,14 @@ msgstr "Firewall Logs"
msgid "Firewall Rules"
msgstr "Firewall Rules"
+#: ../../configuration/firewall/groups.rst:7
+msgid "Firewall groups"
+msgstr "Firewall groups"
+
+#: ../../configuration/firewall/groups.rst:13
+msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and/or as inbound/outbound in the case of interface group."
+
#: ../../configuration/firewall/general.rst:186
msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses, domains or interfaces. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher, and as inbpund/outbound in the case of interface group."
@@ -6023,10 +5412,14 @@ msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark``
msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces."
-#: ../../configuration/nat/nat44.rst:620
+#: ../../configuration/nat/nat44.rst:644
msgid "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
msgstr "Firewall rules are written as normal, using the internal IP address as the source of outbound rules and the destination of inbound rules."
+#: ../../configuration/nat/nat44.rst:572
+msgid "Firewall rules for Destination NAT"
+msgstr "Firewall rules for Destination NAT"
+
#: ../../configuration/interfaces/wwan.rst:321
msgid "Firmware Update"
msgstr "Firmware Update"
@@ -6059,7 +5452,7 @@ msgstr "First of all, we need to create a CA root certificate and server certifi
msgid "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
msgstr "First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured."
-#: ../../configuration/nat/nat44.rst:635
+#: ../../configuration/nat/nat44.rst:659
msgid "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
msgstr "First scenario: apply destination NAT for all HTTP traffic comming through interface eth0, and user 4 backends. First backend should received 30% of the request, second backend should get 20%, third 15% and the fourth 35% We will use source and destination address for hash generation."
@@ -6067,7 +5460,7 @@ msgstr "First scenario: apply destination NAT for all HTTP traffic comming throu
msgid "First steps"
msgstr "First steps"
-#: ../../configuration/vpn/openconnect.rst:171
+#: ../../configuration/vpn/openconnect.rst:178
msgid "First the OTP keys must be generated and sent to the user and to the configuration:"
msgstr "First the OTP keys must be generated and sent to the user and to the configuration:"
@@ -6103,10 +5496,30 @@ msgstr "Flow and packet-based balancing"
msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router."
+#: ../../configuration/firewall/flowtables.rst:57
+msgid "Flowtable Configuration"
+msgstr "Flowtable Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:7
+msgid "Flowtables Firewall Configuration"
+msgstr "Flowtables Firewall Configuration"
+
+#: ../../configuration/firewall/flowtables.rst:32
+msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols."
+
#: ../../configuration/loadbalancing/wan.rst:244
msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished."
+#: ../../configuration/service/ssh.rst:236
+msgid "Follow the SSH dynamic-protection log."
+msgstr "Follow the SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:228
+msgid "Follow the SSH server log."
+msgstr "Follow the SSH server log."
+
#: ../../configuration/vpn/openconnect.rst:102
msgid "Follow the instructions to generate CA cert (in configuration mode):"
msgstr "Follow the instructions to generate CA cert (in configuration mode):"
@@ -6115,6 +5528,10 @@ msgstr "Follow the instructions to generate CA cert (in configuration mode):"
msgid "Follow the instructions to generate server cert (in configuration mode):"
msgstr "Follow the instructions to generate server cert (in configuration mode):"
+#: ../../configuration/service/mdns.rst:91
+msgid "Follow the logs for mDNS repeater service."
+msgstr "Follow the logs for mDNS repeater service."
+
#: ../../configuration/interfaces/openvpn.rst:258
msgid "For Encryption:"
msgstr "For Encryption:"
@@ -6131,11 +5548,11 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router
msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop."
-#: ../../configuration/service/pppoe-server.rst:201
+#: ../../configuration/service/pppoe-server.rst:188
msgid "For Local Users"
msgstr "For Local Users"
-#: ../../configuration/service/pppoe-server.rst:236
+#: ../../configuration/service/pppoe-server.rst:223
msgid "For RADIUS users"
msgstr "For RADIUS users"
@@ -6147,11 +5564,11 @@ msgstr "For USB port information please refor to: :ref:`hardware_usb`."
msgid "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
msgstr "For :ref:`bidirectional-nat` a rule for both :ref:`source-nat` and :ref:`destination-nat` needs to be created."
-#: ../../configuration/nat/nat44.rst:263
+#: ../../configuration/nat/nat44.rst:275
msgid "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
msgstr "For :ref:`destination-nat` rules the packets destination address will be replaced by the specified address in the `translation address` command."
-#: ../../configuration/nat/nat44.rst:228
+#: ../../configuration/nat/nat44.rst:240
msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address."
@@ -6163,7 +5580,7 @@ msgstr "For a headstart you can use the below example on how to build a bond,por
msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system."
-#: ../../configuration/nat/nat44.rst:248
+#: ../../configuration/nat/nat44.rst:260
msgid "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
msgstr "For a large amount of private machines behind the NAT your address pool might to be bigger. Use any address in the range 100.64.0.10 - 100.64.0.20 on SNAT rule 40 when doing the translation"
@@ -6187,7 +5604,9 @@ msgstr "For example:"
msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``"
-#: ../../configuration/firewall/general.rst:320
+#: ../../configuration/firewall/bridge.rst:58
+#: ../../configuration/firewall/ipv4.rst:74
+#: ../../configuration/firewall/ipv6.rst:74
msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed."
@@ -6223,11 +5642,11 @@ msgstr "For latest releases, refer the `firewall (interface-groups) <https://doc
msgid "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
msgstr "For more information on how MPLS label switching works, please go visit `Wikipedia (MPLS)`_."
-#: ../../configuration/service/pppoe-server.rst:312
+#: ../../configuration/service/pppoe-server.rst:299
msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts."
-#: ../../configuration/interfaces/vxlan.rst:131
+#: ../../configuration/interfaces/vxlan.rst:152
msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this."
@@ -6235,7 +5654,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead
msgid "For outbound updates the order of preference is:"
msgstr "For outbound updates the order of preference is:"
-#: ../../configuration/firewall/general.rst:497
+#: ../../configuration/firewall/bridge.rst:201
+msgid "For reference, a description can be defined for every defined custom chain."
+msgstr "For reference, a description can be defined for every defined custom chain."
+
+#: ../../configuration/firewall/ipv4.rst:270
+#: ../../configuration/firewall/ipv6.rst:270
msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."
msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain."
@@ -6279,10 +5703,28 @@ msgstr "For the sake of demonstration, `example #1 in the official documentation
msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``"
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``"
+
+#: ../../configuration/firewall/bridge.rst:40
+msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color."
+
+#: ../../configuration/firewall/ipv4.rst:46
+#: ../../configuration/firewall/ipv6.rst:46
+msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):"
+
#: ../../configuration/firewall/general.rst:69
msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``"
+#: ../../configuration/firewall/ipv4.rst:36
+#: ../../configuration/firewall/ipv6.rst:36
+msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:"
+
#: ../../configuration/firewall/general.rst:62
msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``"
@@ -6315,6 +5757,14 @@ msgstr "From :rfc:`1930`:"
msgid "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
msgstr "From a security perspective, it is not recommended to let a third party create and share the private key for a secured connection. You should create the private portion on your own and only hand out the public key. Please keep this in mind when using this convenience feature."
+#: ../../configuration/firewall/bridge.rst:21
+#: ../../configuration/firewall/flowtables.rst:20
+#: ../../configuration/firewall/ipv4.rst:19
+#: ../../configuration/firewall/ipv6.rst:19
+#: ../../configuration/firewall/zone.rst:31
+msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:"
+
#: ../../configuration/highavailability/index.rst:380
msgid "Fwmark"
msgstr "Fwmark"
@@ -6369,6 +5819,10 @@ msgstr "General"
msgid "General Configuration"
msgstr "General Configuration"
+#: ../../configuration/firewall/bridge.rst:291
+msgid "General commands for firewall configuration, counter and statiscits:"
+msgstr "General commands for firewall configuration, counter and statiscits:"
+
#: ../../configuration/interfaces/wireguard.rst:29
msgid "Generate Keypair"
msgstr "Generate Keypair"
@@ -6424,6 +5878,10 @@ msgstr "Get an overview over the encryption counters."
msgid "Get detailed information about LLDP neighbors."
msgstr "Get detailed information about LLDP neighbors."
+#: ../../configuration/nat/nat66.rst:160
+msgid "Get the DHCPv6-PD prefixes from both routers:"
+msgstr "Get the DHCPv6-PD prefixes from both routers:"
+
#: ../../configuration/protocols/rpki.rst:39
msgid "Getting started"
msgstr "Getting started"
@@ -6444,6 +5902,10 @@ msgstr "Gloabal"
msgid "Global Options"
msgstr "Global Options"
+#: ../../configuration/firewall/global-options.rst:7
+msgid "Global Options Firewall Configuration"
+msgstr "Global Options Firewall Configuration"
+
#: ../../configuration/highavailability/index.rst:224
msgid "Global options"
msgstr "Global options"
@@ -6465,7 +5927,6 @@ msgstr "Graceful Restart"
msgid "Gratuitous ARP"
msgstr "Gratuitous ARP"
-#: ../../configuration/firewall/general.rst:184
#: ../../configuration/firewall/general-legacy.rst:153
msgid "Groups"
msgstr "Groups"
@@ -6482,7 +5943,11 @@ msgstr "HQ's router requires the following steps to generate crypto materials fo
msgid "HTTP-API"
msgstr "HTTP-API"
-#: ../../configuration/service/dns.rst:304
+#: ../../configuration/service/https.rst:5
+msgid "HTTP API"
+msgstr "HTTP API"
+
+#: ../../configuration/service/dns.rst:317
msgid "HTTP based services"
msgstr "HTTP based services"
@@ -6499,11 +5964,11 @@ msgstr "HTTP client"
msgid "HT (High Throughput) capabilities (802.11n)"
msgstr "HT (High Throughput) capabilities (802.11n)"
-#: ../../configuration/nat/nat44.rst:398
+#: ../../configuration/nat/nat44.rst:412
msgid "Hairpin NAT/NAT Reflection"
msgstr "Hairpin NAT/NAT Reflection"
-#: ../../configuration/service/dhcp-server.rst:643
+#: ../../configuration/service/dhcp-server.rst:573
msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation."
@@ -6511,7 +5976,7 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe
msgid "Handling and monitoring"
msgstr "Handling and monitoring"
-#: ../../configuration/nat/nat44.rst:389
+#: ../../configuration/nat/nat44.rst:403
msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled."
@@ -6527,15 +5992,15 @@ msgstr "Health check scripts"
msgid "Health checks"
msgstr "Health checks"
-#: ../../configuration/nat/nat44.rst:602
+#: ../../configuration/nat/nat44.rst:626
msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:"
-#: ../../configuration/nat/nat44.rst:668
+#: ../../configuration/nat/nat44.rst:692
msgid "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
msgstr "Here's one example of a network environment for an ASP. The ASP requests that all connections from this company should come from 172.29.41.89 - an address that is assigned by the ASP and not in use at the customer site."
-#: ../../configuration/protocols/isis.rst:357
+#: ../../configuration/protocols/isis.rst:385
msgid "Here's the IP routes that are populated. Just the loopback:"
msgstr "Here's the IP routes that are populated. Just the loopback:"
@@ -6563,37 +6028,22 @@ msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:"
msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`."
-#: ../../configuration/protocols/isis.rst:523
+#: ../../configuration/firewall/groups.rst:150
+msgid "Here is an example were multiple groups are created:"
+msgstr "Here is an example were multiple groups are created:"
+
+#: ../../configuration/protocols/isis.rst:551
#: ../../configuration/protocols/ospf.rst:1036
#: ../../configuration/protocols/segment-routing.rst:251
#: ../../configuration/protocols/segment-routing.rst:330
msgid "Here is the routing tables showing the MPLS segment routing label operations:"
msgstr "Here is the routing tables showing the MPLS segment routing label operations:"
-#: ../../configuration/nat/nat44.rst:633
+#: ../../configuration/nat/nat44.rst:657
msgid "Here we provide two examples on how to apply NAT Load Balance."
msgstr "Here we provide two examples on how to apply NAT Load Balance."
#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
-#: ../../_include/interface-ip.txt:170
msgid "Hewlett-Packard call it Source-Port filtering or port-isolation"
msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation"
@@ -6624,7 +6074,7 @@ msgstr "Host Information"
msgid "Host name"
msgstr "Host name"
-#: ../../configuration/service/dhcp-server.rst:698
+#: ../../configuration/service/dhcp-server.rst:630
msgid "Host specific mapping shall be named ``client1``"
msgstr "Host specific mapping shall be named ``client1``"
@@ -6677,17 +6127,10 @@ msgid "IEEE 802.1X/MACsec replay protection window. This determines a window in
msgstr "IEEE 802.1X/MACsec replay protection window. This determines a window in which replay is tolerated, to allow receipt of frames that have been misordered by the network."
#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
-#: ../../_include/interface-vlan-8021ad.txt:3
msgid "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
msgstr "IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. 802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q. \"Q-in-Q\" can for supported devices apply to C-tag stacking on C-tag (Ethernet Type = 0x8100)."
#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
-#: ../../_include/interface-vlan-8021q.txt:1
msgid "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard that supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol."
@@ -6695,11 +6138,15 @@ msgstr "IEEE 802.1q_, often referred to as Dot1q, is the networking standard tha
msgid "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
msgstr "IETF published :rfc:`6598`, detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the :abbr:`IANA (Internet Assigned Numbers Authority)` for this allocation."
-#: ../../configuration/protocols/igmp.rst:179
+#: ../../configuration/protocols/pim.rst:176
+msgid "IGMP - Internet Group Management Protocol)"
+msgstr "IGMP - Internet Group Management Protocol)"
+
+#: ../../configuration/protocols/igmp-proxy.rst:7
msgid "IGMP Proxy"
msgstr "IGMP Proxy"
-#: ../../configuration/nat/nat44.rst:726
+#: ../../configuration/nat/nat44.rst:748
msgid "IKE Phase:"
msgstr "IKE Phase:"
@@ -6711,11 +6158,11 @@ msgstr "IKE (Internet Key Exchange) Attributes"
msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996"
-#: ../../configuration/vpn/site2site_ipsec.rst:156
+#: ../../configuration/vpn/site2site_ipsec.rst:160
msgid "IKEv1"
msgstr "IKEv1"
-#: ../../configuration/vpn/site2site_ipsec.rst:267
+#: ../../configuration/vpn/site2site_ipsec.rst:271
msgid "IKEv2"
msgstr "IKEv2"
@@ -6739,11 +6186,11 @@ msgstr "IPIP6"
msgid "IPSec:"
msgstr "IPSec:"
-#: ../../configuration/nat/nat44.rst:722
+#: ../../configuration/nat/nat44.rst:744
msgid "IPSec IKE and ESP"
msgstr "IPSec IKE and ESP"
-#: ../../configuration/nat/nat44.rst:687
+#: ../../configuration/nat/nat44.rst:711
msgid "IPSec IKE and ESP Groups;"
msgstr "IPSec IKE and ESP Groups;"
@@ -6751,19 +6198,19 @@ msgstr "IPSec IKE and ESP Groups;"
msgid "IPSec IKEv2 Remote Access VPN"
msgstr "IPSec IKEv2 Remote Access VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN"
msgstr "IPSec IKEv2 site2site VPN"
-#: ../../configuration/vpn/site2site_ipsec.rst:281
+#: ../../configuration/vpn/site2site_ipsec.rst:285
msgid "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
msgstr "IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)"
-#: ../../configuration/nat/nat44.rst:758
+#: ../../configuration/nat/nat44.rst:780
msgid "IPSec VPN Tunnels"
msgstr "IPSec VPN Tunnels"
-#: ../../configuration/nat/nat44.rst:688
+#: ../../configuration/nat/nat44.rst:712
msgid "IPSec VPN tunnels."
msgstr "IPSec VPN tunnels."
@@ -6771,7 +6218,7 @@ msgstr "IPSec VPN tunnels."
msgid "IP address"
msgstr "IP address"
-#: ../../configuration/service/dhcp-server.rst:237
+#: ../../configuration/service/dhcp-server.rst:202
msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``"
@@ -6780,19 +6227,19 @@ msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named
msgid "IP address ``192.168.2.1/24``"
msgstr "IP address ``192.168.2.1/24``"
-#: ../../configuration/service/dhcp-server.rst:319
+#: ../../configuration/service/dhcp-server.rst:286
msgid "IP address for DHCP server identifier"
msgstr "IP address for DHCP server identifier"
-#: ../../configuration/service/dhcp-server.rst:309
+#: ../../configuration/service/dhcp-server.rst:276
msgid "IP address of NTP server"
msgstr "IP address of NTP server"
-#: ../../configuration/service/dhcp-server.rst:349
+#: ../../configuration/service/dhcp-server.rst:316
msgid "IP address of POP3 server"
msgstr "IP address of POP3 server"
-#: ../../configuration/service/dhcp-server.rst:344
+#: ../../configuration/service/dhcp-server.rst:311
msgid "IP address of SMTP server"
msgstr "IP address of SMTP server"
@@ -6808,7 +6255,7 @@ msgstr "IP address of route to match, based on prefix-list."
msgid "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IP address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/dhcp-server.rst:379
+#: ../../configuration/service/dhcp-server.rst:346
msgid "IP address to exclude from DHCP lease range"
msgstr "IP address to exclude from DHCP lease range"
@@ -6884,19 +6331,23 @@ msgstr "IPsec"
msgid "IPsec policy matching GRE"
msgstr "IPsec policy matching GRE"
-#: ../../configuration/service/pppoe-server.rst:359
+#: ../../configuration/service/pppoe-server.rst:346
msgid "IPv4"
msgstr "IPv4"
-#: ../../configuration/interfaces/vxlan.rst:85
+#: ../../configuration/interfaces/vxlan.rst:106
msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly."
-#: ../../configuration/service/dhcp-server.rst:324
+#: ../../configuration/firewall/ipv4.rst:7
+msgid "IPv4 Firewall Configuration"
+msgstr "IPv4 Firewall Configuration"
+
+#: ../../configuration/service/dhcp-server.rst:291
msgid "IPv4 address of next bootstrap server"
msgstr "IPv4 address of next bootstrap server"
-#: ../../configuration/service/dhcp-server.rst:284
+#: ../../configuration/service/dhcp-server.rst:251
msgid "IPv4 address of router on the client's subnet"
msgstr "IPv4 address of router on the client's subnet"
@@ -6904,7 +6355,7 @@ msgstr "IPv4 address of router on the client's subnet"
msgid "IPv4 or IPv6 source address of NetFlow packets"
msgstr "IPv4 or IPv6 source address of NetFlow packets"
-#: ../../configuration/protocols/bgp.rst:1098
+#: ../../configuration/protocols/bgp.rst:1099
msgid "IPv4 peering"
msgstr "IPv4 peering"
@@ -6925,7 +6376,7 @@ msgid "IPv4 server"
msgstr "IPv4 server"
#: ../../configuration/interfaces/pppoe.rst:244
-#: ../../configuration/service/pppoe-server.rst:280
+#: ../../configuration/service/pppoe-server.rst:267
#: ../../configuration/system/ipv6.rst:3
msgid "IPv6"
msgstr "IPv6"
@@ -6942,11 +6393,15 @@ msgstr "IPv6 DHCPv6-PD Example"
msgid "IPv6 DNS addresses are optional."
msgstr "IPv6 DNS addresses are optional."
+#: ../../configuration/firewall/ipv6.rst:7
+msgid "IPv6 Firewall Configuration"
+msgstr "IPv6 Firewall Configuration"
+
#: ../../configuration/protocols/pim6.rst:5
msgid "IPv6 Multicast"
msgstr "IPv6 Multicast"
-#: ../../configuration/service/pppoe-server.rst:295
+#: ../../configuration/service/pppoe-server.rst:282
msgid "IPv6 Prefix Delegation"
msgstr "IPv6 Prefix Delegation"
@@ -6962,7 +6417,7 @@ msgstr "IPv6 SLAAC and IA-PD"
msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers"
-#: ../../configuration/service/dhcp-server.rst:696
+#: ../../configuration/service/dhcp-server.rst:628
msgid "IPv6 address ``2001:db8::101`` shall be statically mapped"
msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped"
@@ -6978,11 +6433,11 @@ msgstr "IPv6 address of route to match, based on IPv6 prefix-list."
msgid "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
msgstr "IPv6 address of route to match, based on specified prefix-length. Note that this can be used for kernel routes only. Do not apply to the routes of dynamic routing protocols (e.g. BGP, RIP, OSFP), as this can lead to unexpected results.."
-#: ../../configuration/service/pppoe-server.rst:283
+#: ../../configuration/service/pppoe-server.rst:270
msgid "IPv6 client's prefix assignment"
msgstr "IPv6 client's prefix assignment"
-#: ../../configuration/protocols/bgp.rst:1143
+#: ../../configuration/protocols/bgp.rst:1144
msgid "IPv6 peering"
msgstr "IPv6 peering"
@@ -6990,7 +6445,7 @@ msgstr "IPv6 peering"
msgid "IPv6 prefix."
msgstr "IPv6 prefix."
-#: ../../configuration/service/dhcp-server.rst:697
+#: ../../configuration/service/dhcp-server.rst:629
msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped"
@@ -7002,7 +6457,7 @@ msgstr "IPv6 relay"
msgid "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
msgstr "IPv6 route source: bgp, connected, eigrp, isis, kernel, nhrp, ospfv3, ripng, static."
-#: ../../configuration/service/dhcp-server.rst:578
+#: ../../configuration/service/dhcp-server.rst:502
msgid "IPv6 server"
msgstr "IPv6 server"
@@ -7022,11 +6477,11 @@ msgstr "IS-IS Global Configuration"
msgid "IS-IS SR Configuration"
msgstr "IS-IS SR Configuration"
-#: ../../configuration/service/dhcp-server.rst:266
+#: ../../configuration/service/dhcp-server.rst:233
msgid "ISC-DHCP Option name"
msgstr "ISC-DHCP Option name"
-#: ../../configuration/vpn/openconnect.rst:226
+#: ../../configuration/vpn/openconnect.rst:233
msgid "Identity Based Configuration"
msgstr "Identity Based Configuration"
@@ -7043,10 +6498,17 @@ msgid "If CA is present, this certificate will be included in generated CRLs"
msgstr "If CA is present, this certificate will be included in generated CRLs"
#: ../../_include/interface-per-client-thread.txt:8
-#: ../../_include/interface-per-client-thread.txt:8
msgid "If CLI option is not specified, this feature is disabled."
msgstr "If CLI option is not specified, this feature is disabled."
+#: ../../configuration/protocols/pim.rst:35
+msgid "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+msgstr "If PIM has the a choice of ECMP nexthops for a particular :abbr:`RPF (Reverse Path Forwarding)`, PIM will cause S,G flows to be spread out amongst the nexthops. If this command is not specified then the first nexthop found will be used."
+
+#: ../../configuration/protocols/pim.rst:42
+msgid "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+msgstr "If PIM is using ECMP and an interface goes down, cause PIM to rebalance all S,G flows across the remaining nexthops. If this command is not configured PIM only modifies those S,G flows that were using the interface that went down."
+
#: ../../configuration/protocols/bgp.rst:225
msgid "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
msgstr "If :cfgcmd:`strict` is set the BGP session won’t become established until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side."
@@ -7072,7 +6534,9 @@ msgstr "If a response is heard, the lease is abandoned, and the server does not
msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used."
-#: ../../configuration/firewall/general.rst:329
+#: ../../configuration/firewall/bridge.rst:67
+#: ../../configuration/firewall/ipv4.rst:83
+#: ../../configuration/firewall/ipv6.rst:83
msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match."
@@ -7088,72 +6552,19 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918
msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead."
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
-#: ../../_include/interface-ip.txt:72
+#: ../../configuration/protocols/pim.rst:106
+msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
#: ../../_include/interface-ip.txt:72
msgid "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
msgstr "If configured, incoming IP directed broadcast packets on this interface will be forwarded."
#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
-#: ../../_include/interface-ip.txt:124
msgid "If configured, reply only if the target IP address is local address configured on the incoming interface."
msgstr "If configured, reply only if the target IP address is local address configured on the incoming interface."
#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
-#: ../../_include/interface-ip.txt:106
msgid "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
msgstr "If configured, try to avoid local addresses that are not in the target's subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2."
@@ -7161,7 +6572,7 @@ msgstr "If configured, try to avoid local addresses that are not in the target's
msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor."
-#: ../../configuration/nat/nat44.rst:542
+#: ../../configuration/nat/nat44.rst:564
msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`."
@@ -7169,7 +6580,15 @@ msgstr "If forwarding traffic to a different port than it is arriving on, you ma
msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority."
-#: ../../configuration/protocols/igmp.rst:221
+#: ../../configuration/firewall/index.rst:82
+msgid "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+msgstr "If interface were the packet was received is part of a bridge, then packet is processed at the **Bridge Layer**, which contains a ver basic setup where for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:25
+msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:"
+
+#: ../../configuration/protocols/igmp-proxy.rst:49
msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled."
@@ -7193,7 +6612,7 @@ msgstr "If multi-pathing is enabled, then check whether the routes not yet disti
msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background."
-#: ../../configuration/nat/nat44.rst:205
+#: ../../configuration/nat/nat44.rst:217
msgid "If no destination is specified the rule will match on any destination address and port."
msgstr "If no destination is specified the rule will match on any destination address and port."
@@ -7206,52 +6625,18 @@ msgid "If no option is specified, this defaults to `all`."
msgstr "If no option is specified, this defaults to `all`."
#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
-#: ../../_include/interface-ip.txt:42
msgid "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
msgstr "If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work)."
+#: ../../configuration/protocols/pim.rst:142
+msgid "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+msgstr "If optional profile parameter is used, select a BFD profile for the BFD sessions created via this interface."
+
#: ../../configuration/system/ip.rst:17
msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not."
#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
-#: ../../_include/interface-ip.txt:36
msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems."
@@ -7260,25 +6645,6 @@ msgid "If suffix is omitted, minutes are implied."
msgstr "If suffix is omitted, minutes are implied."
#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
-#: ../../_include/interface-ip.txt:91
msgid "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
msgstr "If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off."
@@ -7318,6 +6684,14 @@ msgstr "If the average queue size is lower than the **min-threshold**, an arrivi
msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one."
+#: ../../configuration/firewall/index.rst:83
+msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:"
+
+#: ../../configuration/firewall/index.rst:26
+msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:"
+
#: ../../configuration/interfaces/bonding.rst:187
#: ../../configuration/interfaces/bonding.rst:216
msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash."
@@ -7339,7 +6713,7 @@ msgstr "If the table is empty and you have a warning message, it means conntrack
msgid "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
msgstr "If there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time."
-#: ../../configuration/vpn/site2site_ipsec.rst:237
+#: ../../configuration/vpn/site2site_ipsec.rst:241
msgid "If there is SNAT rules on eth1, need to add exclude rule"
msgstr "If there is SNAT rules on eth1, need to add exclude rule"
@@ -7348,7 +6722,7 @@ msgstr "If there is SNAT rules on eth1, need to add exclude rule"
msgid "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
msgstr "If this command is invoked from configure mode with the ``run`` prefix the key is automatically installed to the appropriate interface:"
-#: ../../configuration/service/dhcp-relay.rst:166
+#: ../../configuration/service/dhcp-relay.rst:168
msgid "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
msgstr "If this is set the relay agent will insert the interface ID. This option is set automatically if more than one listening interfaces are in use."
@@ -7356,53 +6730,15 @@ msgstr "If this is set the relay agent will insert the interface ID. This option
msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped."
-#: ../../configuration/vpn/sstp.rst:172
+#: ../../configuration/vpn/sstp.rst:183
msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds."
#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
-#: ../../_include/interface-ip.txt:75
msgid "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
msgstr "If this option is unset (default), incoming IP directed broadcast packets will not be forwarded."
#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
-#: ../../_include/interface-ip.txt:127
msgid "If this option is unset (default), reply for any local target IP address, configured on any interface."
msgstr "If this option is unset (default), reply for any local target IP address, configured on any interface."
@@ -7422,7 +6758,7 @@ msgstr "If unset, incoming connections to the RADIUS server will use the nearest
msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken."
-#: ../../configuration/nat/nat44.rst:788
+#: ../../configuration/nat/nat44.rst:810
msgid "If you've completed all the above steps you no doubt want to see if it's all working."
msgstr "If you've completed all the above steps you no doubt want to see if it's all working."
@@ -7473,6 +6809,10 @@ msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceilin
msgid "If you enable this, you will probably want to set diversity-factor and channel below."
msgstr "If you enable this, you will probably want to set diversity-factor and channel below."
+#: ../../configuration/protocols/pim.rst:54
+msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale."
+
#: ../../configuration/interfaces/bonding.rst:312
msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack."
@@ -7493,6 +6833,10 @@ msgstr "If you have a lot of interfaces, and/or a lot of subnets, then enabling
msgid "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add additional rules to permit inbound NAT traffic."
+#: ../../configuration/protocols/pim.rst:171
+msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface."
+
#: ../../configuration/system/flow-accounting.rst:65
msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:"
@@ -7541,7 +6885,7 @@ msgstr "Ignore VRRP main interface faults"
msgid "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_communication_principles_diagram.PNG which is under the GNU Free Documentation License"
-#: ../../configuration/vpn/site2site_ipsec.rst:275
+#: ../../configuration/vpn/site2site_ipsec.rst:279
msgid "Imagine the following topology"
msgstr "Imagine the following topology"
@@ -7574,35 +6918,14 @@ msgid "In VyOS, a class is identified by a number you can choose when configurin
msgstr "In VyOS, a class is identified by a number you can choose when configuring it."
#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
-#: ../../_include/interface-vlan-8021ad.txt:22
msgid "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that are used."
#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
-#: ../../_include/interface-ip.txt:166
msgid "In :rfc:`3069` it is called VLAN Aggregation"
msgstr "In :rfc:`3069` it is called VLAN Aggregation"
-#: ../../configuration/firewall/zone.rst:41
+#: ../../configuration/firewall/zone.rst:60
msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``."
@@ -7611,8 +6934,6 @@ msgid "In a minimal configuration, the following must be provided:"
msgstr "In a minimal configuration, the following must be provided:"
#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
-#: ../../_include/interface-vlan-8021ad.txt:16
msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)."
@@ -7632,15 +6953,9 @@ msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service
msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server."
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
-#: ../../configuration/pki/pki_cli_import_help.txt:1
#: ../../configuration/pki/index.rst:144
#: ../../configuration/pki/index.rst:159
+#: ../../configuration/pki/pki_cli_import_help.txt:1
msgid "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
msgstr "In addition to the command above, the output is in a format which can be used to directly import the key into the VyOS CLI by simply copy-pasting the output from op-mode into configuration mode."
@@ -7656,8 +6971,7 @@ msgstr "In addition you will specifiy the IP address or FQDN for the client wher
msgid "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address."
-#: ../../configuration/firewall/general.rst:194
-#: ../../configuration/firewall/general-legacy.rst:170
+#: ../../configuration/firewall/groups.rst:21
msgid "In an **address group** a single IP address or IP address ranges are defined."
msgstr "In an **address group** a single IP address or IP address ranges are defined."
@@ -7681,6 +6995,10 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random
msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:"
+#: ../../configuration/firewall/bridge.rst:70
+msgid "In firewall bridge rules, the action can be:"
+msgstr "In firewall bridge rules, the action can be:"
+
#: ../../configuration/protocols/ospf.rst:339
msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized."
@@ -7693,7 +7011,7 @@ msgstr "In large deployments it is not reasonable to configure each user individ
msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting."
-#: ../../configuration/service/dhcp-server.rst:196
+#: ../../configuration/service/dhcp-server.rst:161
msgid "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
msgstr "In order for the primary and the secondary DHCP server to keep their lease tables in sync, they must be able to reach each other on TCP port 647. If you have firewall rules in effect, adjust them accordingly."
@@ -7721,42 +7039,35 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps
msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way."
-#: ../../configuration/service/dhcp-server.rst:691
+#: ../../configuration/service/dhcp-server.rst:623
msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process."
+#: ../../configuration/interfaces/vxlan.rst:82
+msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host."
+
#: ../../configuration/trafficpolicy/index.rst:402
msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds."
+#: ../../configuration/protocols/pim.rst:87
+msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands."
+
#: ../../configuration/interfaces/ethernet.rst:95
msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option."
-#: ../../configuration/nat/nat44.rst:382
+#: ../../configuration/firewall/flowtables.rst:59
+msgid "In order to use flowtables, the minimal configuration needed includes:"
+msgstr "In order to use flowtables, the minimal configuration needed includes:"
+
+#: ../../configuration/nat/nat44.rst:396
msgid "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
msgstr "In other words, connection tracking has already observed the connection be closed and has transition the flow to INVALID to prevent attacks from attempting to reuse the connection."
#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
-#: ../../_include/interface-ip.txt:47
msgid "In other words it allows control of which cards (usually 1) will respond to an arp request."
msgstr "In other words it allows control of which cards (usually 1) will respond to an arp request."
@@ -7764,7 +7075,7 @@ msgstr "In other words it allows control of which cards (usually 1) will respond
msgid "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
msgstr "In our example, we used the key name ``openvpn-1`` which we will reference in our configuration."
-#: ../../configuration/nat/nat44.rst:507
+#: ../../configuration/nat/nat44.rst:527
msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers"
@@ -7812,15 +7123,15 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound
msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it."
-#: ../../configuration/service/pppoe-server.rst:272
+#: ../../configuration/service/pppoe-server.rst:259
msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients."
-#: ../../configuration/nat/nat44.rst:321
+#: ../../configuration/nat/nat44.rst:333
msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:"
-#: ../../configuration/system/login.rst:397
+#: ../../configuration/system/login.rst:399
msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password."
@@ -7832,7 +7143,7 @@ msgstr "In the following example, the IPs for the remote clients are defined in
msgid "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
msgstr "In the following example, when VLAN9 transitions, VLAN20 will also transition:"
-#: ../../configuration/protocols/igmp.rst:37
+#: ../../configuration/protocols/pim.rst:219
msgid "In the following example we can see a basic multicast setup:"
msgstr "In the following example we can see a basic multicast setup:"
@@ -7856,11 +7167,11 @@ msgstr "In this command tree, all hardware acceleration options will be handled.
msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:"
-#: ../../configuration/nat/nat44.rst:344
+#: ../../configuration/nat/nat44.rst:358
msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be."
-#: ../../configuration/nat/nat44.rst:498
+#: ../../configuration/nat/nat44.rst:518
msgid "In this example, we will be using the example Quick Start configuration above as a starting point."
msgstr "In this example, we will be using the example Quick Start configuration above as a starting point."
@@ -7880,10 +7191,38 @@ msgstr "In this example we will use the most complicated case: a setup where eac
msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default."
-#: ../../configuration/service/dns.rst:152
+#: ../../configuration/service/dns.rst:165
msgid "In this scenario:"
msgstr "In this scenario:"
+#: ../../configuration/firewall/ipv4.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/ipv6.rst:13
+msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables"
+
+#: ../../configuration/firewall/flowtables.rst:15
+msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables."
+
+#: ../../configuration/firewall/zone.rst:25
+msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:"
+
+#: ../../configuration/firewall/bridge.rst:289
+msgid "In this section you can find all useful firewall op-mode commands."
+msgstr "In this section you can find all useful firewall op-mode commands."
+
#: ../../configuration/service/webproxy.rst:95
msgid "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
msgstr "In transparent proxy mode, all traffic arriving on port 80 and destined for the Internet is automatically forwarded through the proxy. This allows immediate proxy forwarding without configuring client browsers."
@@ -7896,7 +7235,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
-#: ../../configuration/firewall/zone.rst:24
+#: ../../configuration/firewall/zone.rst:43
msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network."
@@ -7916,11 +7255,11 @@ msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octet
msgid "Indication"
msgstr "Indication"
-#: ../../configuration/service/dhcp-server.rst:84
+#: ../../configuration/service/dhcp-server.rst:64
msgid "Individual Client Subnet"
msgstr "Individual Client Subnet"
-#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:49
msgid "Inform client that the DNS server can be found at `<address>`."
msgstr "Inform client that the DNS server can be found at `<address>`."
@@ -7940,53 +7279,19 @@ msgstr "Informational messages"
msgid "Input from `eth0` network interface"
msgstr "Input from `eth0` network interface"
+#: ../../configuration/firewall/bridge.rst:390
+msgid "Inspect logs:"
+msgstr "Inspect logs:"
+
#: ../../configuration/vpn/pptp.rst:32
msgid "Install the client software via apt and execute pptpsetup to generate the configuration."
msgstr "Install the client software via apt and execute pptpsetup to generate the configuration."
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/pppoe.rst:218
#: ../../configuration/interfaces/pppoe.rst:264
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
#: ../../configuration/interfaces/sstp-client.rst:90
#: ../../_include/interface-ip.txt:15
#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
-#: ../../_include/interface-ip.txt:15
-#: ../../_include/interface-ipv6.txt:71
msgid "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
msgstr "Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to automatically set the proper value."
@@ -7995,21 +7300,6 @@ msgid "Instead of password only authentication, 2FA password authentication + OT
msgstr "Instead of password only authentication, 2FA password authentication + OTP key can be used. Alternatively, OTP authentication only, without a password, can be used. To do this, an OTP configuration must be added to the configuration above:"
#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
-#: ../../_include/interface-dhcp-options.txt:19
msgid "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
msgstr "Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value."
@@ -8035,7 +7325,7 @@ msgstr "Interconnect the global VRF with vrf \"red\" using the veth10 <-> veth 1
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../configuration/firewall/general.rst:239
+#: ../../configuration/firewall/groups.rst:66
msgid "Interface Groups"
msgstr "Interface Groups"
@@ -8043,7 +7333,7 @@ msgstr "Interface Groups"
msgid "Interface Routes"
msgstr "Interface Routes"
-#: ../../configuration/protocols/igmp.rst:235
+#: ../../configuration/protocols/igmp-proxy.rst:63
msgid "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
msgstr "Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet multicast which is in `eth0` WAN we need to configure igmp-proxy."
@@ -8059,11 +7349,16 @@ msgstr "Interface for DHCP Relay Agent to forward requests out."
msgid "Interface for DHCP Relay Agent to listen for requests."
msgstr "Interface for DHCP Relay Agent to listen for requests."
+#: ../../configuration/protocols/pim.rst:133
+#: ../../configuration/protocols/pim.rst:186
+msgid "Interface specific commands"
+msgstr "Interface specific commands"
+
#: ../../configuration/service/conntrack-sync.rst:71
msgid "Interface to use for syncing conntrack entries."
msgstr "Interface to use for syncing conntrack entries."
-#: ../../configuration/interfaces/vxlan.rst:93
+#: ../../configuration/interfaces/vxlan.rst:114
msgid "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
msgstr "Interface used for VXLAN underlay. This is mandatory when using VXLAN via a multicast network. VXLAN traffic will always enter and exit this interface."
@@ -8133,6 +7428,10 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis
msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode"
+#: ../../configuration/firewall/flowtables.rst:167
+msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded"
+
#: ../../configuration/system/option.rst:111
msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3."
@@ -8150,7 +7449,7 @@ msgstr "It generates the keypair, which includes the public and private parts. T
msgid "It helps to support as HELPER only for planned restarts."
msgstr "It helps to support as HELPER only for planned restarts."
-#: ../../configuration/firewall/zone.rst:87
+#: ../../configuration/firewall/zone.rst:106
msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*"
@@ -8158,7 +7457,7 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b
msgid "It is compatible with Cisco (R) AnyConnect (R) clients."
msgstr "It is compatible with Cisco (R) AnyConnect (R) clients."
-#: ../../configuration/service/dhcp-server.rst:660
+#: ../../configuration/service/dhcp-server.rst:590
msgid "It is connected to ``eth1``"
msgstr "It is connected to ``eth1``"
@@ -8170,11 +7469,15 @@ msgstr "It is highly recommended to use SSH key authentication. By default there
msgid "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
msgstr "It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration."
+#: ../../configuration/nat/nat44.rst:574
+msgid "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+msgstr "It is important to note that when creating firewall rules, the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
+
#: ../../configuration/nat/nat44.rst:549
msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100."
-#: ../../configuration/vrf/index.rst:503
+#: ../../configuration/vrf/index.rst:505
msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place."
@@ -8190,7 +7493,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because
msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user."
-#: ../../configuration/vrf/index.rst:494
+#: ../../configuration/vrf/index.rst:496
msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected."
@@ -8211,22 +7514,6 @@ msgid "It uses a stochastic model to classify incoming packets into different fl
msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:30
msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface."
@@ -8258,11 +7545,11 @@ msgstr "Key Generation"
msgid "Key Management"
msgstr "Key Management"
-#: ../../configuration/vpn/site2site_ipsec.rst:374
+#: ../../configuration/vpn/site2site_ipsec.rst:383
msgid "Key Parameters:"
msgstr "Key Parameters:"
-#: ../../configuration/firewall/zone.rst:31
+#: ../../configuration/firewall/zone.rst:50
msgid "Key Points:"
msgstr "Key Points:"
@@ -8319,7 +7606,7 @@ msgstr "L2TPv3 is described in :rfc:`3931`."
msgid "L2TPv3 options"
msgstr "L2TPv3 options"
-#: ../../configuration/vrf/index.rst:397
+#: ../../configuration/vrf/index.rst:399
msgid "L3VPN VRFs"
msgstr "L3VPN VRFs"
@@ -8360,19 +7647,19 @@ msgstr "Label Distribution Protocol"
msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements."
-#: ../../configuration/service/dhcp-server.rst:663
+#: ../../configuration/service/dhcp-server.rst:593
msgid "Lease time will be left at the default value which is 24 hours"
msgstr "Lease time will be left at the default value which is 24 hours"
-#: ../../configuration/service/dhcp-server.rst:369
+#: ../../configuration/service/dhcp-server.rst:336
msgid "Lease timeout in seconds (default: 86400)"
msgstr "Lease timeout in seconds (default: 86400)"
-#: ../../configuration/firewall/index.rst:47
+#: ../../configuration/firewall/index.rst:167
msgid "Legacy Firewall"
msgstr "Legacy Firewall"
-#: ../../configuration/interfaces/vxlan.rst:112
+#: ../../configuration/interfaces/vxlan.rst:133
msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP."
@@ -8404,7 +7691,7 @@ msgstr "Level 4 balancing"
msgid "Lifetime associated with the default router in units of seconds"
msgstr "Lifetime associated with the default router in units of seconds"
-#: ../../configuration/service/https.rst:72
+#: ../../configuration/service/https.rst:63
msgid "Lifetime in days; default is 365"
msgstr "Lifetime in days; default is 365"
@@ -8436,7 +7723,7 @@ msgstr "Limiter"
msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)."
-#: ../../configuration/system/login.rst:379
+#: ../../configuration/system/login.rst:381
msgid "Limits"
msgstr "Limits"
@@ -8452,7 +7739,7 @@ msgstr "Link MTU value placed in RAs, exluded in RAs if unset"
msgid "Link aggregation"
msgstr "Link aggregation"
-#: ../../configuration/nat/nat44.rst:372
+#: ../../configuration/nat/nat44.rst:386
msgid "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confuses people into thinking that Linux (or specifically VyOS) has a broken NAT implementation because non-NATed traffic is seen leaving an external interface. This is actually working as intended, and a packet capture of the \"leaky\" traffic should reveal that the traffic is either an additional TCP \"RST\", \"FIN,ACK\", or \"RST,ACK\" sent by client systems after Linux netfilter considers the connection closed. The most common is the additional TCP RST some host implementations send after terminating a connection (which is implementation-specific)."
@@ -8480,7 +7767,7 @@ msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-h
msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``"
-#: ../../configuration/policy/route-map.rst:360
+#: ../../configuration/policy/route-map.rst:362
msgid "List of well-known communities"
msgstr "List of well-known communities"
@@ -8504,15 +7791,15 @@ msgstr "Load-balancing algorithms to be used for distributind requests among the
msgid "Load-balancing schedule algorithm:"
msgstr "Load-balancing schedule algorithm:"
-#: ../../configuration/nat/nat44.rst:632
+#: ../../configuration/nat/nat44.rst:656
msgid "Load Balance"
msgstr "Load Balance"
-#: ../../configuration/service/pppoe-server.rst:256
+#: ../../configuration/service/pppoe-server.rst:243
msgid "Load Balancing"
msgstr "Load Balancing"
-#: ../../configuration/system/login.rst:420
+#: ../../configuration/system/login.rst:422
msgid "Load the container image in op-mode."
msgstr "Load the container image in op-mode."
@@ -8529,7 +7816,7 @@ msgstr "Local Configuration:"
msgid "Local Configuration - Annotated:"
msgstr "Local Configuration - Annotated:"
-#: ../../configuration/service/dhcp-server.rst:178
+#: ../../configuration/service/dhcp-server.rst:143
msgid "Local IP `<address>` used when communicating to the failover peer."
msgstr "Local IP `<address>` used when communicating to the failover peer."
@@ -8609,7 +7896,7 @@ msgstr "Log syslog messages to file specified via `<filename>`, for an explanati
msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below."
-#: ../../configuration/system/conntrack.rst:187
+#: ../../configuration/system/conntrack.rst:224
msgid "Log the connection tracking events per protocol."
msgstr "Log the connection tracking events per protocol."
@@ -8617,7 +7904,9 @@ msgstr "Log the connection tracking events per protocol."
msgid "Logging"
msgstr "Logging"
-#: ../../configuration/firewall/general.rst:412
+#: ../../configuration/firewall/bridge.rst:151
+#: ../../configuration/firewall/ipv4.rst:198
+#: ../../configuration/firewall/ipv6.rst:198
msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."
@@ -8629,14 +7918,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact,
msgid "Login/User Management"
msgstr "Login/User Management"
-#: ../../configuration/system/login.rst:361
+#: ../../configuration/system/login.rst:363
msgid "Login Banner"
msgstr "Login Banner"
-#: ../../configuration/system/login.rst:381
+#: ../../configuration/system/login.rst:383
msgid "Login limits"
msgstr "Login limits"
+#: ../../configuration/protocols/isis.rst:306
+msgid "Loop Free Alternate (LFA)"
+msgstr "Loop Free Alternate (LFA)"
+
#: ../../configuration/interfaces/loopback.rst:7
msgid "Loopback"
msgstr "Loopback"
@@ -8660,8 +7953,7 @@ msgstr "MAC/PHY information"
msgid "MACVLAN - Pseudo Ethernet"
msgstr "MACVLAN - Pseudo Ethernet"
-#: ../../configuration/firewall/general.rst:282
-#: ../../configuration/firewall/general-legacy.rst:240
+#: ../../configuration/firewall/groups.rst:109
msgid "MAC Groups"
msgstr "MAC Groups"
@@ -8701,52 +7993,14 @@ msgstr "MPLS"
msgid "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
msgstr "MPLS support in VyOS is not finished yet, and therefore its functionality is limited. Currently there is no support for MPLS enabled VPN services such as L2VPNs and mVPNs. RSVP support is also not present as the underlying routing stack (FRR) does not implement it. Currently VyOS implements LDP as described in RFC 5036; other LDP standard are the following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447. Because MPLS is already available (FRR also supports RFC 3031)."
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/pppoe.rst:215
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
#: ../../configuration/interfaces/sstp-client.rst:87
#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
-#: ../../_include/interface-ip.txt:12
msgid "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU."
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
#: ../../configuration/interfaces/pppoe.rst:261
#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
-#: ../../_include/interface-ipv6.txt:68
msgid "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 bytes on a 1492 byte MTU."
@@ -8758,11 +8012,19 @@ msgstr "MTU"
msgid "Mail system"
msgstr "Mail system"
+#: ../../configuration/firewall/index.rst:20
+msgid "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+msgstr "Main notes regarding this packet flow and terminology used in VyOS firewall:"
+
+#: ../../configuration/firewall/index.rst:91
+msgid "Main structure VyOS firewall cli is shown next:"
+msgstr "Main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/firewall/general.rst:20
msgid "Main structure is shown next:"
msgstr "Main structure is shown next:"
-#: ../../configuration/service/pppoe-server.rst:308
+#: ../../configuration/service/pppoe-server.rst:295
msgid "Maintenance mode"
msgstr "Maintenance mode"
@@ -8786,11 +8048,15 @@ msgstr "Mandatory Settings"
msgid "Manual Neighbor Configuration"
msgstr "Manual Neighbor Configuration"
-#: ../../configuration/interfaces/vxlan.rst:150
+#: ../../configuration/pki/index.rst:336
+msgid "Manually trigger certificate renewal. This will be done twice a day."
+msgstr "Manually trigger certificate renewal. This will be done twice a day."
+
+#: ../../configuration/interfaces/vxlan.rst:171
msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge."
-#: ../../configuration/vpn/sstp.rst:212
+#: ../../configuration/vpn/sstp.rst:223
msgid "Mark RADIUS server as offline for this given `<time>` in seconds."
msgstr "Mark RADIUS server as offline for this given `<time>` in seconds."
@@ -8810,7 +8076,8 @@ msgstr "Match BGP large communities."
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."
-#: ../../configuration/firewall/general.rst:710
+#: ../../configuration/firewall/ipv4.rst:440
+#: ../../configuration/firewall/ipv6.rst:447
msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."
@@ -8822,18 +8089,18 @@ msgstr "Match RPKI validation result."
msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."
-#: ../../configuration/firewall/general.rst:1091
-#: ../../configuration/firewall/general-legacy.rst:671
+#: ../../configuration/firewall/ipv4.rst:773
+#: ../../configuration/firewall/ipv6.rst:783
msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."
-#: ../../configuration/firewall/general.rst:1158
-#: ../../configuration/firewall/general-legacy.rst:709
+#: ../../configuration/firewall/ipv4.rst:831
+#: ../../configuration/firewall/ipv6.rst:840
msgid "Match against the state of a packet."
msgstr "Match against the state of a packet."
-#: ../../configuration/firewall/general.rst:924
-#: ../../configuration/firewall/general-legacy.rst:590
+#: ../../configuration/firewall/ipv4.rst:620
+#: ../../configuration/firewall/ipv6.rst:630
msgid "Match based on dscp value."
msgstr "Match based on dscp value."
@@ -8841,18 +8108,28 @@ msgstr "Match based on dscp value."
msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."
-#: ../../configuration/firewall/general.rst:937
-#: ../../configuration/firewall/general-legacy.rst:597
+#: ../../configuration/firewall/ipv4.rst:631
+#: ../../configuration/firewall/ipv6.rst:641
msgid "Match based on fragment criteria."
msgstr "Match based on fragment criteria."
-#: ../../configuration/firewall/general.rst:956
-#: ../../configuration/firewall/general-legacy.rst:604
+#: ../../configuration/firewall/ipv4.rst:642
+msgid "Match based on icmp code and type."
+msgstr "Match based on icmp code and type."
+
+#: ../../configuration/firewall/ipv4.rst:653
+msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:663
+msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
+
+#: ../../configuration/firewall/ipv6.rst:652
#: ../../configuration/policy/route.rst:131
msgid "Match based on icmp|icmpv6 code and type."
msgstr "Match based on icmp|icmpv6 code and type."
-#: ../../configuration/firewall/general.rst:975
#: ../../configuration/firewall/general-legacy.rst:610
msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."
@@ -8869,8 +8146,20 @@ msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. Fo
msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1013
-#: ../../configuration/firewall/general-legacy.rst:630
+#: ../../configuration/firewall/bridge.rst:239
+#: ../../configuration/firewall/ipv4.rst:663
+#: ../../configuration/firewall/ipv6.rst:673
+msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:248
+#: ../../configuration/firewall/ipv4.rst:674
+#: ../../configuration/firewall/ipv6.rst:684
+msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:707
+#: ../../configuration/firewall/ipv6.rst:717
msgid "Match based on ipsec criteria."
msgstr "Match based on ipsec criteria."
@@ -8878,53 +8167,77 @@ msgstr "Match based on ipsec criteria."
msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"
-#: ../../configuration/firewall/general.rst:1064
-#: ../../configuration/firewall/general-legacy.rst:656
+#: ../../configuration/firewall/bridge.rst:256
+#: ../../configuration/firewall/ipv4.rst:684
+#: ../../configuration/firewall/ipv6.rst:694
+msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``"
+
+#: ../../configuration/firewall/bridge.rst:265
+#: ../../configuration/firewall/ipv4.rst:695
+#: ../../configuration/firewall/ipv6.rst:705
+msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``"
+
+#: ../../configuration/firewall/ipv4.rst:750
+#: ../../configuration/firewall/ipv6.rst:760
#: ../../configuration/policy/route.rst:176
msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."
-#: ../../configuration/firewall/general.rst:1078
-#: ../../configuration/firewall/general-legacy.rst:664
+#: ../../configuration/firewall/ipv4.rst:762
+#: ../../configuration/firewall/ipv6.rst:772
#: ../../configuration/policy/route.rst:184
msgid "Match based on packet type criteria."
msgstr "Match based on packet type criteria."
-#: ../../configuration/firewall/general.rst:1039
-#: ../../configuration/firewall/general-legacy.rst:644
+#: ../../configuration/firewall/ipv4.rst:729
+#: ../../configuration/firewall/ipv6.rst:739
msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"
-#: ../../configuration/firewall/general.rst:1026
-#: ../../configuration/firewall/general-legacy.rst:637
+#: ../../configuration/firewall/ipv4.rst:718
+#: ../../configuration/firewall/ipv6.rst:728
msgid "Match based on the maximum number of packets to allow in excess of rate."
msgstr "Match based on the maximum number of packets to allow in excess of rate."
-#: ../../configuration/firewall/general.rst:1124
-#: ../../configuration/firewall/general-legacy.rst:689
+#: ../../configuration/firewall/bridge.rst:273
+msgid "Match based on vlan ID. Range is also supported."
+msgstr "Match based on vlan ID. Range is also supported."
+
+#: ../../configuration/firewall/bridge.rst:280
+msgid "Match based on vlan priority(pcp). Range is also supported."
+msgstr "Match based on vlan priority(pcp). Range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:801
+#: ../../configuration/firewall/ipv6.rst:810
msgid "Match bases on recently seen sources."
msgstr "Match bases on recently seen sources."
-#: ../../configuration/firewall/general.rst:562
-#: ../../configuration/firewall/general-legacy.rst:394
+#: ../../configuration/firewall/ipv4.rst:325
+#: ../../configuration/firewall/ipv6.rst:325
msgid "Match criteria based on connection mark."
msgstr "Match criteria based on connection mark."
-#: ../../configuration/firewall/general.rst:549
-#: ../../configuration/firewall/general-legacy.rst:387
+#: ../../configuration/firewall/ipv4.rst:314
+#: ../../configuration/firewall/ipv6.rst:314
msgid "Match criteria based on nat connection status."
msgstr "Match criteria based on nat connection status."
-#: ../../configuration/firewall/general.rst:586
+#: ../../configuration/firewall/ipv4.rst:345
+#: ../../configuration/firewall/ipv6.rst:345
msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."
+#: ../../configuration/firewall/bridge.rst:232
+msgid "Match criteria based on source and/or destination mac-address."
+msgstr "Match criteria based on source and/or destination mac-address."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:58
msgid "Match domain name"
msgstr "Match domain name"
-#: ../../configuration/firewall/general.rst:1234
-#: ../../configuration/firewall/general-legacy.rst:732
+#: ../../configuration/firewall/ipv6.rst:894
#: ../../configuration/policy/route.rst:234
msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
@@ -8937,19 +8250,19 @@ msgstr "Match local preference."
msgid "Match route metric."
msgstr "Match route metric."
-#: ../../configuration/firewall/general.rst:1222
-#: ../../configuration/firewall/general-legacy.rst:726
+#: ../../configuration/firewall/ipv4.rst:885
#: ../../configuration/policy/route.rst:229
msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."
-#: ../../configuration/firewall/general.rst:1259
-#: ../../configuration/firewall/general-legacy.rst:742
+#: ../../configuration/firewall/ipv4.rst:906
+#: ../../configuration/firewall/ipv6.rst:915
msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."
-#: ../../configuration/firewall/general.rst:534
-#: ../../configuration/firewall/general-legacy.rst:378
+#: ../../configuration/firewall/bridge.rst:219
+#: ../../configuration/firewall/ipv4.rst:301
+#: ../../configuration/firewall/ipv6.rst:301
#: ../../configuration/policy/route.rst:38
msgid "Matching criteria"
msgstr "Matching criteria"
@@ -8966,7 +8279,7 @@ msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets"
msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations."
-#: ../../configuration/vpn/sstp.rst:148
+#: ../../configuration/vpn/sstp.rst:159
msgid "Maximum number of IPv4 nameservers"
msgstr "Maximum number of IPv4 nameservers"
@@ -8978,7 +8291,11 @@ msgstr "Maximum number of authenticator processes to spawn. If you start too few
msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that."
-#: ../../configuration/vpn/sstp.rst:239
+#: ../../configuration/service/dns.rst:148
+msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120."
+
+#: ../../configuration/vpn/sstp.rst:250
msgid "Maximum number of tries to send Access-Request/Accounting-Request queries"
msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries"
@@ -9010,6 +8327,26 @@ msgstr "Metris version, the default is ``2``"
msgid "Min and max intervals between unsolicited multicast RAs"
msgstr "Min and max intervals between unsolicited multicast RAs"
+#: ../../configuration/firewall/flowtables.rst:106
+msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities."
+
+#: ../../configuration/protocols/pim.rst:49
+msgid "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+msgstr "Modify the join/prune interval that PIM uses to the new value. Time is specified in seconds."
+
+#: ../../configuration/protocols/pim.rst:59
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds. If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks."
+
+#: ../../configuration/protocols/pim.rst:98
+msgid "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+msgstr "Modify the time out value for a S,G flow from 1-65535 seconds at :abbr:`RP (Rendezvous Point)`. The normal keepalive period for the KAT(S,G) defaults to 210 seconds. However, at the :abbr:`RP (Rendezvous Point)`, the keepalive period must be at least the Register_Suppression_Time, or the RP may time out the (S,G) state before the next Null-Register arrives. Thus, the KAT(S,G) is set to max(Keepalive_Period, RP_Keepalive_Period) when a Register-Stop is sent."
+
+#: ../../configuration/protocols/pim.rst:82
+msgid "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+msgstr "Modify the time that pim will register suppress a FHR will send register notifications to the kernel."
+
#: ../../configuration/interfaces/wireless.rst:22
msgid "Monitor, the system passively monitors any kind of wireless traffic"
msgstr "Monitor, the system passively monitors any kind of wireless traffic"
@@ -9034,7 +8371,7 @@ msgstr "Most operating systems include native client support for IPsec IKEv2 VPN
msgid "Mount a volume into the container"
msgstr "Mount a volume into the container"
-#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:235
msgid "Multi"
msgstr "Multi"
@@ -9046,16 +8383,15 @@ msgstr "Multi-client server is the most popular OpenVPN mode on routers. It alwa
msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses."
-#: ../../configuration/service/dhcp-server.rst:392
+#: ../../configuration/service/dhcp-server.rst:359
msgid "Multi: can be specified multiple times."
msgstr "Multi: can be specified multiple times."
-#: ../../configuration/interfaces/vxlan.rst:89
-#: ../../configuration/protocols/igmp.rst:7
+#: ../../configuration/interfaces/vxlan.rst:110
msgid "Multicast"
msgstr "Multicast"
-#: ../../configuration/interfaces/vxlan.rst:209
+#: ../../configuration/interfaces/vxlan.rst:230
msgid "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
msgstr "Multicast-routing is required for the leaves to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the leaves so that the Spine can learn what multicast groups each Leaf expects traffic from."
@@ -9063,11 +8399,15 @@ msgstr "Multicast-routing is required for the leaves to forward traffic between
msgid "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
msgstr "Multicast DNS uses the 224.0.0.251 address, which is \"administratively scoped\" and does not leave the subnet. It retransmits mDNS packets from one interface to other interfaces. This enables support for e.g. Apple Airplay devices across multiple VLANs."
-#: ../../configuration/interfaces/vxlan.rst:105
+#: ../../configuration/service/mdns.rst:8
+msgid "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+msgstr "Multicast DNS uses the reserved address ``224.0.0.251``, which is `\"administratively scoped\"` and does not leave the subnet. mDNS repeater retransmits mDNS packets from one interface to other interfaces. This enables support for devices using mDNS discovery (like network printers, Apple Airplay, Chromecast, various IP based home-automation devices etc) across multiple VLANs."
+
+#: ../../configuration/interfaces/vxlan.rst:126
msgid "Multicast VXLAN"
msgstr "Multicast VXLAN"
-#: ../../configuration/interfaces/vxlan.rst:99
+#: ../../configuration/interfaces/vxlan.rst:120
msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast."
@@ -9075,7 +8415,7 @@ msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built
msgid "Multicast group to use for syncing conntrack entries."
msgstr "Multicast group to use for syncing conntrack entries."
-#: ../../configuration/protocols/igmp.rst:26
+#: ../../configuration/protocols/pim.rst:22
msgid "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk IGMP to their local router, so, besides having PIM configured in every router, IGMP must also be configured in any router where there could be a multicast receiver locally connected."
@@ -9083,8 +8423,8 @@ msgstr "Multicast receivers will talk IGMP to their local router, so, besides ha
msgid "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
msgstr "Multicast receivers will talk MLD to their local router, so, besides having PIMv6 configured in every router, MLD must also be configured in any router where there could be a multicast receiver locally connected."
-#: ../../configuration/service/dhcp-server.rst:59
-#: ../../configuration/service/dhcp-server.rst:106
+#: ../../configuration/service/dhcp-server.rst:54
+#: ../../configuration/service/dhcp-server.rst:92
msgid "Multiple DNS servers can be defined."
msgstr "Multiple DNS servers can be defined."
@@ -9096,7 +8436,7 @@ msgstr "Multiple RPKI caching instances can be supplied and they need a preferen
msgid "Multiple Uplinks"
msgstr "Multiple Uplinks"
-#: ../../configuration/interfaces/vxlan.rst:144
+#: ../../configuration/interfaces/vxlan.rst:165
msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI."
@@ -9108,7 +8448,7 @@ msgstr "Multiple aliases can pe specified per host-name."
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'"
-#: ../../configuration/system/conntrack.rst:122
+#: ../../configuration/system/conntrack.rst:150
msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``"
@@ -9125,12 +8465,12 @@ msgstr "Multiple networks/client IP addresses can be configured."
msgid "Multiple servers can be specified."
msgstr "Multiple servers can be specified."
-#: ../../configuration/service/dns.rst:361
+#: ../../configuration/service/dns.rst:374
msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"
msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!"
-#: ../../configuration/firewall/general.rst:770
-#: ../../configuration/firewall/general-legacy.rst:515
+#: ../../configuration/firewall/ipv4.rst:494
+#: ../../configuration/firewall/ipv6.rst:500
msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"
@@ -9147,18 +8487,18 @@ msgstr "Multiple users can connect to the same serial device but only one is all
msgid "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
msgstr "Multiprotocol extensions enable BGP to carry routing information for multiple network layer protocols. BGP supports an Address Family Identifier (AFI) for IPv4 and IPv6."
-#: ../../configuration/service/dhcp-server.rst:274
-#: ../../configuration/service/dhcp-server.rst:280
-#: ../../configuration/service/dhcp-server.rst:285
-#: ../../configuration/service/dhcp-server.rst:305
-#: ../../configuration/service/dhcp-server.rst:320
-#: ../../configuration/service/dhcp-server.rst:325
-#: ../../configuration/service/dhcp-server.rst:330
-#: ../../configuration/service/dhcp-server.rst:335
-#: ../../configuration/service/dhcp-server.rst:340
-#: ../../configuration/service/dhcp-server.rst:360
-#: ../../configuration/service/dhcp-server.rst:365
-#: ../../configuration/service/dhcp-server.rst:370
+#: ../../configuration/service/dhcp-server.rst:241
+#: ../../configuration/service/dhcp-server.rst:247
+#: ../../configuration/service/dhcp-server.rst:252
+#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:287
+#: ../../configuration/service/dhcp-server.rst:292
+#: ../../configuration/service/dhcp-server.rst:297
+#: ../../configuration/service/dhcp-server.rst:302
+#: ../../configuration/service/dhcp-server.rst:307
+#: ../../configuration/service/dhcp-server.rst:327
+#: ../../configuration/service/dhcp-server.rst:332
+#: ../../configuration/service/dhcp-server.rst:337
msgid "N"
msgstr "N"
@@ -9175,19 +8515,31 @@ msgstr "NAT, Routing, Firewall Interaction"
msgid "NAT44"
msgstr "NAT44"
+#: ../../configuration/nat/nat64.rst:5
+msgid "NAT64"
+msgstr "NAT64"
+
+#: ../../configuration/nat/nat64.rst:62
+msgid "NAT64 client configuration:"
+msgstr "NAT64 client configuration:"
+
+#: ../../configuration/nat/nat64.rst:44
+msgid "NAT64 server configuration:"
+msgstr "NAT64 server configuration:"
+
#: ../../configuration/nat/nat66.rst:5
msgid "NAT66(NPTv6)"
msgstr "NAT66(NPTv6)"
-#: ../../configuration/nat/nat44.rst:706
+#: ../../configuration/nat/nat44.rst:730
msgid "NAT Configuration"
msgstr "NAT Configuration"
-#: ../../configuration/nat/nat44.rst:287
+#: ../../configuration/nat/nat44.rst:299
msgid "NAT Load Balance"
msgstr "NAT Load Balance"
-#: ../../configuration/nat/nat44.rst:293
+#: ../../configuration/nat/nat44.rst:305
msgid "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it, then it applies corresponding translation. This hash can be generated randomly, or can use data from the ip header: source-address, destination-address, source-port and/or destination-port. By default, it will generate the hash randomly."
@@ -9195,16 +8547,15 @@ msgstr "NAT Load Balance uses an algorithm that generates a hash and based on it
msgid "NAT Ruleset"
msgstr "NAT Ruleset"
-#: ../../configuration/nat/nat44.rst:686
+#: ../../configuration/nat/nat44.rst:710
msgid "NAT (specifically, Source NAT);"
msgstr "NAT (specifically, Source NAT);"
-#: ../../configuration/nat/nat44.rst:624
+#: ../../configuration/nat/nat44.rst:648
msgid "NAT before VPN"
msgstr "NAT before VPN"
-#: ../../configuration/nat/nat44.rst:677
-#: ../../configuration/nat/nat44.rst:677
+#: ../../configuration/nat/nat44.rst:701
msgid "NAT before VPN Topology"
msgstr "NAT before VPN Topology"
@@ -9236,7 +8587,7 @@ msgstr "NTP supplies a warning of any impending leap second adjustment, but no i
msgid "Name Server"
msgstr "Name Server"
-#: ../../configuration/service/dhcp-server.rst:389
+#: ../../configuration/service/dhcp-server.rst:356
msgid "Name of static mapping"
msgstr "Name of static mapping"
@@ -9244,11 +8595,11 @@ msgstr "Name of static mapping"
msgid "Name of the single table Only if set group-metrics single-table."
msgstr "Name of the single table Only if set group-metrics single-table."
-#: ../../configuration/service/dhcp-server.rst:329
+#: ../../configuration/service/dhcp-server.rst:296
msgid "Name or IPv4 address of TFTP server"
msgstr "Name or IPv4 address of TFTP server"
-#: ../../configuration/service/dhcp-server.rst:314
+#: ../../configuration/service/dhcp-server.rst:281
msgid "NetBIOS over TCP/IP name server"
msgstr "NetBIOS over TCP/IP name server"
@@ -9276,7 +8627,7 @@ msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the
msgid "NetFlow v5 example:"
msgstr "NetFlow v5 example:"
-#: ../../configuration/firewall/index.rst:16
+#: ../../configuration/firewall/index.rst:13
msgid "Netfilter based"
msgstr "Netfilter based"
@@ -9302,8 +8653,7 @@ msgstr "Network Control"
msgid "Network Emulator"
msgstr "Network Emulator"
-#: ../../configuration/firewall/general.rst:215
-#: ../../configuration/firewall/general-legacy.rst:191
+#: ../../configuration/firewall/groups.rst:42
msgid "Network Groups"
msgstr "Network Groups"
@@ -9315,7 +8665,7 @@ msgstr "Network ID (SSID) ``Enterprise-TEST``"
msgid "Network ID (SSID) ``TEST``"
msgstr "Network ID (SSID) ``TEST``"
-#: ../../configuration/protocols/igmp.rst:None
+#: ../../configuration/protocols/pim.rst:-1
msgid "Network Topology Diagram"
msgstr "Network Topology Diagram"
@@ -9339,7 +8689,7 @@ msgstr "New user will use SHA/AES for authentication and privacy"
msgid "Next-hop interface for the route"
msgstr "Next-hop interface for the route"
-#: ../../configuration/vpn/openconnect.rst:205
+#: ../../configuration/vpn/openconnect.rst:212
msgid "Next it is necessary to configure 2FA for OpenConnect:"
msgstr "Next it is necessary to configure 2FA for OpenConnect:"
@@ -9428,7 +8778,7 @@ msgstr "Now we add the option to the scope, adapt to your setup"
msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients."
-#: ../../configuration/vpn/openconnect.rst:212
+#: ../../configuration/vpn/openconnect.rst:219
msgid "Now when connecting the user will first be asked for the password and then the OTP key."
msgstr "Now when connecting the user will first be asked for the password and then the OTP key."
@@ -9480,7 +8830,7 @@ msgstr "OTP-key generation"
msgid "Offloading"
msgstr "Offloading"
-#: ../../configuration/service/dhcp-server.rst:278
+#: ../../configuration/service/dhcp-server.rst:245
msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)"
@@ -9555,6 +8905,10 @@ msgstr "On the initiator, we need to set the remote-id option so that it can ide
msgid "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
msgstr "On the initiator, we set the peer address to its public address, but on the responder we only set the id."
+#: ../../configuration/protocols/pim.rst:120
+msgid "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+msgstr "On the last hop router if it is desired to not switch over to the SPT tree configure this command."
+
#: ../../configuration/vpn/rsa-keys.rst:57
msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work."
@@ -9564,25 +8918,6 @@ msgid "Once a class has a filter configured, you will also have to define what y
msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring."
#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
-#: ../../_include/interface-ip.txt:21
msgid "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
msgstr "Once a neighbor has been found, the entry is considered to be valid for at least for this specific time. An entry's validity will be extended if it receives positive feedback from higher level protocols."
@@ -9606,6 +8941,10 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil
msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them."
+#: ../../configuration/firewall/flowtables.rst:38
+msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)"
+
#: ../../configuration/service/pppoe-server.rst:63
msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially."
@@ -9614,11 +8953,11 @@ msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-addres
msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave."
-#: ../../configuration/service/pppoe-server.rst:224
+#: ../../configuration/service/pppoe-server.rst:211
msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'."
-#: ../../configuration/vpn/openconnect.rst:250
+#: ../../configuration/vpn/openconnect.rst:257
msgid "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
msgstr "Once you commit the above changes you can create a config file in the /config/auth/ocserv/config-per-user directory that matches a username of a user you have created e.g. \"tst\". Now when logging in with the \"tst\" user the config options you set in this file will be loaded."
@@ -9626,7 +8965,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c
msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands."
-#: ../../configuration/vpn/sstp.rst:295
+#: ../../configuration/vpn/sstp.rst:307
msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file."
@@ -9651,11 +8990,6 @@ msgid "One of the uses of Fair Queue might be the mitigation of Denial of Servic
msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks."
#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
-#: ../../_include/interface-vlan-8021q.txt:32
msgid "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
@@ -9663,8 +8997,12 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."
msgid "Only VRRP is supported. Required option."
msgstr "Only VRRP is supported. Required option."
-#: ../../configuration/firewall/general.rst:731
-#: ../../configuration/firewall/general-legacy.rst:490
+#: ../../configuration/service/https.rst:18
+msgid "Only allow certain IP addresses or prefixes to access the https webserver."
+msgstr "Only allow certain IP addresses or prefixes to access the https webserver."
+
+#: ../../configuration/firewall/ipv4.rst:459
+#: ../../configuration/firewall/ipv6.rst:466
msgid "Only in the source criteria, you can specify a mac-address."
msgstr "Only in the source criteria, you can specify a mac-address."
@@ -9672,22 +9010,7 @@ msgstr "Only in the source criteria, you can specify a mac-address."
msgid "Only one SRGB and default SPF Algorithm is supported"
msgstr "Only one SRGB and default SPF Algorithm is supported"
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
-#: ../../_include/interface-dhcp-options.txt:43
+#: ../../_include/interface-dhcp-options.txt:48
msgid "Only request an address from the DHCP server but do not request a default gateway."
msgstr "Only request an address from the DHCP server but do not request a default gateway."
@@ -9703,6 +9026,10 @@ msgstr "Only request an address from the SSTP server but do not install any defa
msgid "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the key will usually be several hundred characters long, and you will need to copy and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference."
+#: ../../configuration/interfaces/vxlan.rst:96
+msgid "Only works with a VXLAN device with external flag set."
+msgstr "Only works with a VXLAN device with external flag set."
+
#: ../../configuration/highavailability/index.rst:457
msgid "Op-mode check virtual-server status"
msgstr "Op-mode check virtual-server status"
@@ -9715,15 +9042,15 @@ msgstr "OpenConnect"
msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol."
-#: ../../configuration/vpn/openconnect.rst:274
+#: ../../configuration/vpn/openconnect.rst:281
msgid "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
msgstr "OpenConnect can be configured to send accounting information to a RADIUS server to capture user session data such as time of connect/disconnect, data transferred, and so on."
-#: ../../configuration/vpn/openconnect.rst:267
+#: ../../configuration/vpn/openconnect.rst:274
msgid "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
msgstr "OpenConnect server matches the filename in a case sensitive manner, make sure the username/group name you configure matches the filename exactly."
-#: ../../configuration/vpn/openconnect.rst:228
+#: ../../configuration/vpn/openconnect.rst:235
msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users."
@@ -9778,27 +9105,34 @@ msgstr "Operating Modes"
#: ../../configuration/interfaces/virtual-ethernet.rst:55
#: ../../configuration/interfaces/wireless.rst:416
#: ../../configuration/interfaces/wwan.rst:79
-#: ../../configuration/pki/index.rst:252
-#: ../../configuration/protocols/igmp.rst:245
+#: ../../configuration/pki/index.rst:290
+#: ../../configuration/protocols/igmp-proxy.rst:73
#: ../../configuration/protocols/static.rst:183
#: ../../configuration/service/conntrack-sync.rst:103
#: ../../configuration/service/console-server.rst:76
#: ../../configuration/service/dhcp-relay.rst:124
-#: ../../configuration/service/dhcp-relay.rst:199
-#: ../../configuration/service/dns.rst:182
+#: ../../configuration/service/dhcp-relay.rst:201
+#: ../../configuration/service/dns.rst:195
#: ../../configuration/service/lldp.rst:71
+#: ../../configuration/service/mdns.rst:79
#: ../../configuration/service/ssh.rst:145
#: ../../configuration/service/webproxy.rst:330
#: ../../configuration/system/default-route.rst:25
#: ../../configuration/system/flow-accounting.rst:175
#: ../../configuration/vrf/index.rst:111
-#: ../../configuration/vrf/index.rst:321
-#: ../../configuration/vrf/index.rst:501
+#: ../../configuration/vrf/index.rst:323
+#: ../../configuration/vrf/index.rst:503
msgid "Operation"
msgstr "Operation"
-#: ../../configuration/firewall/general.rst:1307
-#: ../../configuration/firewall/general-legacy.rst:778
+#: ../../configuration/firewall/groups.rst:186
+#: ../../configuration/firewall/zone.rst:128
+msgid "Operation-mode"
+msgstr "Operation-mode"
+
+#: ../../configuration/firewall/bridge.rst:284
+#: ../../configuration/firewall/ipv4.rst:954
+#: ../../configuration/firewall/ipv6.rst:962
msgid "Operation-mode Firewall"
msgstr "Operation-mode Firewall"
@@ -9806,8 +9140,8 @@ msgstr "Operation-mode Firewall"
msgid "Operation Commands"
msgstr "Operation Commands"
-#: ../../configuration/service/dhcp-server.rst:512
-#: ../../configuration/service/dhcp-server.rst:732
+#: ../../configuration/service/dhcp-server.rst:412
+#: ../../configuration/service/dhcp-server.rst:664
#: ../../configuration/system/acceleration.rst:42
msgid "Operation Mode"
msgstr "Operation Mode"
@@ -9825,7 +9159,7 @@ msgstr "Operational Commands"
#: ../../configuration/protocols/bgp.rst:950
#: ../../configuration/protocols/mpls.rst:218
#: ../../configuration/protocols/ospf.rst:609
-#: ../../configuration/protocols/ospf.rst:1266
+#: ../../configuration/protocols/ospf.rst:1268
#: ../../configuration/protocols/rip.rst:193
msgid "Operational Mode Commands"
msgstr "Operational Mode Commands"
@@ -9843,11 +9177,11 @@ msgstr "Option"
msgid "Option 43 for UniFI"
msgstr "Option 43 for UniFI"
-#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:234
msgid "Option description"
msgstr "Option description"
-#: ../../configuration/service/dhcp-server.rst:265
+#: ../../configuration/service/dhcp-server.rst:232
msgid "Option number"
msgstr "Option number"
@@ -9886,15 +9220,19 @@ msgstr "Optional/default settings"
msgid "Optional Configuration"
msgstr "Optional Configuration"
+#: ../../configuration/protocols/pim.rst:123
+msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens."
+
#: ../../configuration/container/index.rst:47
msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix."
#: ../../configuration/interfaces/openvpn.rst:631
#: ../../configuration/service/dhcp-relay.rst:53
-#: ../../configuration/service/dhcp-relay.rst:158
-#: ../../configuration/service/dhcp-server.rst:257
-#: ../../configuration/vpn/sstp.rst:219
+#: ../../configuration/service/dhcp-relay.rst:160
+#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/vpn/sstp.rst:230
msgid "Options"
msgstr "Options"
@@ -9918,11 +9256,11 @@ msgstr "Or **binary** prefixes."
msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied."
-#: ../../configuration/service/pppoe-server.rst:251
+#: ../../configuration/service/pppoe-server.rst:238
msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*."
-#: ../../configuration/nat/nat44.rst:512
+#: ../../configuration/nat/nat44.rst:532
msgid "Our configuration commands would be:"
msgstr "Our configuration commands would be:"
@@ -9962,9 +9300,14 @@ msgstr "Over UDP"
msgid "Override static-mapping's name-server with a custom one that will be sent only to this host."
msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host."
-#: ../../configuration/firewall/general.rst:11
-#: ../../configuration/firewall/general-legacy.rst:15
+#: ../../configuration/firewall/bridge.rst:13
+#: ../../configuration/firewall/flowtables.rst:13
+#: ../../configuration/firewall/global-options.rst:11
+#: ../../configuration/firewall/ipv4.rst:11
+#: ../../configuration/firewall/ipv6.rst:11
+#: ../../configuration/firewall/zone.rst:11
#: ../../configuration/nat/nat44.rst:68
+#: ../../configuration/nat/nat64.rst:18
#: ../../configuration/nat/nat66.rst:15
msgid "Overview"
msgstr "Overview"
@@ -9973,8 +9316,8 @@ msgstr "Overview"
msgid "Overview and basic concepts"
msgstr "Overview and basic concepts"
-#: ../../configuration/firewall/general.rst:1461
-#: ../../configuration/firewall/general-legacy.rst:908
+#: ../../configuration/firewall/groups.rst:190
+#: ../../configuration/firewall/ipv6.rst:1117
msgid "Overview of defined groups. You see the type, the members, and where the group is used."
msgstr "Overview of defined groups. You see the type, the members, and where the group is used."
@@ -9994,14 +9337,22 @@ msgstr "PC2 is in VRF ``blue`` which is the development department"
msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department."
-#: ../../configuration/interfaces/vxlan.rst:109
+#: ../../configuration/interfaces/vxlan.rst:130
msgid "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
msgstr "PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain."
-#: ../../configuration/interfaces/vxlan.rst:120
+#: ../../configuration/interfaces/vxlan.rst:141
msgid "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
msgstr "PC5 receives the ping echo, responds with an echo reply that Leaf3 receives and this time forwards to Leaf2's unicast address directly because it learned the location of PC4 above. When Leaf2 receives the echo reply from PC5 it sees that it came from Leaf3 and so remembers that PC5 is reachable via Leaf3."
+#: ../../configuration/protocols/pim.rst:31
+msgid "PIM-SM - PIM Sparse Mode"
+msgstr "PIM-SM - PIM Sparse Mode"
+
+#: ../../configuration/protocols/pim6.rst:5
+msgid "PIM6 - Protocol Independent Multicast for IPv6"
+msgstr "PIM6 - Protocol Independent Multicast for IPv6"
+
#: ../../configuration/protocols/igmp.rst:16
msgid "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIM (Protocol Independent Multicast) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10010,6 +9361,10 @@ msgstr "PIM (Protocol Independent Multicast) must be configured in every interfa
msgid "PIM and IGMP"
msgstr "PIM and IGMP"
+#: ../../configuration/protocols/pim.rst:7
+msgid "PIM – Protocol Independent Multicast"
+msgstr "PIM – Protocol Independent Multicast"
+
#: ../../configuration/protocols/pim6.rst:9
msgid "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
@@ -10022,7 +9377,7 @@ msgstr "PKI"
msgid "PPDU"
msgstr "PPDU"
-#: ../../configuration/vpn/sstp.rst:163
+#: ../../configuration/vpn/sstp.rst:174
msgid "PPP Settings"
msgstr "PPP Settings"
@@ -10054,11 +9409,11 @@ msgstr "Particularly large networks may wish to run their own RPKI certificate a
msgid "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
msgstr "Path `<cost>` value for Spanning Tree Protocol. Each interface in a bridge could have a different speed and this value is used when deciding which link to use. Faster interfaces should have lower costs."
-#: ../../configuration/vpn/sstp.rst:155
+#: ../../configuration/vpn/sstp.rst:166
msgid "Path to `<file>` pointing to the certificate authority certificate."
msgstr "Path to `<file>` pointing to the certificate authority certificate."
-#: ../../configuration/vpn/sstp.rst:159
+#: ../../configuration/vpn/sstp.rst:170
msgid "Path to `<file>` pointing to the servers certificate (public portion)."
msgstr "Path to `<file>` pointing to the servers certificate (public portion)."
@@ -10102,7 +9457,7 @@ msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and
msgid "Per default every packet is sampled (that is, the sampling rate is 1)."
msgstr "Per default every packet is sampled (that is, the sampling rate is 1)."
-#: ../../configuration/service/pppoe-server.rst:336
+#: ../../configuration/service/pppoe-server.rst:323
msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again."
@@ -10127,29 +9482,6 @@ msgid "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` wi
msgstr "Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will show you the content is encrypted."
#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
-#: ../../_include/interface-vrf.txt:4
msgid "Place interface in given VRF instance."
msgstr "Place interface in given VRF instance."
@@ -10157,6 +9489,14 @@ msgstr "Place interface in given VRF instance."
msgid "Play an audible beep to the system speaker when system is ready."
msgstr "Play an audible beep to the system speaker when system is ready."
+#: ../../configuration/firewall/index.rst:137
+msgid "Please, refer to appropiate section for more information about firewall configuration:"
+msgstr "Please, refer to appropiate section for more information about firewall configuration:"
+
+#: ../../configuration/firewall/index.rst:138
+msgid "Please, refer to appropriate section for more information about firewall configuration:"
+msgstr "Please, refer to appropriate section for more information about firewall configuration:"
+
#: ../../configuration/service/ipoe-server.rst:23
msgid "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
msgstr "Please be aware, due to an upstream bug, config changes/commits will restart the ppp daemon and will reset existing IPoE sessions, in order to become effective."
@@ -10173,24 +9513,11 @@ msgstr "Please refer to the :ref:`ipsec` documentation for the individual IPSec
msgid "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
msgstr "Please refer to the :ref:`tunnel-interface` documentation for the individual tunnel related options."
-#: ../../configuration/service/dhcp-server.rst:423
+#: ../../configuration/service/dhcp-server.rst:364
msgid "Please see the :ref:`dhcp-dns-quick-start` configuration."
msgstr "Please see the :ref:`dhcp-dns-quick-start` configuration."
#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
-#: ../../_include/need_improvement.txt:13
msgid "Please take a look at the Contributing Guide for our :ref:`documentation`."
msgstr "Please take a look at the Contributing Guide for our :ref:`documentation`."
@@ -10230,12 +9557,11 @@ msgstr "Policy Sections"
msgid "Policy for checking targets"
msgstr "Policy for checking targets"
-#: ../../configuration/system/conntrack.rst:152
+#: ../../configuration/system/conntrack.rst:57
msgid "Policy to track previously established connections."
msgstr "Policy to track previously established connections."
-#: ../../configuration/firewall/general.rst:257
-#: ../../configuration/firewall/general-legacy.rst:215
+#: ../../configuration/firewall/groups.rst:84
msgid "Port Groups"
msgstr "Port Groups"
@@ -10245,7 +9571,7 @@ msgstr "Port Groups"
msgid "Port Mirror (SPAN)"
msgstr "Port Mirror (SPAN)"
-#: ../../configuration/vpn/sstp.rst:231
+#: ../../configuration/vpn/sstp.rst:242
msgid "Port for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Port for Dynamic Authorization Extension server (DM/CoA)"
@@ -10261,16 +9587,11 @@ msgstr "Port number used by connection, default is ``9273``"
msgid "Port number used by connection."
msgstr "Port number used by connection."
-#: ../../configuration/service/https.rst:46
+#: ../../configuration/service/https.rst:37
msgid "Port to listen for HTTPS requests; default 443"
msgstr "Port to listen for HTTPS requests; default 443"
#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
-#: ../../_include/interface-vlan-8021q.txt:9
msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
@@ -10335,7 +9656,7 @@ msgstr "Preference associated with the default router"
msgid "Prefix Conversion"
msgstr "Prefix Conversion"
-#: ../../configuration/service/dhcp-server.rst:634
+#: ../../configuration/service/dhcp-server.rst:564
msgid "Prefix Delegation"
msgstr "Prefix Delegation"
@@ -10387,11 +9708,11 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's
msgid "Principle of SNMP Communication"
msgstr "Principle of SNMP Communication"
-#: ../../configuration/vrf/index.rst:530
+#: ../../configuration/vrf/index.rst:532
msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination."
msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination."
-#: ../../configuration/vrf/index.rst:509
+#: ../../configuration/vrf/index.rst:511
msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI."
@@ -10409,25 +9730,6 @@ msgid "Priority Queue, as other non-shaping policies, is only useful if your out
msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP."
#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
-#: ../../_include/interface-ip.txt:153
msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)."
@@ -10455,8 +9757,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp."
msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled."
-#: ../../configuration/firewall/general.rst:212
-#: ../../configuration/firewall/general-legacy.rst:188
+#: ../../configuration/firewall/groups.rst:39
msgid "Provide a IPv4 or IPv6 address group description"
msgstr "Provide a IPv4 or IPv6 address group description"
@@ -10464,39 +9765,43 @@ msgstr "Provide a IPv4 or IPv6 address group description"
msgid "Provide a IPv4 or IPv6 network group description."
msgstr "Provide a IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:515
-#: ../../configuration/firewall/general-legacy.rst:334
+#: ../../configuration/firewall/ipv4.rst:285
+#: ../../configuration/firewall/ipv6.rst:285
#: ../../configuration/policy/route.rst:30
msgid "Provide a description for each rule."
msgstr "Provide a description for each rule."
-#: ../../configuration/firewall/general.rst:314
+#: ../../configuration/firewall/flowtables.rst:75
+msgid "Provide a description to the flow table."
+msgstr "Provide a description to the flow table."
+
+#: ../../configuration/firewall/groups.rst:141
msgid "Provide a domain group description."
msgstr "Provide a domain group description."
-#: ../../configuration/firewall/general.rst:297
+#: ../../configuration/firewall/groups.rst:124
msgid "Provide a mac group description."
msgstr "Provide a mac group description."
-#: ../../configuration/firewall/general.rst:279
-#: ../../configuration/firewall/general-legacy.rst:237
+#: ../../configuration/firewall/groups.rst:106
msgid "Provide a port group description."
msgstr "Provide a port group description."
-#: ../../configuration/firewall/general-legacy.rst:281
#: ../../configuration/policy/route.rst:20
msgid "Provide a rule-set description."
msgstr "Provide a rule-set description."
-#: ../../configuration/firewall/general.rst:503
+#: ../../configuration/firewall/bridge.rst:205
+#: ../../configuration/firewall/ipv4.rst:275
+#: ../../configuration/firewall/ipv6.rst:275
msgid "Provide a rule-set description to a custom firewall chain."
msgstr "Provide a rule-set description to a custom firewall chain."
-#: ../../configuration/firewall/general.rst:236
+#: ../../configuration/firewall/groups.rst:63
msgid "Provide an IPv4 or IPv6 network group description."
msgstr "Provide an IPv4 or IPv6 network group description."
-#: ../../configuration/firewall/general.rst:254
+#: ../../configuration/firewall/groups.rst:81
msgid "Provide an interface group description"
msgstr "Provide an interface group description"
@@ -10509,7 +9814,6 @@ msgid "Provides a backbone area coherence by virtual link establishment."
msgstr "Provides a backbone area coherence by virtual link establishment."
#: ../../_include/interface-per-client-thread.txt:4
-#: ../../_include/interface-per-client-thread.txt:4
msgid "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
msgstr "Provides a per-device control to enable/disable the threaded mode for all the NAPI instances of the given network device, without the need for a device up/down."
@@ -10584,7 +9888,7 @@ msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64"
msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64"
#: ../../configuration/system/login.rst:234
-#: ../../configuration/vpn/sstp.rst:196
+#: ../../configuration/vpn/sstp.rst:207
msgid "RADIUS"
msgstr "RADIUS"
@@ -10604,7 +9908,7 @@ msgstr "RADIUS authentication"
msgid "RADIUS bandwidth shaping attribute"
msgstr "RADIUS bandwidth shaping attribute"
-#: ../../configuration/service/pppoe-server.rst:125
+#: ../../configuration/service/pppoe-server.rst:112
msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address."
@@ -10624,7 +9928,7 @@ msgstr "RADIUS source address"
msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned."
-#: ../../configuration/service/dhcp-server.rst:289
+#: ../../configuration/service/dhcp-server.rst:256
msgid "RFC 868 time server IPv4 address"
msgstr "RFC 868 time server IPv4 address"
@@ -10740,11 +10044,11 @@ msgstr "Recommended for larger installations."
msgid "Redirect HTTP to HTTPS"
msgstr "Redirect HTTP to HTTPS"
-#: ../../configuration/nat/nat44.rst:417
+#: ../../configuration/nat/nat44.rst:431
msgid "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network via :ref:`destination-nat` in rule 110 to the internal, private host 192.0.2.40. We also need a :ref:`source-nat` rule 110 for the reverse path of the traffic. The internal network 192.0.2.0/24 is reachable via interface `eth0.10`."
-#: ../../configuration/nat/nat44.rst:413
+#: ../../configuration/nat/nat44.rst:427
msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40."
@@ -10755,7 +10059,7 @@ msgstr "Redirect URL to a new location"
#: ../../configuration/protocols/babel.rst:154
#: ../../configuration/protocols/bgp.rst:557
#: ../../configuration/protocols/ospf.rst:564
-#: ../../configuration/protocols/ospf.rst:1249
+#: ../../configuration/protocols/ospf.rst:1251
#: ../../configuration/protocols/rip.rst:136
msgid "Redistribution Configuration"
msgstr "Redistribution Configuration"
@@ -10764,7 +10068,7 @@ msgstr "Redistribution Configuration"
msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites."
-#: ../../configuration/service/dns.rst:265
+#: ../../configuration/service/dns.rst:278
msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``"
@@ -10790,22 +10094,7 @@ msgstr "Regular expression to match against an AS path. For example \"64501 6450
msgid "Regular expression to match against an extended community list, where text could be:"
msgstr "Regular expression to match against an extended community list, where text could be:"
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
-#: ../../_include/interface-dhcp-options.txt:66
+#: ../../_include/interface-dhcp-options.txt:71
msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting."
@@ -10858,7 +10147,7 @@ msgstr "Remote ``InfluxDB`` bucket name"
msgid "Remote database name."
msgstr "Remote database name."
-#: ../../configuration/service/dhcp-server.rst:182
+#: ../../configuration/service/dhcp-server.rst:147
msgid "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
msgstr "Remote peer IP `<address>` of the second DHCP server in this failover cluster."
@@ -10883,25 +10172,10 @@ msgid "Replay protection"
msgstr "Replay protection"
#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
-#: ../../_include/interface-dhcpv6-options.txt:50
msgid "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
msgstr "Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership."
-#: ../../configuration/service/dhcp-relay.rst:175
+#: ../../configuration/service/dhcp-relay.rst:177
msgid "Requests are forwarded through ``eth2`` as the `upstream interface`"
msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`"
@@ -10917,11 +10191,12 @@ msgstr "Requirements"
msgid "Requirements:"
msgstr "Requirements:"
-#: ../../configuration/firewall/general.rst:1279
+#: ../../configuration/firewall/ipv4.rst:926
+#: ../../configuration/firewall/ipv6.rst:935
msgid "Requirements to enable synproxy:"
msgstr "Requirements to enable synproxy:"
-#: ../../configuration/protocols/bgp.rst:1063
+#: ../../configuration/protocols/bgp.rst:1064
#: ../../configuration/protocols/mpls.rst:248
msgid "Reset"
msgstr "Reset"
@@ -10930,11 +10205,11 @@ msgstr "Reset"
msgid "Reset OpenVPN"
msgstr "Reset OpenVPN"
-#: ../../configuration/system/ipv6.rst:176
+#: ../../configuration/system/ipv6.rst:150
msgid "Reset commands"
msgstr "Reset commands"
-#: ../../configuration/service/dns.rst:186
+#: ../../configuration/service/dns.rst:199
msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain."
@@ -10946,7 +10221,7 @@ msgstr "Restart"
msgid "Restart DHCP relay service"
msgstr "Restart DHCP relay service"
-#: ../../configuration/service/dhcp-relay.rst:203
+#: ../../configuration/service/dhcp-relay.rst:205
msgid "Restart DHCPv6 relay agent immediately."
msgstr "Restart DHCPv6 relay agent immediately."
@@ -10954,11 +10229,15 @@ msgstr "Restart DHCPv6 relay agent immediately."
msgid "Restart a given container"
msgstr "Restart a given container"
-#: ../../configuration/service/dhcp-server.rst:528
+#: ../../configuration/service/mdns.rst:83
+msgid "Restart mDNS repeater service."
+msgstr "Restart mDNS repeater service."
+
+#: ../../configuration/service/dhcp-server.rst:428
msgid "Restart the DHCP server"
msgstr "Restart the DHCP server"
-#: ../../configuration/protocols/igmp.rst:249
+#: ../../configuration/protocols/igmp-proxy.rst:77
msgid "Restart the IGMP proxy process."
msgstr "Restart the IGMP proxy process."
@@ -10966,7 +10245,7 @@ msgstr "Restart the IGMP proxy process."
msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted."
-#: ../../configuration/service/dns.rst:191
+#: ../../configuration/service/dns.rst:204
msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache."
@@ -11012,7 +10291,7 @@ msgstr "Route Aggregation Configuration"
msgid "Route Dampening"
msgstr "Route Dampening"
-#: ../../configuration/protocols/bgp.rst:1188
+#: ../../configuration/protocols/bgp.rst:1189
msgid "Route Filtering"
msgstr "Route Filtering"
@@ -11052,7 +10331,7 @@ msgstr "Route and Route6 Policy"
msgid "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
msgstr "Route dampening wich described in :rfc:`2439` enables you to identify routes that repeatedly fail and return. If route dampening is enabled, an unstable route accumulates penalties each time the route fails and returns. If the accumulated penalties exceed a threshold, the route is no longer advertised. This is route suppression. Routes that have been suppressed are re-entered into the routing table only when the amount of their penalty falls below a threshold."
-#: ../../configuration/protocols/bgp.rst:1190
+#: ../../configuration/protocols/bgp.rst:1191
msgid "Route filter can be applied using a route-map:"
msgstr "Route filter can be applied using a route-map:"
@@ -11084,11 +10363,11 @@ msgstr "Router Lifetime"
msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``."
-#: ../../configuration/vrf/index.rst:423
+#: ../../configuration/vrf/index.rst:425
msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:"
-#: ../../configuration/protocols/isis.rst:413
+#: ../../configuration/protocols/isis.rst:441
msgid "Routes on Node 2:"
msgstr "Routes on Node 2:"
@@ -11120,13 +10399,13 @@ msgstr "Routing"
msgid "Routing tables that will be used in this example are:"
msgstr "Routing tables that will be used in this example are:"
-#: ../../configuration/firewall/general-legacy.rst:270
#: ../../configuration/policy/route.rst:10
msgid "Rule-Sets"
msgstr "Rule-Sets"
-#: ../../configuration/firewall/general.rst:1310
-#: ../../configuration/firewall/general-legacy.rst:781
+#: ../../configuration/firewall/bridge.rst:287
+#: ../../configuration/firewall/ipv4.rst:957
+#: ../../configuration/firewall/ipv6.rst:965
msgid "Rule-set overview"
msgstr "Rule-set overview"
@@ -11138,6 +10417,10 @@ msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forw
msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``."
+#: ../../configuration/firewall/flowtables.rst:151
+msgid "Rule 110 is hit, so connection is accepted."
+msgstr "Rule 110 is hit, so connection is accepted."
+
#: ../../configuration/loadbalancing/reverse-proxy.rst:257
msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``."
@@ -11146,7 +10429,9 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat
msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"
-#: ../../configuration/firewall/general.rst:519
+#: ../../configuration/firewall/bridge.rst:208
+#: ../../configuration/firewall/ipv4.rst:288
+#: ../../configuration/firewall/ipv6.rst:288
msgid "Rule Status"
msgstr "Rule Status"
@@ -11162,7 +10447,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba
msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`."
-#: ../../configuration/service/dns.rst:378
+#: ../../configuration/service/dns.rst:391
msgid "Running Behind NAT"
msgstr "Running Behind NAT"
@@ -11170,6 +10455,10 @@ msgstr "Running Behind NAT"
msgid "SNAT"
msgstr "SNAT"
+#: ../../configuration/nat/nat64.rst:26
+msgid "SNAT64"
+msgstr "SNAT64"
+
#: ../../configuration/nat/nat66.rst:23
msgid "SNAT66"
msgstr "SNAT66"
@@ -11219,8 +10508,6 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se
msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used."
#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
-#: ../../_include/interface-mirror.txt:1
msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance."
@@ -11258,7 +10545,7 @@ msgid "SSID to be used in IEEE 802.11 management frames"
msgstr "SSID to be used in IEEE 802.11 management frames"
#: ../../configuration/vpn/openconnect.rst:24
-#: ../../configuration/vpn/sstp.rst:151
+#: ../../configuration/vpn/sstp.rst:162
msgid "SSL Certificates"
msgstr "SSL Certificates"
@@ -11306,7 +10593,7 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut
msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only."
-#: ../../configuration/interfaces/vxlan.rst:153
+#: ../../configuration/interfaces/vxlan.rst:174
msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below."
msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below."
@@ -11326,11 +10613,11 @@ msgstr "Script execution"
msgid "Scripting"
msgstr "Scripting"
-#: ../../configuration/nat/nat44.rst:652
+#: ../../configuration/nat/nat44.rst:676
msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly."
-#: ../../configuration/vpn/sstp.rst:235
+#: ../../configuration/vpn/sstp.rst:246
msgid "Secret for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)"
@@ -11343,6 +10630,10 @@ msgstr "Security"
msgid "Security/authentication messages"
msgstr "Security/authentication messages"
+#: ../../configuration/protocols/pim.rst:109
+msgid "See :rfc:`7761#section-4.1` for details."
+msgstr "See :rfc:`7761#section-4.1` for details."
+
#: ../../configuration/system/ip.rst:52
msgid "See below the different parameters available for the IPv4 **show** command:"
msgstr "See below the different parameters available for the IPv4 **show** command:"
@@ -11371,11 +10662,15 @@ msgstr "Segment routing (SR) is used by the IGP protocols to interconnect networ
msgid "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
msgstr "Segment routing defines a control plane network architecture and can be applied to an existing MPLS based dataplane. In the MPLS networks, segments are encoded as MPLS labels and are imposed at the ingress router. MPLS labels are exchanged and populated by IGPs like IS-IS.Segment Routing as per RFC8667 for MPLS dataplane. It supports IPv4, IPv6 and ECMP and has been tested against Cisco & Juniper routers.however,this deployment is still EXPERIMENTAL for FRR."
+#: ../../configuration/service/https.rst:50
+msgid "Select TLS version used."
+msgstr "Select TLS version used."
+
#: ../../configuration/interfaces/macsec.rst:34
msgid "Select cipher suite used for cryptographic operations. This setting is mandatory."
msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory."
-#: ../../configuration/vrf/index.rst:466
+#: ../../configuration/vrf/index.rst:468
msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop."
@@ -11408,7 +10703,7 @@ msgid "Serial interfaces can be any interface which is directly connected to the
msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)."
#: ../../configuration/interfaces/openvpn.rst:325
-#: ../../configuration/vpn/sstp.rst:199
+#: ../../configuration/vpn/sstp.rst:210
msgid "Server"
msgstr "Server"
@@ -11432,7 +10727,7 @@ msgstr "Server Side"
msgid "Server configuration"
msgstr "Server configuration"
-#: ../../configuration/service/https.rst:50
+#: ../../configuration/service/https.rst:41
msgid "Server names for virtual hosts it can be exact, wildcard or regex."
msgstr "Server names for virtual hosts it can be exact, wildcard or regex."
@@ -11457,19 +10752,19 @@ msgstr "Set BGP community-list to exactly match."
msgid "Set BGP local preference attribute."
msgstr "Set BGP local preference attribute."
-#: ../../configuration/policy/route-map.rst:334
+#: ../../configuration/policy/route-map.rst:336
msgid "Set BGP origin code."
msgstr "Set BGP origin code."
-#: ../../configuration/policy/route-map.rst:339
+#: ../../configuration/policy/route-map.rst:341
msgid "Set BGP originator ID attribute."
msgstr "Set BGP originator ID attribute."
-#: ../../configuration/policy/route-map.rst:357
+#: ../../configuration/policy/route-map.rst:359
msgid "Set BGP weight attribute"
msgstr "Set BGP weight attribute"
-#: ../../configuration/nat/nat44.rst:176
+#: ../../configuration/nat/nat44.rst:188
msgid "Set DNAT rule 20 to only NAT UDP packets"
msgstr "Set DNAT rule 20 to only NAT UDP packets"
@@ -11481,19 +10776,19 @@ msgstr "Set IPSec inbound match criterias, where:"
msgid "Set IP fragment match, where:"
msgstr "Set IP fragment match, where:"
-#: ../../configuration/policy/route-map.rst:329
+#: ../../configuration/policy/route-map.rst:331
msgid "Set OSPF external metric-type."
msgstr "Set OSPF external metric-type."
-#: ../../configuration/nat/nat44.rst:175
+#: ../../configuration/nat/nat44.rst:187
msgid "Set SNAT rule 20 to only NAT TCP and UDP packets"
msgstr "Set SNAT rule 20 to only NAT TCP and UDP packets"
-#: ../../configuration/nat/nat44.rst:189
+#: ../../configuration/nat/nat44.rst:201
msgid "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
msgstr "Set SNAT rule 20 to only NAT packets arriving from the 192.0.2.0/24 network"
-#: ../../configuration/nat/nat44.rst:191
+#: ../../configuration/nat/nat44.rst:203
msgid "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 network with a source port of 80 and 443"
@@ -11501,11 +10796,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne
msgid "Set SSL certeficate <name> for service <name>"
msgstr "Set SSL certeficate <name> for service <name>"
-#: ../../configuration/firewall/general.rst:1271
+#: ../../configuration/firewall/ipv4.rst:918
+#: ../../configuration/firewall/ipv6.rst:927
msgid "Set TCP-MSS (maximum segment size) for the connection"
msgstr "Set TCP-MSS (maximum segment size) for the connection"
-#: ../../configuration/service/dns.rst:267
+#: ../../configuration/service/dns.rst:280
msgid "Set TTL to 300 seconds"
msgstr "Set TTL to 300 seconds"
@@ -11517,51 +10813,31 @@ msgstr "Set Virtual Tunnel Interface"
msgid "Set a container description"
msgstr "Set a container description"
-#: ../../configuration/system/conntrack.rst:114
+#: ../../configuration/system/conntrack.rst:113
+msgid "Set a destination and/or source address. Accepted input for ipv4:"
+msgstr "Set a destination and/or source address. Accepted input for ipv4:"
+
+#: ../../configuration/system/conntrack.rst:142
msgid "Set a destination and/or source port. Accepted input:"
msgstr "Set a destination and/or source port. Accepted input:"
#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
-#: ../../_include/interface-description.txt:4
msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools."
-#: ../../configuration/system/login.rst:385
+#: ../../configuration/system/login.rst:387
msgid "Set a limit on the maximum number of concurrent logged-in users on the system."
msgstr "Set a limit on the maximum number of concurrent logged-in users on the system."
-#: ../../configuration/firewall/zone.rst:79
+#: ../../configuration/firewall/zone.rst:98
msgid "Set a meaningful description."
msgstr "Set a meaningful description."
-#: ../../configuration/service/https.rst:18
+#: ../../configuration/service/https.rst:63
msgid "Set a named api key. Every key has the same, full permissions on the system."
msgstr "Set a named api key. Every key has the same, full permissions on the system."
-#: ../../configuration/system/conntrack.rst:92
+#: ../../configuration/system/conntrack.rst:106
msgid "Set a rule description."
msgstr "Set a rule description."
@@ -11693,7 +10969,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa
msgid "Set inbound interface to match."
msgstr "Set inbound interface to match."
-#: ../../configuration/firewall/zone.rst:65
+#: ../../configuration/firewall/zone.rst:84
msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone."
@@ -11737,7 +11013,7 @@ msgstr "Set maximum `<size>` of DHCP packets including relay agent information.
msgid "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
msgstr "Set maximum average matching rate. Format for rate: integer/time_unit, where time_unit could be any one of second, minute, hour or day.For example 1/second implies rule to be matched at an average of once per second."
-#: ../../configuration/service/dhcp-relay.rst:162
+#: ../../configuration/service/dhcp-relay.rst:164
msgid "Set maximum hop count before packets are discarded, default: 10"
msgstr "Set maximum hop count before packets are discarded, default: 10"
@@ -11779,7 +11055,7 @@ msgstr "Set packet modifications: Packet Differentiated Services Codepoint (DSCP
msgid "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
msgstr "Set parameters for matching recently seen sources. This match could be used by seeting count (source address seen more than <1-255> times) and/or time (source address seen in the last <0-4294967295> seconds)."
-#: ../../configuration/policy/route-map.rst:348
+#: ../../configuration/policy/route-map.rst:350
msgid "Set prefixes to table."
msgstr "Set prefixes to table."
@@ -11820,7 +11096,7 @@ msgstr "Set some metric to routes learned from a particular neighbor."
msgid "Set source-address to your local IP (LAN)."
msgstr "Set source-address to your local IP (LAN)."
-#: ../../configuration/policy/route-map.rst:344
+#: ../../configuration/policy/route-map.rst:346
msgid "Set source IP/IPv6 address for route."
msgstr "Set source IP/IPv6 address for route."
@@ -11829,7 +11105,7 @@ msgstr "Set source IP/IPv6 address for route."
msgid "Set source address or prefix to match."
msgstr "Set source address or prefix to match."
-#: ../../configuration/policy/route-map.rst:352
+#: ../../configuration/policy/route-map.rst:354
msgid "Set tag value for routing protocol."
msgstr "Set tag value for routing protocol."
@@ -11850,8 +11126,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel."
msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address."
-#: ../../configuration/firewall/general.rst:162
-#: ../../configuration/firewall/general-legacy.rst:112
+#: ../../configuration/firewall/global-options.rst:99
msgid "Set the IPv4 source validation mode. The following system parameter will be altered:"
msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:"
@@ -11876,6 +11151,10 @@ msgstr "Set the MLD version used on this interface. The default value is 2."
msgid "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
msgstr "Set the Maximum Stack Depth supported by the router. The value depend of the MPLS dataplane."
+#: ../../configuration/protocols/pim.rst:153
+msgid "Set the PIM hello and hold interval for a interface."
+msgstr "Set the PIM hello and hold interval for a interface."
+
#: ../../configuration/protocols/segment-routing.rst:56
#: ../../configuration/protocols/segment-routing.rst:134
msgid "Set the Segment Routing Global Block i.e. the label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535."
@@ -11896,6 +11175,10 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to
msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both."
+#: ../../configuration/protocols/pim.rst:147
+msgid "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This command is useful to allow the user to influence what node becomes the DR for a LAN segment."
+
#: ../../configuration/interfaces/pppoe.rst:148
msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384."
@@ -11920,22 +11203,7 @@ msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instan
msgid "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
msgstr "Set the device's transmit (TX) key. This key must be a hex string that is 16-bytes (GCM-AES-128) or 32-bytes (GCM-AES-256)."
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
-#: ../../_include/interface-dhcp-options.txt:55
+#: ../../_include/interface-dhcp-options.txt:60
msgid "Set the distance for the default gateway sent by the DHCP server."
msgstr "Set the distance for the default gateway sent by the DHCP server."
@@ -11951,15 +11219,15 @@ msgstr "Set the distance for the default gateway sent by the SSTP server."
msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip."
-#: ../../configuration/firewall/general-legacy.rst:136
+#: ../../configuration/firewall/global-options.rst:127
msgid "Set the global setting for an established connection."
msgstr "Set the global setting for an established connection."
-#: ../../configuration/firewall/general-legacy.rst:142
+#: ../../configuration/firewall/global-options.rst:137
msgid "Set the global setting for invalid packets."
msgstr "Set the global setting for invalid packets."
-#: ../../configuration/firewall/general-legacy.rst:148
+#: ../../configuration/firewall/global-options.rst:147
msgid "Set the global setting for related connections."
msgstr "Set the global setting for related connections."
@@ -11975,7 +11243,7 @@ msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...25
msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive"
-#: ../../configuration/system/conntrack.rst:147
+#: ../../configuration/system/conntrack.rst:52
msgid "Set the maximum number of TCP half-open connections."
msgstr "Set the maximum number of TCP half-open connections."
@@ -11995,7 +11263,7 @@ msgstr "Set the native VLAN ID flag of the interface. When a data packet without
msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value"
msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value"
-#: ../../configuration/system/conntrack.rst:157
+#: ../../configuration/system/conntrack.rst:62
msgid "Set the number of TCP maximum retransmit attempts."
msgstr "Set the number of TCP maximum retransmit attempts."
@@ -12027,6 +11295,10 @@ msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the
msgid "Set the restart behavior of the container."
msgstr "Set the restart behavior of the container."
+#: ../../configuration/policy/route-map.rst:323
+msgid "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a specific value. Use ``+/-`` to add or subtract the specified value to/from the existing/MED. Use ``rtt`` to set the MED to the round trip time or ``+rtt/-rtt`` to add/subtract the round trip time to/from the MED."
+
#: ../../configuration/policy/route.rst:269
msgid "Set the routing table to forward packet with."
msgstr "Set the routing table to forward packet with."
@@ -12043,11 +11315,11 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes
msgid "Set the source IP of forwarded packets, otherwise original senders address is used."
msgstr "Set the source IP of forwarded packets, otherwise original senders address is used."
-#: ../../configuration/system/conntrack.rst:83
+#: ../../configuration/system/conntrack.rst:97
msgid "Set the timeout in secounds for a protocol or state."
msgstr "Set the timeout in secounds for a protocol or state."
-#: ../../configuration/system/conntrack.rst:141
+#: ../../configuration/system/conntrack.rst:175
msgid "Set the timeout in secounds for a protocol or state in a custom rule."
msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
@@ -12056,7 +11328,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule."
msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."
-#: ../../configuration/firewall/general.rst:1275
+#: ../../configuration/firewall/ipv4.rst:922
+#: ../../configuration/firewall/ipv6.rst:931
msgid "Set the window scale factor for TCP window scaling"
msgstr "Set the window scale factor for TCP window scaling"
@@ -12068,7 +11341,7 @@ msgstr "Set window of concurrently valid codes."
msgid "Sets the image name in the hub registry"
msgstr "Sets the image name in the hub registry"
-#: ../../configuration/interfaces/vxlan.rst:299
+#: ../../configuration/interfaces/vxlan.rst:320
msgid "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
msgstr "Sets the interface to listen for multicast packets on. Could be a loopback, not yet tested."
@@ -12076,7 +11349,7 @@ msgstr "Sets the interface to listen for multicast packets on. Could be a loopba
msgid "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
msgstr "Sets the listening port for a listening address. This overrides the default port of 3128 on the specific listen address."
-#: ../../configuration/interfaces/vxlan.rst:306
+#: ../../configuration/interfaces/vxlan.rst:327
msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address."
@@ -12084,7 +11357,7 @@ msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates
msgid "Setting VRRP group priority"
msgstr "Setting VRRP group priority"
-#: ../../configuration/service/dhcp-server.rst:264
+#: ../../configuration/service/dhcp-server.rst:231
msgid "Setting name"
msgstr "Setting name"
@@ -12116,7 +11389,7 @@ msgstr "Setting up certificates:"
msgid "Setting up tunnel:"
msgstr "Setting up tunnel:"
-#: ../../configuration/service/dhcp-server.rst:432
+#: ../../configuration/service/dhcp-server.rst:373
msgid "Setup DHCP failover for network 192.0.2.0/24"
msgstr "Setup DHCP failover for network 192.0.2.0/24"
@@ -12132,7 +11405,7 @@ msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server."
msgid "Setup the `<timeout>` in seconds when querying the TACACS server."
msgstr "Setup the `<timeout>` in seconds when querying the TACACS server."
-#: ../../configuration/service/dns.rst:314
+#: ../../configuration/service/dns.rst:327
msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on address `<interface>` changes."
@@ -12172,7 +11445,7 @@ msgstr "Short GI capabilities for 20 and 40 MHz"
msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full."
-#: ../../configuration/vrf/index.rst:486
+#: ../../configuration/vrf/index.rst:488
msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s."
@@ -12181,16 +11454,17 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the
msgid "Show"
msgstr "Show"
-#: ../../configuration/service/dhcp-server.rst:516
+#: ../../configuration/service/dhcp-server.rst:416
msgid "Show DHCP server daemon log file"
msgstr "Show DHCP server daemon log file"
-#: ../../configuration/service/dhcp-server.rst:736
+#: ../../configuration/service/dhcp-server.rst:668
msgid "Show DHCPv6 server daemon log file"
msgstr "Show DHCPv6 server daemon log file"
-#: ../../configuration/firewall/general.rst:1482
-#: ../../configuration/firewall/general-legacy.rst:965
+#: ../../configuration/firewall/bridge.rst:306
+#: ../../configuration/firewall/ipv4.rst:1115
+#: ../../configuration/firewall/ipv6.rst:1138
msgid "Show Firewall log"
msgstr "Show Firewall log"
@@ -12198,6 +11472,22 @@ msgstr "Show Firewall log"
msgid "Show LLDP neighbors connected via interface `<interface>`."
msgstr "Show LLDP neighbors connected via interface `<interface>`."
+#: ../../configuration/service/ssh.rst:232
+msgid "Show SSH dynamic-protection log."
+msgstr "Show SSH dynamic-protection log."
+
+#: ../../configuration/service/ssh.rst:224
+msgid "Show SSH server log."
+msgstr "Show SSH server log."
+
+#: ../../configuration/service/ssh.rst:248
+msgid "Show SSH server public key fingerprints, including a visual ASCII art representation."
+msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation."
+
+#: ../../configuration/service/ssh.rst:244
+msgid "Show SSH server public key fingerprints."
+msgstr "Show SSH server public key fingerprints."
+
#: ../../configuration/loadbalancing/wan.rst:271
msgid "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
msgstr "Show WAN load balancer information including test types and targets. A character at the start of each line depicts the state of the test"
@@ -12242,15 +11532,15 @@ msgstr "Show WWAN module signal strength."
msgid "Show a list available container networks"
msgstr "Show a list available container networks"
-#: ../../configuration/pki/index.rst:259
+#: ../../configuration/pki/index.rst:297
msgid "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
msgstr "Show a list of installed :abbr:`CA (Certificate Authority)` certificates."
-#: ../../configuration/pki/index.rst:294
+#: ../../configuration/pki/index.rst:332
msgid "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`."
-#: ../../configuration/pki/index.rst:277
+#: ../../configuration/pki/index.rst:315
msgid "Show a list of installed certificates"
msgstr "Show a list of installed certificates"
@@ -12356,44 +11646,52 @@ msgstr "Show info about the Wireguard service. It also shows the latest handshak
msgid "Show information about physical `<interface>`"
msgstr "Show information about physical `<interface>`"
+#: ../../configuration/service/ssh.rst:240
+msgid "Show list of IPs currently blocked by SSH dynamic-protection."
+msgstr "Show list of IPs currently blocked by SSH dynamic-protection."
+
+#: ../../configuration/service/mdns.rst:87
+msgid "Show logs for mDNS repeater service."
+msgstr "Show logs for mDNS repeater service."
+
#: ../../configuration/container/index.rst:159
msgid "Show logs from a given container"
msgstr "Show logs from a given container"
-#: ../../configuration/service/dhcp-server.rst:520
+#: ../../configuration/service/dhcp-server.rst:420
msgid "Show logs from all DHCP client processes."
msgstr "Show logs from all DHCP client processes."
-#: ../../configuration/service/dhcp-server.rst:740
+#: ../../configuration/service/dhcp-server.rst:672
msgid "Show logs from all DHCPv6 client processes."
msgstr "Show logs from all DHCPv6 client processes."
-#: ../../configuration/service/dhcp-server.rst:524
+#: ../../configuration/service/dhcp-server.rst:424
msgid "Show logs from specific `interface` DHCP client process."
msgstr "Show logs from specific `interface` DHCP client process."
-#: ../../configuration/service/dhcp-server.rst:744
+#: ../../configuration/service/dhcp-server.rst:676
msgid "Show logs from specific `interface` DHCPv6 client process."
msgstr "Show logs from specific `interface` DHCPv6 client process."
-#: ../../configuration/pki/index.rst:273
+#: ../../configuration/pki/index.rst:311
msgid "Show only information for specified Certificate Authority."
msgstr "Show only information for specified Certificate Authority."
-#: ../../configuration/pki/index.rst:290
+#: ../../configuration/pki/index.rst:328
msgid "Show only information for specified certificate."
msgstr "Show only information for specified certificate."
-#: ../../configuration/service/dhcp-server.rst:562
-#: ../../configuration/service/dhcp-server.rst:767
+#: ../../configuration/service/dhcp-server.rst:478
+#: ../../configuration/service/dhcp-server.rst:699
msgid "Show only leases in the specified pool."
msgstr "Show only leases in the specified pool."
-#: ../../configuration/service/dhcp-server.rst:776
+#: ../../configuration/service/dhcp-server.rst:708
msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)"
-#: ../../configuration/service/dhcp-server.rst:571
+#: ../../configuration/service/dhcp-server.rst:496
msgid "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
msgstr "Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)"
@@ -12405,19 +11703,23 @@ msgstr "Show routing table entry for the default route."
msgid "Show specific MACsec interface information"
msgstr "Show specific MACsec interface information"
-#: ../../configuration/vpn/site2site_ipsec.rst:217
+#: ../../configuration/vpn/site2site_ipsec.rst:221
msgid "Show status of new setup:"
msgstr "Show status of new setup:"
-#: ../../configuration/service/dhcp-server.rst:547
+#: ../../configuration/service/dhcp-server.rst:447
msgid "Show statuses of all active leases:"
msgstr "Show statuses of all active leases:"
-#: ../../configuration/service/dhcp-server.rst:532
+#: ../../configuration/service/dhcp-server.rst:465
+msgid "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+msgstr "Show statuses of all active leases granted by local (this server) or remote (failover server):"
+
+#: ../../configuration/service/dhcp-server.rst:432
msgid "Show the DHCP server statistics:"
msgstr "Show the DHCP server statistics:"
-#: ../../configuration/service/dhcp-server.rst:543
+#: ../../configuration/service/dhcp-server.rst:443
msgid "Show the DHCP server statistics for the specified pool."
msgstr "Show the DHCP server statistics for the specified pool."
@@ -12437,11 +11739,22 @@ msgstr "Show the list of all active containers."
msgid "Show the local container images."
msgstr "Show the local container images."
-#: ../../configuration/firewall/general.rst:1486
#: ../../configuration/firewall/general-legacy.rst:969
msgid "Show the logs of a specific Rule-Set."
msgstr "Show the logs of a specific Rule-Set."
+#: ../../configuration/firewall/bridge.rst:316
+msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv4.rst:1125
+msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
+#: ../../configuration/firewall/ipv6.rst:1148
+msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set."
+
#: ../../configuration/protocols/failover.rst:75
#: ../../configuration/protocols/failover.rst:101
msgid "Show the route"
@@ -12455,7 +11768,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP"
msgid "Showing BFD monitored static routes"
msgstr "Showing BFD monitored static routes"
-#: ../../configuration/service/dhcp-server.rst:752
+#: ../../configuration/service/dhcp-server.rst:684
msgid "Shows status of all assigned leases:"
msgstr "Shows status of all assigned leases:"
@@ -12483,7 +11796,7 @@ msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)"
msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)"
-#: ../../configuration/vpn/site2site_ipsec.rst:418
+#: ../../configuration/vpn/site2site_ipsec.rst:427
msgid "Similar combinations are applicable for the dead-peer-detection."
msgstr "Similar combinations are applicable for the dead-peer-detection."
@@ -12519,7 +11832,11 @@ msgstr "Since the RADIUS server would be a single point of failure, multiple RAD
msgid "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
msgstr "Since the mDNS protocol sends the AA records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
-#: ../../configuration/interfaces/vxlan.rst:136
+#: ../../configuration/service/mdns.rst:14
+msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet."
+
+#: ../../configuration/interfaces/vxlan.rst:157
msgid "Single VXLAN device (SVD)"
msgstr "Single VXLAN device (SVD)"
@@ -12540,6 +11857,10 @@ msgstr "Site-to-site mode supports x.509 but doesn't require it and can also wor
msgid "Site to Site VPN"
msgstr "Site to Site VPN"
+#: ../../configuration/pki/index.rst:275
+msgid "Size of the RSA key."
+msgstr "Size of the RSA key."
+
#: ../../configuration/interfaces/bonding.rst:47
msgid "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
msgstr "Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the :cfgcmd:`hash-policy` option, documented below."
@@ -12548,27 +11869,15 @@ msgstr "Slave selection for outgoing traffic is done according to the transmit h
msgid "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
msgstr "So in our firewall policy, we want to allow traffic coming in on the outside interface, destined for TCP port 80 and the IP address of 192.168.0.100."
+#: ../../configuration/nat/nat44.rst:579
+msgid "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+msgstr "So in our firewall ruleset, we want to allow traffic which previously matched a destination nat rule. In order to avoid creating many rules, one for each destination nat rule, we can accept all **'dnat'** connections with one simple rule, using ``connection-status`` matcher:"
+
#: ../../configuration/service/snmp.rst:245
msgid "SolarWinds"
msgstr "SolarWinds"
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:10
msgid "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd `<id>`. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation."
@@ -12580,15 +11889,18 @@ msgstr "Some IT environments require the use of a proxy to connect to the Intern
msgid "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
msgstr "Some RADIUS_ severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list."
-#: ../../configuration/nat/nat44.rst:626
+#: ../../configuration/nat/nat44.rst:650
msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP."
-#: ../../configuration/firewall/general.rst:86
#: ../../configuration/firewall/general-legacy.rst:38
msgid "Some firewall settings are global and have an affect on the whole system."
msgstr "Some firewall settings are global and have an affect on the whole system."
+#: ../../configuration/firewall/global-options.rst:13
+msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli."
+
#: ../../configuration/trafficpolicy/index.rst:327
msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it."
@@ -12621,15 +11933,15 @@ msgstr "Some users tend to connect their mobile devices using WireGuard to their
msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``&quot;`` statement."
-#: ../../configuration/service/dhcp-server.rst:771
+#: ../../configuration/service/dhcp-server.rst:703
msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)"
-#: ../../configuration/service/dhcp-server.rst:566
+#: ../../configuration/service/dhcp-server.rst:491
msgid "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
msgstr "Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)"
-#: ../../configuration/nat/nat44.rst:226
+#: ../../configuration/nat/nat44.rst:238
msgid "Source Address"
msgstr "Source Address"
@@ -12637,7 +11949,7 @@ msgstr "Source Address"
msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN."
-#: ../../configuration/vpn/sstp.rst:257
+#: ../../configuration/vpn/sstp.rst:268
msgid "Source IPv4 address used in all RADIUS server queires."
msgstr "Source IPv4 address used in all RADIUS server queires."
@@ -12662,6 +11974,10 @@ msgid "Source protocol to match."
msgstr "Source protocol to match."
#: ../../configuration/vpn/ipsec.rst:225
+msgid "Source tunnel from dummy interface"
+msgstr "Source tunnel from dummy interface"
+
+#: ../../configuration/vpn/ipsec.rst:225
msgid "Source tunnel from loopbacks"
msgstr "Source tunnel from loopbacks"
@@ -12685,15 +12001,15 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings"
msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop."
-#: ../../configuration/vpn/sstp.rst:227
+#: ../../configuration/vpn/sstp.rst:238
msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)"
-#: ../../configuration/vpn/sstp.rst:183
+#: ../../configuration/vpn/sstp.rst:194
msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation preference."
-#: ../../configuration/vrf/index.rst:475
+#: ../../configuration/vrf/index.rst:477
msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN."
@@ -12705,6 +12021,10 @@ msgstr "Specifies an upstream network `<interface>` from which replies from `<se
msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords."
+#: ../../configuration/interfaces/vxlan.rst:89
+msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database."
+
#: ../../configuration/interfaces/bonding.rst:40
msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:"
@@ -12737,7 +12057,7 @@ msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algori
msgid "Specifies the base DN under which the users are located."
msgstr "Specifies the base DN under which the users are located."
-#: ../../configuration/service/dhcp-server.rst:272
+#: ../../configuration/service/dhcp-server.rst:239
msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used."
@@ -12774,31 +12094,35 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4
msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password."
-#: ../../configuration/vrf/index.rst:450
+#: ../../configuration/vrf/index.rst:452
msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute."
-#: ../../configuration/vrf/index.rst:443
+#: ../../configuration/vrf/index.rst:445
msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN."
-#: ../../configuration/vpn/sstp.rst:270
+#: ../../configuration/vpn/sstp.rst:281
msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius."
-#: ../../configuration/vpn/sstp.rst:177
+#: ../../configuration/vpn/sstp.rst:188
msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used."
-#: ../../configuration/interfaces/vxlan.rst:72
+#: ../../configuration/interfaces/vxlan.rst:77
msgid "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
msgstr "Specifies whether an external control plane (e.g. BGP L2VPN/EVPN) or the internal FDB should be used."
+#: ../../configuration/interfaces/vxlan.rst:94
+msgid "Specifies whether the VXLAN device is capable of vni filtering."
+msgstr "Specifies whether the VXLAN device is capable of vni filtering."
+
#: ../../configuration/protocols/ospf.rst:268
msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs."
-#: ../../configuration/vpn/sstp.rst:261
+#: ../../configuration/vpn/sstp.rst:272
msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`."
@@ -12806,23 +12130,27 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat
msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."
-#: ../../configuration/firewall/general.rst:663
-#: ../../configuration/firewall/general-legacy.rst:455
+#: ../../configuration/firewall/ipv4.rst:401
+#: ../../configuration/firewall/ipv6.rst:408
msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."
-#: ../../configuration/service/dhcp-server.rst:620
+#: ../../configuration/service/dhcp-server.rst:550
msgid "Specify a NIS+ server address for DHCPv6 clients."
msgstr "Specify a NIS+ server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:615
+#: ../../configuration/service/dhcp-server.rst:545
msgid "Specify a NIS server address for DHCPv6 clients."
msgstr "Specify a NIS server address for DHCPv6 clients."
-#: ../../configuration/service/dhcp-server.rst:625
+#: ../../configuration/service/dhcp-server.rst:555
msgid "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
msgstr "Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address of Fully Qualified Domain Name for all DHCPv6 clients."
+#: ../../configuration/protocols/pim.rst:129
+msgid "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+msgstr "Specify a range of group addresses via a prefix-list that forces PIM to never do :abbr:`SSM (Source-Specific Multicast)` over."
+
#: ../../configuration/system/task-scheduler.rst:33
msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed."
msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed."
@@ -12870,42 +12198,10 @@ msgid "Specify the LDAP server to connect to."
msgstr "Specify the LDAP server to connect to."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:50
msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:27
msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer."
@@ -12929,7 +12225,7 @@ msgstr "Specify the systems `<timezone>` as the Region/Location that best define
msgid "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
msgstr "Specify the time interval when `<task>` should be executed. The interval is specified as number with one of the following suffixes:"
-#: ../../configuration/service/dns.rst:256
+#: ../../configuration/service/dns.rst:269
msgid "Specify timeout / update interval to check if IP address changed."
msgstr "Specify timeout / update interval to check if IP address changed."
@@ -12937,7 +12233,7 @@ msgstr "Specify timeout / update interval to check if IP address changed."
msgid "Specify timeout interval for keepalive message in seconds."
msgstr "Specify timeout interval for keepalive message in seconds."
-#: ../../configuration/interfaces/vxlan.rst:170
+#: ../../configuration/interfaces/vxlan.rst:191
msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2."
@@ -12953,7 +12249,11 @@ msgstr "Spoke"
msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol."
-#: ../../configuration/nat/nat44.rst:791
+#: ../../configuration/service/https.rst:56
+msgid "Start Webserver in given VRF."
+msgstr "Start Webserver in given VRF."
+
+#: ../../configuration/nat/nat44.rst:813
msgid "Start by checking for IPSec SAs (Security Associations) with:"
msgstr "Start by checking for IPSec SAs (Security Associations) with:"
@@ -12961,6 +12261,10 @@ msgstr "Start by checking for IPSec SAs (Security Associations) with:"
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases."
+#: ../../configuration/firewall/zone.rst:13
+msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter."
+
#: ../../configuration/firewall/index.rst:8
msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations."
@@ -12981,7 +12285,7 @@ msgstr "Starting with VyOS 1.2 a :abbr:`mDNS (Multicast DNS)` repeater functiona
msgid "Static"
msgstr "Static"
-#: ../../configuration/service/dhcp-server.rst:224
+#: ../../configuration/service/dhcp-server.rst:189
msgid "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
msgstr "Static DHCP IP address assign to host identified by `<description>`. IP address must be inside the `<subnet>` which is defined but can be outside the dynamic range created with :cfgcmd:`set service dhcp-server shared-network-name <name> subnet <subnet> range <n>`. If no ip-address is specified, an IP from the dynamic pool is used."
@@ -13009,13 +12313,13 @@ msgstr "Static Routing or other dynamic routing protocols can be used over the v
msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA."
-#: ../../configuration/service/dhcp-server.rst:209
-#: ../../configuration/service/dhcp-server.rst:689
+#: ../../configuration/service/dhcp-server.rst:174
+#: ../../configuration/service/dhcp-server.rst:621
msgid "Static mappings"
msgstr "Static mappings"
-#: ../../configuration/service/dhcp-server.rst:557
-#: ../../configuration/service/dhcp-server.rst:762
+#: ../../configuration/service/dhcp-server.rst:460
+#: ../../configuration/service/dhcp-server.rst:694
msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``."
@@ -13059,6 +12363,10 @@ msgstr "Supported Modules"
msgid "Supported channel width set."
msgstr "Supported channel width set."
+#: ../../configuration/system/frr.rst:30
+msgid "Supported daemons:"
+msgstr "Supported daemons:"
+
#: ../../configuration/service/router-advert.rst:11
msgid "Supported interface types:"
msgstr "Supported interface types:"
@@ -13096,15 +12404,18 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect
msgid "Sync groups"
msgstr "Sync groups"
-#: ../../configuration/firewall/general.rst:1264
+#: ../../configuration/firewall/ipv4.rst:911
+#: ../../configuration/firewall/ipv6.rst:920
msgid "Synproxy"
msgstr "Synproxy"
-#: ../../configuration/firewall/general.rst:1265
+#: ../../configuration/firewall/ipv4.rst:912
+#: ../../configuration/firewall/ipv6.rst:921
msgid "Synproxy connections"
msgstr "Synproxy connections"
-#: ../../configuration/firewall/general.rst:1282
+#: ../../configuration/firewall/ipv4.rst:929
+#: ../../configuration/firewall/ipv6.rst:938
msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled"
@@ -13177,7 +12488,7 @@ msgstr "System is unusable - a panic condition"
msgid "TACACS+"
msgstr "TACACS+"
-#: ../../configuration/system/login.rst:416
+#: ../../configuration/system/login.rst:418
msgid "TACACS Example"
msgstr "TACACS Example"
@@ -13226,6 +12537,14 @@ msgstr "Telegraf output plugin prometheus-client_"
msgid "Telegraf output plugin splunk_. HTTP Event Collector."
msgstr "Telegraf output plugin splunk_. HTTP Event Collector."
+#: ../../configuration/protocols/pim.rst:157
+msgid "Tell PIM that we would not like to use this interface to process bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process bootstrap messages."
+
+#: ../../configuration/protocols/pim.rst:162
+msgid "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+msgstr "Tell PIM that we would not like to use this interface to process unicast bootstrap messages."
+
#: ../../configuration/service/router-advert.rst:1
msgid "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information"
@@ -13234,7 +12553,7 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a
msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration"
-#: ../../configuration/vpn/sstp.rst:216
+#: ../../configuration/vpn/sstp.rst:227
msgid "Temporary disable this RADIUS server."
msgstr "Temporary disable this RADIUS server."
@@ -13266,15 +12585,19 @@ msgstr "Test disconnecting given connection-oriented interface. `<interface>` ca
msgid "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
msgstr "Test disconnecting given connection-oriented interface. `<interface>` can be ``sstpc0`` as the example."
-#: ../../configuration/vpn/sstp.rst:293
+#: ../../configuration/nat/nat64.rst:70
+msgid "Test from the IPv6 only client:"
+msgstr "Test from the IPv6 only client:"
+
+#: ../../configuration/vpn/sstp.rst:305
msgid "Testing SSTP"
msgstr "Testing SSTP"
-#: ../../configuration/nat/nat44.rst:786
+#: ../../configuration/nat/nat44.rst:808
msgid "Testing and Validation"
msgstr "Testing and Validation"
-#: ../../configuration/interfaces/vxlan.rst:125
+#: ../../configuration/interfaces/vxlan.rst:146
msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added."
@@ -13282,7 +12605,7 @@ msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 wil
msgid "That is how it is possible to do the so-called \"ingress shaping\"."
msgstr "That is how it is possible to do the so-called \"ingress shaping\"."
-#: ../../configuration/nat/nat44.rst:806
+#: ../../configuration/nat/nat44.rst:828
msgid "That looks good - we defined 2 tunnels and they're both up and running."
msgstr "That looks good - we defined 2 tunnels and they're both up and running."
@@ -13290,7 +12613,7 @@ msgstr "That looks good - we defined 2 tunnels and they're both up and running."
msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option."
-#: ../../configuration/nat/nat44.rst:724
+#: ../../configuration/nat/nat44.rst:746
msgid "The ASP has documented their IPSec requirements:"
msgstr "The ASP has documented their IPSec requirements:"
@@ -13307,21 +12630,6 @@ msgid "The CLNS address consists of the following parts:"
msgstr "The CLNS address consists of the following parts:"
#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
-#: ../../_include/interface-dhcpv6-options.txt:4
msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client."
@@ -13341,7 +12649,7 @@ msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tr
msgid "The HTTP service listen on TCP port 80."
msgstr "The HTTP service listen on TCP port 80."
-#: ../../configuration/nat/nat44.rst:505
+#: ../../configuration/nat/nat44.rst:525
msgid "The IP address of the internal system we wish to forward traffic to."
msgstr "The IP address of the internal system we wish to forward traffic to."
@@ -13365,7 +12673,7 @@ msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which
msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority."
-#: ../../configuration/vpn/openconnect.rst:287
+#: ../../configuration/vpn/openconnect.rst:294
msgid "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
msgstr "The RADIUS accounting feature must be used with the OpenConnect authentication mode RADIUS. It cannot be used with local authentication. You must configure the OpenConnect authentication mode to \"radius\"."
@@ -13393,18 +12701,22 @@ msgstr "The VXLAN specification was originally created by VMware, Arista Network
msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server."
-#: ../../configuration/service/dns.rst:160
+#: ../../configuration/service/dns.rst:173
msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64"
-#: ../../configuration/service/dns.rst:158
+#: ../../configuration/service/dns.rst:171
msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6"
-#: ../../configuration/service/dns.rst:162
+#: ../../configuration/service/dns.rst:175
msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server."
+#: ../../configuration/pki/index.rst:254
+msgid "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certificates using the :abbr:`ACME (Automatic Certificate Management Environment)` protocol."
+
#: ../../configuration/container/index.rst:7
msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine."
@@ -13466,14 +12778,19 @@ msgstr "The ``source-address`` must be configured on one of VyOS interface. Best
msgid "The `show bridge` operational command can be used to display configured bridges:"
msgstr "The `show bridge` operational command can be used to display configured bridges:"
-#: ../../configuration/vpn/openconnect.rst:246
+#: ../../configuration/vpn/openconnect.rst:253
msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade."
-#: ../../configuration/firewall/general.rst:332
+#: ../../configuration/firewall/ipv4.rst:86
+#: ../../configuration/firewall/ipv6.rst:86
msgid "The action can be :"
msgstr "The action can be :"
+#: ../../configuration/pki/index.rst:271
+msgid "The address the server listens to during http-01 challenge"
+msgstr "The address the server listens to during http-01 challenge"
+
#: ../../configuration/protocols/bgp.rst:775
msgid "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
msgstr "The advantage of this is that the route-selection (at this point) will be more deterministic. The disadvantage is that a few or even one lowest-ID router may attract all traffic to otherwise-equal paths because of this check. It may increase the possibility of MED or IGP oscillation, unless other measures were taken to avoid these. The exact behaviour will be sensitive to the iBGP and reflection topology."
@@ -13483,25 +12800,6 @@ msgid "The allocated address block is 100.64.0.0/10."
msgstr "The allocated address block is 100.64.0.0/10."
#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
-#: ../../_include/interface-ipv6.txt:92
msgid "The amount of Duplicate Address Detection probes to send."
msgstr "The amount of Duplicate Address Detection probes to send."
@@ -13525,7 +12823,7 @@ msgstr "The bonding interface provides a method for aggregating multiple network
msgid "The case of ingress shaping"
msgstr "The case of ingress shaping"
-#: ../../configuration/service/pppoe-server.rst:398
+#: ../../configuration/service/pppoe-server.rst:385
msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use."
@@ -13541,7 +12839,7 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then
msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet."
-#: ../../configuration/service/pppoe-server.rst:244
+#: ../../configuration/service/pppoe-server.rst:231
msgid "The command below enables it, assuming the RADIUS connection has been setup and is working."
msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working."
@@ -13557,9 +12855,9 @@ msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote syst
msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:"
-#: ../../configuration/service/dhcp-server.rst:244
-#: ../../configuration/service/dhcp-server.rst:670
-#: ../../configuration/service/dhcp-server.rst:712
+#: ../../configuration/service/dhcp-server.rst:210
+#: ../../configuration/service/dhcp-server.rst:601
+#: ../../configuration/service/dhcp-server.rst:644
msgid "The configuration will look as follows:"
msgstr "The configuration will look as follows:"
@@ -13579,7 +12877,7 @@ msgstr "The connection tracking expect table contains one entry for each expecte
msgid "The connection tracking table contains one entry for each connection being tracked by the system."
msgstr "The connection tracking table contains one entry for each connection being tracked by the system."
-#: ../../configuration/service/pppoe-server.rst:238
+#: ../../configuration/service/pppoe-server.rst:225
msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:"
@@ -13607,30 +12905,18 @@ msgstr "The default hostname used is `vyos`."
msgid "The default is 1492."
msgstr "The default is 1492."
-#: ../../configuration/service/dhcp-server.rst:596
+#: ../../configuration/service/dhcp-server.rst:526
msgid "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
msgstr "The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds."
-#: ../../configuration/interfaces/vxlan.rst:336
+#: ../../configuration/interfaces/vxlan.rst:357
msgid "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
msgstr "The default port udp is set to 8472. It can be changed with ``set interface vxlan <vxlanN> port <port>``"
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
+#: ../../configuration/protocols/pim.rst:52
+msgid "The default time is 60 seconds."
+msgstr "The default time is 60 seconds."
+
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:15
msgid "The default value corresponds to 64."
msgstr "The default value corresponds to 64."
@@ -13643,7 +12929,15 @@ msgstr "The default value is 0. This will cause the carrier to be asserted (for
msgid "The default value is 300 seconds."
msgstr "The default value is 300 seconds."
-#: ../../configuration/service/dhcp-server.rst:113
+#: ../../configuration/protocols/pim.rst:214
+msgid "The default value is 3."
+msgstr "The default value is 3."
+
+#: ../../configuration/protocols/pim.rst:68
+msgid "The default value is 3 packets."
+msgstr "The default value is 3 packets."
+
+#: ../../configuration/service/dhcp-server.rst:99
msgid "The default value is 86400 seconds which corresponds to one day."
msgstr "The default value is 86400 seconds which corresponds to one day."
@@ -13655,25 +12949,29 @@ msgstr "The default value is slow."
msgid "The default values for the minimum-threshold depend on IP precedence:"
msgstr "The default values for the minimum-threshold depend on IP precedence:"
-#: ../../configuration/interfaces/vxlan.rst:313
+#: ../../configuration/interfaces/vxlan.rst:334
msgid "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
msgstr "The destination port used for creating a VXLAN interface in Linux defaults to its pre-standard value of 8472 to preserve backward compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command."
-#: ../../configuration/service/dhcp-server.rst:200
+#: ../../configuration/interfaces/vxlan.rst:98
+msgid "The device can only receive packets with VNIs configured in the VNI filtering table."
+msgstr "The device can only receive packets with VNIs configured in the VNI filtering table."
+
+#: ../../configuration/service/dhcp-server.rst:165
msgid "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
msgstr "The dialogue between failover partners is neither encrypted nor authenticated. Since most DHCP servers exist within an organisation's own secure Intranet, this would be an unnecessary overhead. However, if you have DHCP failover peers whose communications traverse insecure networks, then we recommend that you consider the use of VPN tunneling between them to ensure that the failover partnership is immune to disruption (accidental or otherwise) via third parties."
-#: ../../configuration/service/dhcp-server.rst:36
-#: ../../configuration/service/dhcp-server.rst:138
+#: ../../configuration/service/dhcp-server.rst:31
+#: ../../configuration/service/dhcp-server.rst:124
msgid "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
msgstr "The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015)."
-#: ../../configuration/service/dhcp-server.rst:45
-#: ../../configuration/service/dhcp-server.rst:145
+#: ../../configuration/service/dhcp-server.rst:40
+#: ../../configuration/service/dhcp-server.rst:131
msgid "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
msgstr "The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times if you need multiple search domains (DHCP Option 119)."
-#: ../../configuration/nat/nat44.rst:694
+#: ../../configuration/nat/nat44.rst:718
msgid "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
msgstr "The dummy interface allows us to have an equivalent of the Cisco IOS Loopback interface - a router-internal interface we can use for IP addresses the router must know about, but which are not actually assigned to a real network."
@@ -13689,11 +12987,11 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co
msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that."
-#: ../../configuration/service/pppoe-server.rst:382
+#: ../../configuration/service/pppoe-server.rst:369
msgid "The example below covers a dual-stack configuration via pppoe-server."
msgstr "The example below covers a dual-stack configuration via pppoe-server."
-#: ../../configuration/service/pppoe-server.rst:361
+#: ../../configuration/service/pppoe-server.rst:348
msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1."
@@ -13705,7 +13003,7 @@ msgstr "The example configuration below will assign an IP to the client on the i
msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used."
-#: ../../configuration/nat/nat44.rst:319
+#: ../../configuration/nat/nat44.rst:331
msgid "The external IP address to translate to"
msgstr "The external IP address to translate to"
@@ -13730,23 +13028,18 @@ msgid "The first and arguably cleaner option is to make your IPsec policy match
msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses."
#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
-#: ../../_include/interface-disable-flow-control.txt:8
msgid "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
msgstr "The first flow control mechanism, the pause frame, was defined by the IEEE 802.3x standard."
+#: ../../configuration/protocols/pim.rst:93
+msgid "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+msgstr "The first ip address is the RP's address and the second value is the matching prefix of group ranges covered."
+
#: ../../configuration/vpn/dmvpn.rst:63
msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply."
-#: ../../configuration/vpn/sstp.rst:299
+#: ../../configuration/vpn/sstp.rst:311
msgid "The following PPP configuration tests MSCHAP-v2:"
msgstr "The following PPP configuration tests MSCHAP-v2:"
@@ -13810,6 +13103,10 @@ msgstr "The following example topology was built using EVE-NG."
msgid "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
msgstr "The following example will show how VyOS can be used to redirect web traffic to an external transparent proxy:"
+#: ../../configuration/nat/nat64.rst:40
+msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool."
+
#: ../../configuration/interfaces/wwan.rst:309
msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:"
@@ -13839,7 +13136,7 @@ msgid "The forwarding delay time is the time spent in each of the listening and
msgstr "The forwarding delay time is the time spent in each of the listening and learning states before the Forwarding state is entered. This delay is so that when a new bridge comes onto a busy network it looks at some traffic before participating."
#: ../../configuration/service/dhcp-relay.rst:98
-#: ../../configuration/service/dhcp-relay.rst:184
+#: ../../configuration/service/dhcp-relay.rst:186
msgid "The generated configuration will look like:"
msgstr "The generated configuration will look like:"
@@ -13871,7 +13168,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w
msgid "The hostname or IP address of the master"
msgstr "The hostname or IP address of the master"
-#: ../../configuration/service/dhcp-server.rst:700
+#: ../../configuration/service/dhcp-server.rst:632
msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID."
@@ -13880,12 +13177,10 @@ msgid "The individual spoke configurations only differ in the local IP address o
msgstr "The individual spoke configurations only differ in the local IP address on the ``tun10`` interface. See the above diagram for the individual IP addresses."
#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
-#: ../../_include/interface-vlan-8021ad.txt:25
msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)."
-#: ../../configuration/nat/nat44.rst:503
+#: ../../configuration/nat/nat44.rst:523
msgid "The interface traffic will be coming in on;"
msgstr "The interface traffic will be coming in on;"
@@ -13893,7 +13188,7 @@ msgstr "The interface traffic will be coming in on;"
msgid "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
msgstr "The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added."
-#: ../../configuration/nat/nat44.rst:317
+#: ../../configuration/nat/nat44.rst:329
msgid "The internal IP addresses we want to translate"
msgstr "The internal IP addresses we want to translate"
@@ -13937,6 +13232,14 @@ msgstr "The local site will have a subnet of 10.0.0.0/16."
msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine."
+#: ../../configuration/firewall/index.rst:20
+msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:"
+
+#: ../../configuration/firewall/index.rst:92
+msgid "The main structure VyOS firewall cli is shown next:"
+msgstr "The main structure VyOS firewall cli is shown next:"
+
#: ../../configuration/interfaces/bonding.rst:271
msgid "The maximum number of targets that can be specified is 16. The default value is no IP address."
msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address."
@@ -13961,7 +13264,7 @@ msgstr "The minimal echo receive transmission interval that this system is capab
msgid "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
msgstr "The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release."
-#: ../../configuration/interfaces/vxlan.rst:292
+#: ../../configuration/interfaces/vxlan.rst:313
msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface."
@@ -14010,12 +13313,10 @@ msgid "The optional parameter register specifies that Registration Request shoul
msgstr "The optional parameter register specifies that Registration Request should be sent to this peer on startup."
#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
-#: ../../_include/interface-vlan-8021ad.txt:10
msgid "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
msgstr "The original 802.1q_ specification allows a single Virtual Local Area Network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q, QinQ itself is extended by other Metro Ethernet protocols."
-#: ../../configuration/nat/nat44.rst:318
+#: ../../configuration/nat/nat44.rst:330
msgid "The outgoing interface to perform the translation on"
msgstr "The outgoing interface to perform the translation on"
@@ -14051,11 +13352,11 @@ msgstr "The prefix and ASN that originated it match a signed ROA. These are prob
msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements."
-#: ../../configuration/service/dhcp-server.rst:434
+#: ../../configuration/service/dhcp-server.rst:375
msgid "The primary DHCP server uses address `192.168.189.252`"
msgstr "The primary DHCP server uses address `192.168.189.252`"
-#: ../../configuration/service/dhcp-server.rst:193
+#: ../../configuration/service/dhcp-server.rst:158
msgid "The primary and secondary statements determines whether the server is primary or secondary."
msgstr "The primary and secondary statements determines whether the server is primary or secondary."
@@ -14067,7 +13368,7 @@ msgstr "The primary option is only valid for active-backup, transmit-load-balanc
msgid "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
msgstr "The priority must be an integer number from 1 to 255. Higher priority value increases router's precedence in the master elections."
-#: ../../configuration/service/dhcp-server.rst:609
+#: ../../configuration/service/dhcp-server.rst:539
msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:"
@@ -14075,7 +13376,7 @@ msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus
msgid "The prompt is adjusted to reflect this change in both config and op-mode."
msgstr "The prompt is adjusted to reflect this change in both config and op-mode."
-#: ../../configuration/nat/nat44.rst:504
+#: ../../configuration/nat/nat44.rst:524
msgid "The protocol and port we wish to forward;"
msgstr "The protocol and port we wish to forward;"
@@ -14124,7 +13425,7 @@ msgstr "The remote user will use the openconnect client to connect to the router
msgid "The required config file may look like this:"
msgstr "The required config file may look like this:"
-#: ../../configuration/nat/nat44.rst:683
+#: ../../configuration/nat/nat44.rst:707
msgid "The required configuration can be broken down into 4 major pieces:"
msgstr "The required configuration can be broken down into 4 major pieces:"
@@ -14160,7 +13461,7 @@ msgstr "The router should discard DHCP packages already containing relay agent i
msgid "The sFlow accounting based on hsflowd https://sflow.net/"
msgstr "The sFlow accounting based on hsflowd https://sflow.net/"
-#: ../../configuration/vpn/openconnect.rst:263
+#: ../../configuration/vpn/openconnect.rst:270
msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication."
@@ -14172,7 +13473,7 @@ msgstr "The scheme above doesn't work when one of the routers has a dynamic exte
msgid "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
msgstr "The search filter can contain up to 15 occurrences of %s which will be replaced by the username, as in \"uid=%s\" for :rfc:`2037` directories. For a detailed description of LDAP search filter syntax see :rfc:`2254`."
-#: ../../configuration/service/dhcp-server.rst:435
+#: ../../configuration/service/dhcp-server.rst:376
msgid "The secondary DHCP server uses address `192.168.189.253`"
msgstr "The secondary DHCP server uses address `192.168.189.253`"
@@ -14184,7 +13485,7 @@ msgstr "The security approach in SNMPv3 targets:"
msgid "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
msgstr "The sequence ``^Ec?`` translates to: ``Ctrl+E c ?``. To quit the session use: ``Ctrl+E c .``"
-#: ../../configuration/interfaces/vxlan.rst:168
+#: ../../configuration/interfaces/vxlan.rst:189
msgid "The setup is this: Leaf2 - Spine1 - Leaf3"
msgstr "The setup is this: Leaf2 - Spine1 - Leaf3"
@@ -14197,11 +13498,6 @@ msgid "The speed (baudrate) of the console device. Supported values are:"
msgstr "The speed (baudrate) of the console device. Supported values are:"
#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
-#: ../../_include/interface-vlan-8021q.txt:16
msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard."
@@ -14221,7 +13517,7 @@ msgstr "The table consists of following data:"
msgid "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
msgstr "The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_."
-#: ../../configuration/nat/nat44.rst:233
+#: ../../configuration/nat/nat44.rst:245
msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address."
@@ -14245,22 +13541,7 @@ msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for mult
msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed."
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
-#: ../../_include/interface-dhcp-options.txt:31
+#: ../../_include/interface-dhcp-options.txt:36
msgid "The vendor-class-id option can be used to request a specific class of vendor options from the server."
msgstr "The vendor-class-id option can be used to request a specific class of vendor options from the server."
@@ -14276,7 +13557,7 @@ msgstr "The window size must be between 1 and 21."
msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users."
-#: ../../configuration/nat/nat44.rst:597
+#: ../../configuration/nat/nat44.rst:621
msgid "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for the internal IP to a reserved external IP. This dedicates an external IP address to an internal IP address and is useful for protocols which don't have the notion of ports, such as GRE."
@@ -14300,16 +13581,22 @@ msgstr "There's a variety of client GUI frontends for any platform"
msgid "There are 3 default NTP server set. You are able to change them."
msgstr "There are 3 default NTP server set. You are able to change them."
-#: ../../configuration/firewall/general.rst:536
-#: ../../configuration/firewall/general-legacy.rst:380
+#: ../../configuration/firewall/ipv4.rst:269
+#: ../../configuration/firewall/ipv6.rst:269
msgid "There are a lot of matching criteria against which the package can be tested."
msgstr "There are a lot of matching criteria against which the package can be tested."
+#: ../../configuration/firewall/bridge.rst:221
+#: ../../configuration/firewall/ipv4.rst:303
+#: ../../configuration/firewall/ipv6.rst:303
+msgid "There are a lot of matching criteria against which the packet can be tested."
+msgstr "There are a lot of matching criteria against which the packet can be tested."
+
#: ../../configuration/policy/route.rst:40
msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section."
-#: ../../configuration/system/ipv6.rst:91
+#: ../../configuration/system/ipv6.rst:92
msgid "There are different parameters for getting prefix-list information:"
msgstr "There are different parameters for getting prefix-list information:"
@@ -14362,33 +13649,9 @@ msgid "There is also a GRE over IPv6 encapsulation available, it is called: ``ip
msgstr "There is also a GRE over IPv6 encapsulation available, it is called: ``ip6gre``."
#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
-#: ../../_include/interface-vrf.txt:6
msgid "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
msgstr "There is an entire chapter about how to configure a :ref:`vrf`, please check this for additional information."
-#: ../../configuration/protocols/igmp.rst:93
#: ../../configuration/protocols/pim6.rst:27
msgid "These are the commands for a basic setup."
msgstr "These are the commands for a basic setup."
@@ -14413,6 +13676,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u
msgid "They can be **decimal** prefixes."
msgstr "They can be **decimal** prefixes."
+#: ../../configuration/firewall/flowtables.rst:102
+msgid "Things to be considred in this setup:"
+msgstr "Things to be considred in this setup:"
+
#: ../../configuration/interfaces/l2tpv3.rst:54
msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address."
@@ -14438,6 +13705,10 @@ msgstr "This algorithm will place all traffic to a particular network peer on th
msgid "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
msgstr "This allows avoiding the timers defined in BGP and OSPF protocol to expires."
+#: ../../configuration/system/frr.rst:17
+msgid "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+msgstr "This allows the operator to control the number of open file descriptors each daemon is allowed to start with. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen."
+
#: ../../configuration/service/dns.rst:41
msgid "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
msgstr "This also works for reverse-lookup zones (``18.172.in-addr.arpa``)."
@@ -14503,7 +13774,7 @@ msgstr "This command allows to specify the distribution type for the network con
msgid "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
msgstr "This command allows to use route map to filter redistributed routes. There are six modes available for route source: connected, kernel, ospf, rip, static, table."
-#: ../../configuration/protocols/ospf.rst:1259
+#: ../../configuration/protocols/ospf.rst:1261
msgid "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command allows to use route map to filter redistributed routes from given route source. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -14734,23 +14005,27 @@ msgstr "This command disables route reflection between route reflector clients.
msgid "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
msgstr "This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned (split horizon).3"
-#: ../../configuration/protocols/bgp.rst:1008
+#: ../../configuration/protocols/isis.rst:318
+msgid "This command disables the load sharing across multiple LFA backups."
+msgstr "This command disables the load sharing across multiple LFA backups."
+
+#: ../../configuration/protocols/bgp.rst:1009
msgid "This command displays BGP dampened routes."
msgstr "This command displays BGP dampened routes."
-#: ../../configuration/protocols/bgp.rst:1031
+#: ../../configuration/protocols/bgp.rst:1032
msgid "This command displays BGP received-routes that are accepted after filtering."
msgstr "This command displays BGP received-routes that are accepted after filtering."
-#: ../../configuration/protocols/bgp.rst:1021
+#: ../../configuration/protocols/bgp.rst:1022
msgid "This command displays BGP routes advertised to a neighbor."
msgstr "This command displays BGP routes advertised to a neighbor."
-#: ../../configuration/protocols/bgp.rst:1016
+#: ../../configuration/protocols/bgp.rst:1017
msgid "This command displays BGP routes allowed by the specified AS Path access list."
msgstr "This command displays BGP routes allowed by the specified AS Path access list."
-#: ../../configuration/protocols/bgp.rst:1025
+#: ../../configuration/protocols/bgp.rst:1026
msgid "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
msgstr "This command displays BGP routes originating from the specified BGP neighbor before inbound policy is applied. To use this command inbound soft reconfiguration must be enabled."
@@ -14763,17 +14038,17 @@ msgid "This command displays RIP routes."
msgstr "This command displays RIP routes."
#: ../../configuration/protocols/ospf.rst:785
-#: ../../configuration/protocols/ospf.rst:1304
+#: ../../configuration/protocols/ospf.rst:1306
msgid "This command displays a database contents for a specific link advertisement type."
msgstr "This command displays a database contents for a specific link advertisement type."
#: ../../configuration/protocols/ospf.rst:752
-#: ../../configuration/protocols/ospf.rst:1299
+#: ../../configuration/protocols/ospf.rst:1301
msgid "This command displays a summary table with a database contents (LSA)."
msgstr "This command displays a summary table with a database contents (LSA)."
#: ../../configuration/protocols/ospf.rst:747
-#: ../../configuration/protocols/ospf.rst:1294
+#: ../../configuration/protocols/ospf.rst:1296
msgid "This command displays a table of paths to area boundary and autonomous system boundary routers."
msgstr "This command displays a table of paths to area boundary and autonomous system boundary routers."
@@ -14781,35 +14056,35 @@ msgstr "This command displays a table of paths to area boundary and autonomous s
msgid "This command displays all entries in BGP routing table."
msgstr "This command displays all entries in BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1035
+#: ../../configuration/protocols/bgp.rst:1036
msgid "This command displays dampened routes received from BGP neighbor."
msgstr "This command displays dampened routes received from BGP neighbor."
-#: ../../configuration/protocols/ospf.rst:1309
+#: ../../configuration/protocols/ospf.rst:1311
msgid "This command displays external information redistributed into OSPFv3"
msgstr "This command displays external information redistributed into OSPFv3"
-#: ../../configuration/protocols/bgp.rst:1039
+#: ../../configuration/protocols/bgp.rst:1040
msgid "This command displays information about BGP routes whose AS path matches the specified regular expression."
msgstr "This command displays information about BGP routes whose AS path matches the specified regular expression."
-#: ../../configuration/protocols/bgp.rst:1012
+#: ../../configuration/protocols/bgp.rst:1013
msgid "This command displays information about flapping BGP routes."
msgstr "This command displays information about flapping BGP routes."
-#: ../../configuration/protocols/bgp.rst:976
+#: ../../configuration/protocols/bgp.rst:977
msgid "This command displays information about the particular entry in the BGP routing table."
msgstr "This command displays information about the particular entry in the BGP routing table."
-#: ../../configuration/protocols/bgp.rst:1003
+#: ../../configuration/protocols/bgp.rst:1004
msgid "This command displays routes that are permitted by the BGP community list."
msgstr "This command displays routes that are permitted by the BGP community list."
-#: ../../configuration/protocols/bgp.rst:996
+#: ../../configuration/protocols/bgp.rst:997
msgid "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
msgstr "This command displays routes that belong to specified BGP communities. Valid value is a community number in the range from 1 to 4294967200, or AA:NN (autonomous system-community number/2-byte number), no-export, local-as, or no-advertise."
-#: ../../configuration/protocols/bgp.rst:992
+#: ../../configuration/protocols/bgp.rst:993
msgid "This command displays routes with classless interdomain routing (CIDR)."
msgstr "This command displays routes with classless interdomain routing (CIDR)."
@@ -14817,11 +14092,11 @@ msgstr "This command displays routes with classless interdomain routing (CIDR)."
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given."
-#: ../../configuration/protocols/ospf.rst:1283
+#: ../../configuration/protocols/ospf.rst:1285
msgid "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
msgstr "This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise."
-#: ../../configuration/protocols/ospf.rst:1289
+#: ../../configuration/protocols/ospf.rst:1291
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation."
@@ -14829,12 +14104,12 @@ msgstr "This command displays the OSPF routing table, as determined by the most
msgid "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
msgstr "This command displays the OSPF routing table, as determined by the most recent SPF calculation. With the optional :cfgcmd:`detail` argument, each route item's advertiser router and network attribute will be shown."
-#: ../../configuration/protocols/ospf.rst:1279
+#: ../../configuration/protocols/ospf.rst:1281
msgid "This command displays the neighbor DR choice information."
msgstr "This command displays the neighbor DR choice information."
#: ../../configuration/protocols/ospf.rst:623
-#: ../../configuration/protocols/ospf.rst:1274
+#: ../../configuration/protocols/ospf.rst:1276
msgid "This command displays the neighbors information in a detailed form, not just a summary table."
msgstr "This command displays the neighbors information in a detailed form, not just a summary table."
@@ -14843,7 +14118,7 @@ msgid "This command displays the neighbors information in a detailed form for a
msgstr "This command displays the neighbors information in a detailed form for a neighbor whose IP address is specified."
#: ../../configuration/protocols/ospf.rst:613
-#: ../../configuration/protocols/ospf.rst:1270
+#: ../../configuration/protocols/ospf.rst:1272
msgid "This command displays the neighbors status."
msgstr "This command displays the neighbors status."
@@ -14851,7 +14126,7 @@ msgstr "This command displays the neighbors status."
msgid "This command displays the neighbors status for a neighbor on the specified interface."
msgstr "This command displays the neighbors status for a neighbor on the specified interface."
-#: ../../configuration/protocols/bgp.rst:1044
+#: ../../configuration/protocols/bgp.rst:1045
msgid "This command displays the status of all BGP connections."
msgstr "This command displays the status of all BGP connections."
@@ -14863,6 +14138,10 @@ msgstr "This command enable/disables summarisation for the configured address ra
msgid "This command enable logging neighbor up/down changes and reset reason."
msgstr "This command enable logging neighbor up/down changes and reset reason."
+#: ../../configuration/protocols/isis.rst:311
+msgid "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Specifically this is a prefix list which references a prefix in which will select eligible PQ nodes for remote LFA backups."
+
#: ../../configuration/protocols/isis.rst:70
msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process."
@@ -14946,6 +14225,10 @@ msgstr "This command is only allowed for eBGP peers."
msgid "This command is only allowed for eBGP peers. It is not applicable for peer groups."
msgstr "This command is only allowed for eBGP peers. It is not applicable for peer groups."
+#: ../../configuration/protocols/pim.rst:70
+msgid "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+msgstr "This command is only useful at scale when you can possibly have a large number of PIM control packets flowing."
+
#: ../../configuration/protocols/rip.rst:106
msgid "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
msgstr "This command is specific to FRR and VyOS. The route command makes a static route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP using :cfgcmd:`redistribute static`."
@@ -15006,7 +14289,7 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
msgstr "This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static."
-#: ../../configuration/protocols/ospf.rst:1253
+#: ../../configuration/protocols/ospf.rst:1255
msgid "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
msgstr "This command redistributes routing information from the given route source to the OSPFv3 process. There are five modes available for route source: bgp, connected, kernel, ripng, static."
@@ -15014,19 +14297,19 @@ msgstr "This command redistributes routing information from the given route sour
msgid "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
msgstr "This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes advertised to EBGP peers."
-#: ../../configuration/protocols/bgp.rst:1067
+#: ../../configuration/protocols/bgp.rst:1068
msgid "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified neighbor IP address. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1087
+#: ../../configuration/protocols/bgp.rst:1088
msgid "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
msgstr "This command resets BGP connections to the specified peer group. With argument :cfgcmd:`soft` this command initiates a soft reset. If you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered."
-#: ../../configuration/protocols/bgp.rst:1074
+#: ../../configuration/protocols/bgp.rst:1075
msgid "This command resets all BGP connections of given router."
msgstr "This command resets all BGP connections of given router."
-#: ../../configuration/protocols/bgp.rst:1083
+#: ../../configuration/protocols/bgp.rst:1084
msgid "This command resets all external BGP peers of given router."
msgstr "This command resets all external BGP peers of given router."
@@ -15431,56 +14714,18 @@ msgstr "This command summarizes intra area paths from specified area into one su
msgid "This command to ensure not advertise the summary lsa for the matched external LSAs."
msgstr "This command to ensure not advertise the summary lsa for the matched external LSAs."
-#: ../../configuration/protocols/bgp.rst:1078
+#: ../../configuration/protocols/bgp.rst:1079
msgid "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
msgstr "This command uses to clear BGP route dampening information and to unsuppress suppressed routes."
#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
-#: ../../_include/interface-ipv6.txt:65
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss6 <value>``"
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/pppoe.rst:212
#: ../../configuration/interfaces/pppoe.rst:258
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
#: ../../configuration/interfaces/sstp-client.rst:84
#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
-#: ../../_include/interface-ip.txt:9
msgid "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
msgstr "This command was introduced in VyOS 1.4 - it was previously called: ``set firewall options interface <name> adjust-mss <value>``"
@@ -15494,6 +14739,10 @@ msgstr "This command will change the hold down value for IGP-LDP synchronization
msgid "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
msgstr "This command will change the hold down value globally for IGP-LDP synchronization during convergence/interface flap events."
+#: ../../configuration/protocols/isis.rst:324
+msgid "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+msgstr "This command will configure a tie-breaker for multiple local LFA backups. The lower index numbers will be processed first."
+
#: ../../configuration/protocols/isis.rst:134
msgid "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
msgstr "This command will enable IGP-LDP synchronization globally for ISIS. This requires for LDP to be functional. This is described in :rfc:`5443`. By default all interfaces operational in IS-IS are enabled for synchronization. Loopbacks are exempt."
@@ -15510,25 +14759,32 @@ msgstr "This command will generate a default-route in L1 database."
msgid "This command will generate a default-route in L2 database."
msgstr "This command will generate a default-route in L2 database."
-#: ../../configuration/firewall/general.rst:1457
-#: ../../configuration/firewall/general-legacy.rst:904
+#: ../../configuration/firewall/ipv6.rst:1113
msgid "This command will give an overview of a rule in a single rule-set"
msgstr "This command will give an overview of a rule in a single rule-set"
+#: ../../configuration/firewall/ipv4.rst:1091
+msgid "This command will give an overview of a rule in a single rule-set, plus information for default action."
+msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action."
+
#: ../../configuration/firewall/general-legacy.rst:940
msgid "This command will give an overview of a rule in a single rule-set."
msgstr "This command will give an overview of a rule in a single rule-set."
-#: ../../configuration/firewall/general.rst:1435
-#: ../../configuration/firewall/general-legacy.rst:932
+#: ../../configuration/firewall/ipv4.rst:1072
+#: ../../configuration/firewall/ipv6.rst:1088
msgid "This command will give an overview of a single rule-set."
msgstr "This command will give an overview of a single rule-set."
+#: ../../configuration/protocols/isis.rst:330
+msgid "This command will limit LFA backup computation up to the specified prefix priority."
+msgstr "This command will limit LFA backup computation up to the specified prefix priority."
+
#: ../../configuration/protocols/bgp.rst:268
msgid "This command would allow the dynamic update of capabilities over an established BGP session."
msgstr "This command would allow the dynamic update of capabilities over an established BGP session."
-#: ../../configuration/interfaces/vxlan.rst:272
+#: ../../configuration/interfaces/vxlan.rst:293
msgid "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan 241 with the vxlan241-interface. The IP address is not required. It may however be used as a default gateway for each Leaf which allows devices on the vlan to reach other subnets. This requires that the subnets are redistributed by OSPF so that the Spine will learn how to reach it. To do this you need to change the OSPF network from '10.0.0.0/8' to '0.0.0.0/0' to allow 172.16/12-networks to be advertised."
@@ -15548,7 +14804,12 @@ msgstr "This configuration listen on port 80 and redirect incoming requests to H
msgid "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
msgstr "This configuration modifies the behavior of the network statement. If you have this configured the underlying network must exist in the routing table."
-#: ../../configuration/service/dhcp-server.rst:78
+#: ../../configuration/service/dhcp-server.rst:76
+#: ../../configuration/service/dhcp-server.rst:520
+msgid "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+msgstr "This configuration parameter is required and must be unique to each subnet. It is required to map subnets to lease file entries."
+
+#: ../../configuration/service/dhcp-server.rst:58
msgid "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
msgstr "This configuration parameter lets the DHCP server to listen for DHCP requests sent to the specified address, it is only realistically useful for a server whose only clients are reached via unicasts, such as via DHCP relay agents."
@@ -15572,30 +14833,11 @@ msgstr "This defaults to 1812."
msgid "This defaults to 2007."
msgstr "This defaults to 2007."
-#: ../../configuration/service/dns.rst:258
+#: ../../configuration/service/dns.rst:271
msgid "This defaults to 300 seconds."
msgstr "This defaults to 300 seconds."
#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
-#: ../../_include/interface-ip.txt:25
msgid "This defaults to 30 seconds."
msgstr "This defaults to 30 seconds."
@@ -15611,6 +14853,14 @@ msgstr "This defaults to 5."
msgid "This defaults to UDP"
msgstr "This defaults to UDP"
+#: ../../configuration/service/https.rst:52
+msgid "This defaults to both 1.2 and 1.3."
+msgstr "This defaults to both 1.2 and 1.3."
+
+#: ../../configuration/pki/index.rst:283
+msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory"
+
#: ../../configuration/interfaces/wireless.rst:101
msgid "This defaults to phy0."
msgstr "This defaults to phy0."
@@ -15635,7 +14885,7 @@ msgstr "This enables :rfc:`3137` support, where the OSPF process describes its t
msgid "This enables the greenfield option which sets the ``[GF]`` option"
msgstr "This enables the greenfield option which sets the ``[GF]`` option"
-#: ../../configuration/nat/nat44.rst:546
+#: ../../configuration/nat/nat44.rst:568
msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic."
@@ -15647,28 +14897,28 @@ msgstr "This example shows how to target an MSS clamp (in our example to 1360 by
msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."
-#: ../../configuration/service/dns.rst:391
+#: ../../configuration/service/dns.rst:404
msgid "This functionality is controlled by adding the following configuration:"
msgstr "This functionality is controlled by adding the following configuration:"
-#: ../../configuration/firewall/general.rst:626
-#: ../../configuration/firewall/general-legacy.rst:431
+#: ../../configuration/firewall/ipv4.rst:376
+#: ../../configuration/firewall/ipv6.rst:378
msgid "This functions for both individual addresses and address groups."
msgstr "This functions for both individual addresses and address groups."
-#: ../../configuration/protocols/isis.rst:449
+#: ../../configuration/protocols/isis.rst:477
#: ../../configuration/protocols/ospf.rst:968
msgid "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
msgstr "This gives us IGP-LDP synchronization for all non-loopback interfaces with a holddown timer of zero seconds:"
-#: ../../configuration/protocols/isis.rst:501
+#: ../../configuration/protocols/isis.rst:529
#: ../../configuration/protocols/ospf.rst:1018
#: ../../configuration/protocols/segment-routing.rst:229
#: ../../configuration/protocols/segment-routing.rst:312
msgid "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
msgstr "This gives us MPLS segment routing enabled and labels for far end loopbacks:"
-#: ../../configuration/protocols/isis.rst:339
+#: ../../configuration/protocols/isis.rst:367
msgid "This gives us the following neighborships, Level 1 and Level 2:"
msgstr "This gives us the following neighborships, Level 1 and Level 2:"
@@ -15680,11 +14930,11 @@ msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolu
msgid "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
msgstr "This is a common scenario where both :ref:`source-nat` and :ref:`destination-nat` are configured at the same time. It's commonly used when internal (private) hosts need to establish a connection with external resources and external systems need to access internal (private) resources."
-#: ../../configuration/service/dhcp-server.rst:96
+#: ../../configuration/service/dhcp-server.rst:82
msgid "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
msgstr "This is a configuration parameter for the `<subnet>`, saying that as part of the response, tell the client that the default gateway can be reached at `<address>`."
-#: ../../configuration/service/dhcp-server.rst:103
+#: ../../configuration/service/dhcp-server.rst:89
msgid "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
msgstr "This is a configuration parameter for the subnet, saying that as part of the response, tell the client that the DNS server can be found at `<address>`."
@@ -15696,6 +14946,11 @@ msgstr "This is a mandatory command. Sets regular expression to match against lo
msgid "This is a mandatory command. Sets the full path to the script. The script file must be executable."
msgstr "This is a mandatory command. Sets the full path to the script. The script file must be executable."
+#: ../../configuration/pki/index.rst:261
+#: ../../configuration/pki/index.rst:267
+msgid "This is a mandatory option"
+msgstr "This is a mandatory option"
+
#: ../../configuration/protocols/rpki.rst:117
#: ../../configuration/protocols/rpki.rst:124
msgid "This is a mandatory setting."
@@ -15726,29 +14981,10 @@ msgid "This is an optional command because the event handler will be automatical
msgstr "This is an optional command because the event handler will be automatically created after any of the next commands."
#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
-#: ../../_include/interface-ip.txt:156
msgid "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
msgstr "This is done to support (ethernet) switch features, like :rfc:`3069`, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in :rfc:`3069`, it is possible to allow these hosts to communicate through the upstream router by proxy_arp'ing."
-#: ../../configuration/protocols/igmp.rst:208
+#: ../../configuration/protocols/igmp-proxy.rst:36
msgid "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
msgstr "This is especially useful for the upstream interface, since the source for multicast traffic is often from a remote location."
@@ -15777,13 +15013,13 @@ msgstr "This is the LAN extension use case. The eth0 port of the distant VPN pee
msgid "This is the LCD model used in your system."
msgstr "This is the LCD model used in your system."
-#: ../../configuration/service/dhcp-server.rst:40
-#: ../../configuration/service/dhcp-server.rst:49
-#: ../../configuration/service/dhcp-server.rst:56
+#: ../../configuration/service/dhcp-server.rst:35
+#: ../../configuration/service/dhcp-server.rst:44
+#: ../../configuration/service/dhcp-server.rst:51
msgid "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
msgstr "This is the configuration parameter for the entire shared network definition. All subnets will inherit this configuration item if not specified locally."
-#: ../../configuration/service/dhcp-server.rst:232
+#: ../../configuration/service/dhcp-server.rst:197
msgid "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
msgstr "This is the equivalent of the host block in dhcpd.conf of isc-dhcpd."
@@ -15795,7 +15031,7 @@ msgstr "This is the name of the physical interface used to connect to your LCD d
msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**"
-#: ../../configuration/service/dhcp-server.rst:230
+#: ../../configuration/service/dhcp-server.rst:195
msgid "This is useful, for example, in combination with hostfile update."
msgstr "This is useful, for example, in combination with hostfile update."
@@ -15808,25 +15044,6 @@ msgid "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.
msgstr "This makes the server authoritatively not aware of: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones."
#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
-#: ../../_include/interface-ipv6.txt:12
msgid "This method automatically disables IPv6 traffic forwarding on the interface in question."
msgstr "This method automatically disables IPv6 traffic forwarding on the interface in question."
@@ -15847,11 +15064,11 @@ msgstr "This mode provides load balancing and fault tolerance."
msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control."
-#: ../../configuration/service/dhcp-server.rst:133
+#: ../../configuration/service/dhcp-server.rst:119
msgid "This option can be specified multiple times."
msgstr "This option can be specified multiple times."
-#: ../../configuration/protocols/igmp.rst:211
+#: ../../configuration/protocols/igmp-proxy.rst:39
msgid "This option can be supplied multiple times."
msgstr "This option can be supplied multiple times."
@@ -15863,7 +15080,15 @@ msgstr "This option is mandatory in Access-Point mode."
msgid "This option is required when running a DMVPN spoke."
msgstr "This option is required when running a DMVPN spoke."
-#: ../../configuration/system/login.rst:388
+#: ../../_include/interface-dhcp-options.txt:86
+msgid "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+msgstr "This option is used by some DHCP clients as a way for users to specify identifying information to the client. This can be used in a similar way to the vendor-class-identifier option, but the value of the option is specified by the user, not the vendor."
+
+#: ../../_include/interface-dhcp-options.txt:31
+msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard."
+
+#: ../../configuration/system/login.rst:390
msgid "This option must be used with ``timeout`` option."
msgstr "This option must be used with ``timeout`` option."
@@ -15876,6 +15101,10 @@ msgstr "This option only affects 802.3ad mode."
msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts."
+#: ../../configuration/pki/index.rst:277
+msgid "This options defaults to 2048"
+msgstr "This options defaults to 2048"
+
#: ../../configuration/protocols/ospf.rst:326
msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:"
@@ -15892,7 +15121,9 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer
msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:360
+#: ../../configuration/firewall/bridge.rst:90
+#: ../../configuration/firewall/ipv4.rst:114
+#: ../../configuration/firewall/ipv6.rst:114
msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."
@@ -15905,7 +15136,7 @@ msgstr "This requires two files, one to create the device (XXX.netdev) and one t
msgid "This results in the active configuration:"
msgstr "This results in the active configuration:"
-#: ../../configuration/service/dhcp-server.rst:88
+#: ../../configuration/service/dhcp-server.rst:68
msgid "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
msgstr "This says that this device is the only DHCP server for this network. If other devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to any device trying to request an IP address that is not valid for this network."
@@ -15918,19 +15149,6 @@ msgid "This section describes the system's host information and how to configure
msgstr "This section describes the system's host information and how to configure them, it covers the following topics:"
#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
-#: ../../_include/need_improvement.txt:11
msgid "This section needs improvements, examples and explanations."
msgstr "This section needs improvements, examples and explanations."
@@ -15938,10 +15156,17 @@ msgstr "This section needs improvements, examples and explanations."
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."
-#: ../../configuration/firewall/general.rst:392
+#: ../../configuration/firewall/ipv4.rst:142
+#: ../../configuration/firewall/ipv6.rst:142
msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+#: ../../configuration/firewall/bridge.rst:132
+#: ../../configuration/firewall/ipv4.rst:179
+#: ../../configuration/firewall/ipv6.rst:179
+msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."
+
#: ../../configuration/interfaces/openvpn.rst:278
msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients."
@@ -15958,13 +15183,11 @@ msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amou
msgid "This setting defaults to 1500 and is valid between 10 and 60000."
msgstr "This setting defaults to 1500 and is valid between 10 and 60000."
-#: ../../configuration/firewall/general.rst:121
-#: ../../configuration/firewall/general-legacy.rst:73
+#: ../../configuration/firewall/global-options.rst:58
msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:129
-#: ../../configuration/firewall/general-legacy.rst:81
+#: ../../configuration/firewall/global-options.rst:66
msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:"
@@ -15973,21 +15196,6 @@ msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-
msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:"
#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
-#: ../../_include/interface-dhcpv6-options.txt:28
msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes."
@@ -15995,30 +15203,11 @@ msgstr "This statement specifies dhcp6c to only exchange informational configura
msgid "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
msgstr "This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup <seconds>` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400."
-#: ../../configuration/nat/nat44.rst:409
+#: ../../configuration/nat/nat44.rst:423
msgid "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT."
#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
-#: ../../_include/interface-ip.txt:164
msgid "This technology is known by different names:"
msgstr "This technology is known by different names:"
@@ -16026,7 +15215,7 @@ msgstr "This technology is known by different names:"
msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain."
-#: ../../configuration/interfaces/vxlan.rst:173
+#: ../../configuration/interfaces/vxlan.rst:194
msgid "This topology was built using GNS3."
msgstr "This topology was built using GNS3."
@@ -16042,26 +15231,37 @@ msgstr "This will configure a static ARP entry always resolving `<address>` to `
msgid "This will match TCP traffic with source port 80."
msgstr "This will match TCP traffic with source port 80."
-#: ../../configuration/service/dns.rst:282
+#: ../../configuration/service/dns.rst:295
msgid "This will render the following ddclient_ configuration entry:"
msgstr "This will render the following ddclient_ configuration entry:"
-#: ../../configuration/firewall/general.rst:1314
-#: ../../configuration/firewall/general-legacy.rst:785
+#: ../../configuration/firewall/ipv6.rst:969
msgid "This will show you a basic firewall overview"
msgstr "This will show you a basic firewall overview"
+#: ../../configuration/firewall/ipv4.rst:961
+msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4"
+
+#: ../../configuration/firewall/zone.rst:149
+msgid "This will show you a basic summary of a particular zone."
+msgstr "This will show you a basic summary of a particular zone."
+
+#: ../../configuration/firewall/zone.rst:132
+msgid "This will show you a basic summary of zones configuration."
+msgstr "This will show you a basic summary of zones configuration."
+
#: ../../configuration/firewall/general-legacy.rst:936
msgid "This will show you a rule-set statistic since the last boot."
msgstr "This will show you a rule-set statistic since the last boot."
-#: ../../configuration/firewall/general.rst:1479
-#: ../../configuration/firewall/general-legacy.rst:900
+#: ../../configuration/firewall/ipv4.rst:1112
+#: ../../configuration/firewall/ipv6.rst:1135
msgid "This will show you a statistic of all rule-sets since the last boot."
msgstr "This will show you a statistic of all rule-sets since the last boot."
-#: ../../configuration/firewall/general.rst:1377
-#: ../../configuration/firewall/general-legacy.rst:851
+#: ../../configuration/firewall/ipv4.rst:1016
+#: ../../configuration/firewall/ipv6.rst:1032
msgid "This will show you a summary of rule-sets and groups"
msgstr "This will show you a summary of rule-sets and groups"
@@ -16069,7 +15269,7 @@ msgstr "This will show you a summary of rule-sets and groups"
msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one."
-#: ../../configuration/nat/nat44.rst:566
+#: ../../configuration/nat/nat44.rst:590
msgid "This would generate the following configuration:"
msgstr "This would generate the following configuration:"
@@ -16105,8 +15305,8 @@ msgstr "Time in seconds that the prefix will remain valid (default: 30 days)"
msgid "Time is in minutes and defaults to 60."
msgstr "Time is in minutes and defaults to 60."
-#: ../../configuration/firewall/general.rst:1211
-#: ../../configuration/firewall/general-legacy.rst:722
+#: ../../configuration/firewall/ipv4.rst:874
+#: ../../configuration/firewall/ipv6.rst:883
#: ../../configuration/policy/route.rst:225
msgid "Time to match the defined rule."
msgstr "Time to match the defined rule."
@@ -16115,11 +15315,11 @@ msgstr "Time to match the defined rule."
msgid "Timeout in seconds between health target checks."
msgstr "Timeout in seconds between health target checks."
-#: ../../configuration/vpn/sstp.rst:223
+#: ../../configuration/vpn/sstp.rst:234
msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)"
-#: ../../configuration/vpn/sstp.rst:243
+#: ../../configuration/vpn/sstp.rst:254
msgid "Timeout to wait response from server (seconds)"
msgstr "Timeout to wait response from server (seconds)"
@@ -16136,7 +15336,15 @@ msgstr "To activate the VLAN aware bridge, you must activate this setting to use
msgid "To allow VPN-clients access via your external address, a NAT rule is required:"
msgstr "To allow VPN-clients access via your external address, a NAT rule is required:"
-#: ../../configuration/vpn/site2site_ipsec.rst:253
+#: ../../configuration/service/mdns.rst:68
+msgid "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+msgstr "To allow listing additional custom domain, for example ``openthread.thread.home.arpa``, so that it can reflected in addition to the default ``local``, use the following command:"
+
+#: ../../configuration/service/mdns.rst:60
+msgid "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+msgstr "To allow only specific services, for example ``_airplay._tcp`` or ``_ipp._tcp``, (instead of all services) to be re-broadcasted, use the following command:"
+
+#: ../../configuration/vpn/site2site_ipsec.rst:257
msgid "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
msgstr "To allow traffic to pass through to clients, you need to add the following rules. (if you used the default configuration at the top of this page)"
@@ -16152,16 +15360,45 @@ msgstr "To auto update the blacklist files"
msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition."
+#: ../../configuration/service/pppoe-server.rst:59
+msgid "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+msgstr "To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a named pool. There is possibility to create multiple named pools. Each named pool can include only one address range. To use multiple address ranges configure ``next-pool`` option."
+
#: ../../configuration/firewall/general-legacy.rst:314
msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."
-#: ../../configuration/firewall/general.rst:401
-#: ../../configuration/firewall/general-legacy.rst:295
+#: ../../configuration/firewall/bridge.rst:140
+#: ../../configuration/firewall/ipv4.rst:187
+#: ../../configuration/firewall/ipv6.rst:187
msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."
-#: ../../configuration/firewall/general.rst:374
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
+msgid "To be used only when action is set to ``jump``. Use this command to specify jump target."
+msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target."
+
+#: ../../configuration/firewall/bridge.rst:120
+#: ../../configuration/firewall/ipv4.rst:163
+#: ../../configuration/firewall/ipv6.rst:163
+msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues."
+
+#: ../../configuration/firewall/bridge.rst:111
+#: ../../configuration/firewall/ipv4.rst:150
+#: ../../configuration/firewall/ipv6.rst:150
+msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue."
+
+#: ../../configuration/firewall/bridge.rst:103
+#: ../../configuration/firewall/ipv4.rst:138
+#: ../../configuration/firewall/ipv6.rst:138
+msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported."
+
+#: ../../configuration/firewall/ipv4.rst:126
+#: ../../configuration/firewall/ipv6.rst:126
msgid "To be used only when action is set to jump. Use this command to specify jump target."
msgstr "To be used only when action is set to jump. Use this command to specify jump target."
@@ -16177,11 +15414,11 @@ msgstr "To bypass the proxy for every request that is directed to a specific des
msgid "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
msgstr "To configure IPv6 assignments for clients, two options need to be configured. A global prefix which is terminated on the clients cpe and a delegated prefix, the client can use for devices routed via the clients cpe."
-#: ../../configuration/firewall/index.rst:58
+#: ../../configuration/firewall/index.rst:179
msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`"
-#: ../../configuration/firewall/index.rst:79
+#: ../../configuration/firewall/index.rst:173
msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`"
@@ -16209,7 +15446,7 @@ msgstr "To configure your LCD display you must first identify the used hardware,
msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time."
-#: ../../configuration/system/login.rst:375
+#: ../../configuration/system/login.rst:377
msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``."
@@ -16221,7 +15458,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports."
msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:"
-#: ../../configuration/firewall/zone.rst:61
+#: ../../configuration/firewall/zone.rst:80
msgid "To define a zone setup either one with interfaces or a local zone."
msgstr "To define a zone setup either one with interfaces or a local zone."
@@ -16233,7 +15470,7 @@ msgstr "To disable advertisements without deleting the configuration:"
msgid "To display the configured OTP user key, use the command:"
msgstr "To display the configured OTP user key, use the command:"
-#: ../../configuration/vpn/openconnect.rst:219
+#: ../../configuration/vpn/openconnect.rst:226
msgid "To display the configured OTP user settings, use the command:"
msgstr "To display the configured OTP user settings, use the command:"
@@ -16254,7 +15491,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to
msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled."
-#: ../../configuration/service/https.rst:23
+#: ../../configuration/service/https.rst:68
msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`"
@@ -16262,6 +15499,14 @@ msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`mon
msgid "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
msgstr "To enable mDNS repeater you need to configure at least two interfaces. To re-broadcast all incoming mDNS packets from any interface configured here to any other interface configured under this section."
+#: ../../configuration/service/mdns.rst:23
+msgid "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+msgstr "To enable mDNS repeater you need to configure at least two interfaces so that all incoming mDNS packets from one interface configured here can be re-broadcasted to any other interface(s) configured under this section."
+
+#: ../../configuration/vpn/openconnect.rst:168
+msgid "To enable the HTTP security headers in the configuration file, use the command:"
+msgstr "To enable the HTTP security headers in the configuration file, use the command:"
+
#: ../../configuration/loadbalancing/wan.rst:115
msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:"
@@ -16282,7 +15527,7 @@ msgstr "To generate the CA, the server private key and certificates the followin
msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system."
-#: ../../configuration/service/dhcp-server.rst:636
+#: ../../configuration/service/dhcp-server.rst:566
msgid "To hand out individual prefixes to your clients the following configuration is used:"
msgstr "To hand out individual prefixes to your clients the following configuration is used:"
@@ -16290,7 +15535,7 @@ msgstr "To hand out individual prefixes to your clients the following configurat
msgid "To know more about scripting, check the :ref:`command-scripting` section."
msgstr "To know more about scripting, check the :ref:`command-scripting` section."
-#: ../../configuration/service/mdns.rst:36
+#: ../../configuration/service/mdns.rst:52
msgid "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
msgstr "To listen on both `eth0` and `eth1` mDNS packets and also repeat packets received on `eth0` to `eth1` (and vice-versa) use the following commands:"
@@ -16304,34 +15549,18 @@ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip osp
msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:17
msgid "To request a /56 prefix from your ISP use:"
msgstr "To request a /56 prefix from your ISP use:"
-#: ../../configuration/service/dhcp-server.rst:748
+#: ../../configuration/service/dhcp-server.rst:680
msgid "To restart the DHCPv6 server"
msgstr "To restart the DHCPv6 server"
-#: ../../configuration/nat/nat44.rst:315
+#: ../../configuration/nat/nat44.rst:327
msgid "To setup SNAT, we need to know:"
msgstr "To setup SNAT, we need to know:"
-#: ../../configuration/nat/nat44.rst:501
+#: ../../configuration/nat/nat44.rst:521
msgid "To setup a destination NAT rule we need to gather:"
msgstr "To setup a destination NAT rule we need to gather:"
@@ -16343,11 +15572,11 @@ msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary
msgid "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used."
-#: ../../configuration/service/pppoe-server.rst:106
+#: ../../configuration/service/pppoe-server.rst:93
msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
msgstr "To use a radius server, you need to switch to authentication mode RADIUS and then configure it."
-#: ../../configuration/service/dns.rst:308
+#: ../../configuration/service/dns.rst:321
msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
msgstr "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server."
@@ -16355,15 +15584,15 @@ msgstr "To use such a service, one must define a login, password, one or multipl
msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_"
-#: ../../configuration/service/https.rst:86
+#: ../../configuration/service/https.rst:77
msgid "To use this full configuration we asume a public accessible hostname."
msgstr "To use this full configuration we asume a public accessible hostname."
-#: ../../configuration/interfaces/vxlan.rst:175
+#: ../../configuration/interfaces/vxlan.rst:196
msgid "Topology:"
msgstr "Topology:"
-#: ../../configuration/interfaces/vxlan.rst:107
+#: ../../configuration/interfaces/vxlan.rst:128
msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5"
@@ -16379,7 +15608,7 @@ msgstr "Track option to track non VRRP interface states. VRRP changes status to
msgid "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
msgstr "Traditional BGP did not have the feature to detect a remote peer's capabilities, e.g. whether it can handle prefix types other than IPv4 unicast routes. This was a big problem using Multiprotocol Extension for BGP in an operational network. :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* does not send these Capability Negotiation packets (at least not unless other optional BGP features require capability negotiation)."
-#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:175
msgid "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
msgstr "Traditionally firewalls weere configured with the concept of data going in and out of an interface. The router just listened to the data flowing through and responding as required if it was directed at the router itself."
@@ -16399,7 +15628,7 @@ msgstr "Traffic Filters are used to control which packets will have the defined
msgid "Traffic Policy"
msgstr "Traffic Policy"
-#: ../../configuration/firewall/zone.rst:37
+#: ../../configuration/firewall/zone.rst:56
msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member."
msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member."
@@ -16411,10 +15640,19 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece
msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."
-#: ../../configuration/firewall/general.rst:1281
+#: ../../configuration/protocols/pim.rst:18
+msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`."
+
+#: ../../configuration/firewall/ipv4.rst:928
+#: ../../configuration/firewall/ipv6.rst:937
msgid "Traffic must be symmetric"
msgstr "Traffic must be symmetric"
+#: ../../configuration/firewall/bridge.rst:34
+msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:"
+
#: ../../configuration/highavailability/index.rst:322
msgid "Transition scripts"
msgstr "Transition scripts"
@@ -16427,11 +15665,11 @@ msgstr "Transition scripts can help you implement various fixups, such as starti
msgid "Transparent Proxy"
msgstr "Transparent Proxy"
+#: ../../configuration/interfaces/openvpn.rst:701
#: ../../configuration/interfaces/tunnel.rst:227
msgid "Troubleshooting"
msgstr "Troubleshooting"
-#: ../../configuration/protocols/igmp.rst:119
#: ../../configuration/protocols/pim6.rst:41
msgid "Tuning commands"
msgstr "Tuning commands"
@@ -16448,6 +15686,10 @@ msgstr "Tunnel keys"
msgid "Two environment variables are available:"
msgstr "Two environment variables are available:"
+#: ../../configuration/firewall/flowtables.rst:104
+msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1"
+
#: ../../configuration/service/ssh.rst:188
msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created."
@@ -16460,7 +15702,7 @@ msgstr "Two routers connected both via eth1 through an untrusted switch"
msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``."
-#: ../../configuration/nat/nat44.rst:594
+#: ../../configuration/nat/nat44.rst:618
msgid "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
msgstr "Typically, a 1-to-1 NAT rule omits the destination port (all ports) and replaces the protocol with either **all** or **ip**."
@@ -16504,7 +15746,7 @@ msgstr "USB to serial converters will handle most of their work in software so y
msgid "UUCP subsystem"
msgstr "UUCP subsystem"
-#: ../../configuration/interfaces/vxlan.rst:81
+#: ../../configuration/interfaces/vxlan.rst:102
msgid "Unicast"
msgstr "Unicast"
@@ -16512,7 +15754,7 @@ msgstr "Unicast"
msgid "Unicast VRRP"
msgstr "Unicast VRRP"
-#: ../../configuration/interfaces/vxlan.rst:319
+#: ../../configuration/interfaces/vxlan.rst:340
msgid "Unicast VXLAN"
msgstr "Unicast VXLAN"
@@ -16540,11 +15782,15 @@ msgstr "Update"
msgid "Update container image"
msgstr "Update container image"
-#: ../../configuration/firewall/general.rst:1540
-#: ../../configuration/firewall/general-legacy.rst:1050
+#: ../../configuration/firewall/ipv4.rst:1175
+#: ../../configuration/firewall/ipv6.rst:1191
msgid "Update geoip database"
msgstr "Update geoip database"
+#: ../../configuration/system/updates.rst:3
+msgid "Updates"
+msgstr "Updates"
+
#: ../../configuration/protocols/rpki.rst:99
msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)."
@@ -16566,7 +15812,11 @@ msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in
msgid "Use 802.11n protocol"
msgstr "Use 802.11n protocol"
-#: ../../configuration/service/dns.rst:352
+#: ../../configuration/service/https.rst:23
+msgid "Use CA certificate from PKI subsystem"
+msgstr "Use CA certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:365
msgid "Use DynDNS as your preferred provider:"
msgstr "Use DynDNS as your preferred provider:"
@@ -16578,6 +15828,10 @@ msgstr "Use TLS but skip host validation"
msgid "Use TLS encryption."
msgstr "Use TLS encryption."
+#: ../../configuration/service/https.rst:31
+msgid "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length."
+
#: ../../configuration/vpn/sstp.rst:121
msgid "Use `<subnet>` as the IP pool for all connecting clients."
msgstr "Use `<subnet>` as the IP pool for all connecting clients."
@@ -16594,67 +15848,52 @@ msgstr "Use `delete system conntrack modules` to deactive all modules."
msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."
-#: ../../configuration/firewall/general.rst:799
-#: ../../configuration/firewall/general-legacy.rst:531
+#: ../../configuration/firewall/ipv4.rst:515
+#: ../../configuration/firewall/ipv6.rst:525
msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:874
-#: ../../configuration/firewall/general-legacy.rst:567
+#: ../../configuration/firewall/ipv4.rst:578
+#: ../../configuration/firewall/ipv6.rst:588
msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:899
-#: ../../configuration/firewall/general-legacy.rst:579
+#: ../../configuration/firewall/ipv4.rst:599
+#: ../../configuration/firewall/ipv6.rst:609
msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:824
-#: ../../configuration/firewall/general-legacy.rst:543
+#: ../../configuration/firewall/ipv4.rst:536
+#: ../../configuration/firewall/ipv6.rst:546
msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/firewall/general.rst:849
-#: ../../configuration/firewall/general-legacy.rst:555
+#: ../../configuration/firewall/ipv4.rst:557
+#: ../../configuration/firewall/ipv6.rst:567
msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."
-#: ../../configuration/nat/nat44.rst:247
+#: ../../configuration/nat/nat44.rst:259
msgid "Use address `masquerade` (the interfaces primary address) on rule 30"
msgstr "Use address `masquerade` (the interfaces primary address) on rule 30"
-#: ../../configuration/service/https.rst:67
+#: ../../configuration/service/https.rst:58
msgid "Use an automatically generated self-signed certificate"
msgstr "Use an automatically generated self-signed certificate"
#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
-#: ../../_include/interface-ip.txt:104
msgid "Use any local address, configured on any interface if this is not set."
msgstr "Use any local address, configured on any interface if this is not set."
-#: ../../configuration/service/dns.rst:266
+#: ../../configuration/service/dns.rst:279
msgid "Use auth key file at ``/config/auth/my.key``"
msgstr "Use auth key file at ``/config/auth/my.key``"
-#: ../../configuration/service/dns.rst:395
+#: ../../configuration/service/https.rst:27
+msgid "Use certificate from PKI subsystem"
+msgstr "Use certificate from PKI subsystem"
+
+#: ../../configuration/service/dns.rst:408
msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response."
@@ -16666,7 +15905,7 @@ msgstr "Use inverse-match to match anything except the given country-codes."
msgid "Use local socket for API"
msgstr "Use local socket for API"
-#: ../../configuration/vpn/sstp.rst:277
+#: ../../configuration/vpn/sstp.rst:288
msgid "Use local user `foo` with password `bar`"
msgstr "Use local user `foo` with password `bar`"
@@ -16682,6 +15921,10 @@ msgstr "Use the address of the specified interface on the local machine as the s
msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):"
+#: ../../configuration/nat/nat66.rst:142
+msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair."
+
#: ../../configuration/system/option.rst:48
msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address."
@@ -16710,11 +15953,11 @@ msgstr "Use this PIM command in the selected interface to set the priority (1-42
msgid "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_ flow. 31 seconds is chosen for a lower bound as some hardware platforms cannot see data flowing in better than 30 seconds chunks."
-#: ../../configuration/service/pppoe-server.rst:288
+#: ../../configuration/service/pppoe-server.rst:275
msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
-#: ../../configuration/vpn/sstp.rst:126
+#: ../../configuration/vpn/sstp.rst:137
msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64."
@@ -16742,7 +15985,7 @@ msgstr "Use this command if you would like to set the TCP session hold time inte
msgid "Use this command to allow the selected interface to join a multicast group."
msgstr "Use this command to allow the selected interface to join a multicast group."
-#: ../../configuration/protocols/igmp.rst:149
+#: ../../configuration/protocols/pim.rst:191
msgid "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
msgstr "Use this command to allow the selected interface to join a multicast group defining the multicast address you want to join and the source IP address too."
@@ -16762,19 +16005,19 @@ msgstr "Use this command to check the tunnel status for OpenVPN server interface
msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces."
-#: ../../configuration/system/ipv6.rst:180
+#: ../../configuration/system/ipv6.rst:154
msgid "Use this command to clear Border Gateway Protocol statistics or status."
msgstr "Use this command to clear Border Gateway Protocol statistics or status."
-#: ../../configuration/service/pppoe-server.rst:300
+#: ../../configuration/service/pppoe-server.rst:287
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/vpn/sstp.rst:135
+#: ../../configuration/vpn/sstp.rst:146
msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long."
-#: ../../configuration/service/pppoe-server.rst:133
+#: ../../configuration/service/pppoe-server.rst:120
msgid "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS so that you can remotely disconnect sessions and change some authentication parameters."
@@ -16855,7 +16098,7 @@ msgstr "Use this command to configure a Shaper policy, set its name, define a cl
msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic."
-#: ../../configuration/service/pppoe-server.rst:206
+#: ../../configuration/service/pppoe-server.rst:193
msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec."
@@ -16919,10 +16162,18 @@ msgstr "Use this command to configure an interface with IGMP so that PIM can rec
msgid "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
msgstr "Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in order to become neighbors."
-#: ../../configuration/protocols/igmp.rst:156
+#: ../../configuration/protocols/pim.rst:198
msgid "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
msgstr "Use this command to configure in the selected interface the IGMP host query interval (1-1800) in seconds that PIM will use."
+#: ../../configuration/protocols/pim.rst:202
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (*,G) state :rfc:`7761#section-4.1` has timed out."
+
+#: ../../configuration/protocols/pim.rst:204
+msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or (\\*,G) state :rfc:`7761#section-4.1` has timed out."
+
#: ../../configuration/protocols/igmp.rst:163
msgid "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
msgstr "Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the `(S,G) or (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has timed out."
@@ -16931,7 +16182,7 @@ msgstr "Use this command to configure in the selected interface the IGMP query r
msgid "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
msgstr "Use this command to configure in the selected interface the MLD host query interval (1-65535) in seconds that PIM will use. The default value is 125 seconds."
-#: ../../configuration/service/pppoe-server.rst:112
+#: ../../configuration/service/pppoe-server.rst:99
msgid "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
msgstr "Use this command to configure the IP address and the shared secret key of your RADIUS server. You can have multiple RADIUS servers configured if you wish to achieve redundancy."
@@ -16983,18 +16234,35 @@ msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic
msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)."
+#: ../../configuration/service/pppoe-server.rst:81
+#: ../../configuration/vpn/sstp.rst:132
+msgid "Use this command to define default address pool name."
+msgstr "Use this command to define default address pool name."
+
#: ../../configuration/system/name-server.rst:53
msgid "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
msgstr "Use this command to define domains, one at a time, so that the system uses them to complete unqualified host names. Maximum: 6 entries."
+#: ../../configuration/protocols/pim.rst:211
+msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3."
+
#: ../../configuration/protocols/igmp.rst:172
msgid "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
msgstr "Use this command to define in the selected interface whether you choose IGMP version 2 or 3. The default value is 3."
+#: ../../configuration/service/pppoe-server.rst:70
+msgid "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the IP address range to be given to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:73
msgid "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
msgstr "Use this command to define the first IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet."
+#: ../../configuration/vpn/sstp.rst:121
+msgid "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+msgstr "Use this command to define the first IP address of a pool of addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``, it must be within a /24 subnet. If notation ``x.x.x.x/x`` is used there is possibility to set host/netmask."
+
#: ../../configuration/service/pppoe-server.rst:42
msgid "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
msgstr "Use this command to define the interface the PPPoE server will use to listen for PPPoE clients."
@@ -17015,30 +16283,16 @@ msgstr "Use this command to define the maximum number of entries to keep in the
msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)."
+#: ../../configuration/service/pppoe-server.rst:77
+#: ../../configuration/vpn/sstp.rst:128
+msgid "Use this command to define the next address pool name."
+msgstr "Use this command to define the next address pool name."
+
#: ../../configuration/service/pppoe-server.rst:31
msgid "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
msgstr "Use this command to define whether your PPPoE clients will locally authenticate in your VyOS system or in RADIUS server."
#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
-#: ../../_include/interface-disable-link-detect.txt:4
msgid "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
msgstr "Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged."
@@ -17059,15 +16313,6 @@ msgid "Use this command to disable IPv6 operation on interface when Duplicate Ad
msgstr "Use this command to disable IPv6 operation on interface when Duplicate Address Detection fails on Link-Local address."
#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
-#: ../../_include/interface-disable-flow-control.txt:16
msgid "Use this command to disable the generation of Ethernet flow control (pause frames)."
msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)."
@@ -17107,30 +16352,11 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca
msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)."
-#: ../../configuration/service/pppoe-server.rst:249
+#: ../../configuration/service/pppoe-server.rst:236
msgid "Use this command to enable bandwidth shaping via RADIUS."
msgstr "Use this command to enable bandwidth shaping via RADIUS."
#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
-#: ../../_include/interface-ip.txt:137
msgid "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system."
@@ -17138,7 +16364,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th
msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection."
-#: ../../configuration/service/pppoe-server.rst:262
+#: ../../configuration/service/pppoe-server.rst:249
msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers."
@@ -17154,7 +16380,13 @@ msgstr "Use this command to enable the logging of the default action."
msgid "Use this command to enable the logging of the default action on custom chains."
msgstr "Use this command to enable the logging of the default action on custom chains."
-#: ../../configuration/system/ipv6.rst:191
+#: ../../configuration/firewall/bridge.rst:163
+#: ../../configuration/firewall/ipv4.rst:214
+#: ../../configuration/firewall/ipv6.rst:214
+msgid "Use this command to enable the logging of the default action on the specified chain."
+msgstr "Use this command to enable the logging of the default action on the specified chain."
+
+#: ../../configuration/system/ipv6.rst:165
msgid "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
msgstr "Use this command to flush the kernel IPv6 route cache. An address can be added to flush it only for that route."
@@ -17162,11 +16394,11 @@ msgstr "Use this command to flush the kernel IPv6 route cache. An address can be
msgid "Use this command to get an overview of a zone."
msgstr "Use this command to get an overview of a zone."
-#: ../../configuration/system/ipv6.rst:146
+#: ../../configuration/system/ipv6.rst:120
msgid "Use this command to get information about OSPFv3."
msgstr "Use this command to get information about OSPFv3."
-#: ../../configuration/system/ipv6.rst:168
+#: ../../configuration/system/ipv6.rst:142
msgid "Use this command to get information about the RIPNG protocol"
msgstr "Use this command to get information about the RIPNG protocol"
@@ -17178,7 +16410,7 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection
msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs."
-#: ../../configuration/service/pppoe-server.rst:324
+#: ../../configuration/service/pppoe-server.rst:311
msgid "Use this command to locally check the active sessions in the PPPoE server."
msgstr "Use this command to locally check the active sessions in the PPPoE server."
@@ -17195,7 +16427,7 @@ msgstr "Use this command to not install advertised DNS nameservers into the loca
msgid "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
msgstr "Use this command to prefer IPv4 for TCP peer transport connection for LDP when both an IPv4 and IPv6 LDP address are configured on the same interface."
-#: ../../configuration/system/ipv6.rst:186
+#: ../../configuration/system/ipv6.rst:160
msgid "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an address or interface."
@@ -17295,15 +16527,15 @@ msgstr "Use this command to show IPv6 multicast group membership."
msgid "Use this command to show IPv6 routes."
msgstr "Use this command to show IPv6 routes."
-#: ../../configuration/system/ipv6.rst:104
+#: ../../configuration/system/ipv6.rst:105
msgid "Use this command to show all IPv6 access lists"
msgstr "Use this command to show all IPv6 access lists"
-#: ../../configuration/system/ipv6.rst:89
+#: ../../configuration/system/ipv6.rst:90
msgid "Use this command to show all IPv6 prefix lists"
msgstr "Use this command to show all IPv6 prefix lists"
-#: ../../configuration/system/ipv6.rst:172
+#: ../../configuration/system/ipv6.rst:146
msgid "Use this command to show the status of the RIPNG protocol"
msgstr "Use this command to show the status of the RIPNG protocol"
@@ -17420,7 +16652,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the
msgid "VLAN"
msgstr "VLAN"
-#: ../../configuration/service/pppoe-server.rst:176
+#: ../../configuration/service/pppoe-server.rst:163
msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface."
@@ -17456,7 +16688,7 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN
msgid "VRF"
msgstr "VRF"
-#: ../../configuration/vrf/index.rst:409
+#: ../../configuration/vrf/index.rst:411
msgid "VRF Route Leaking"
msgstr "VRF Route Leaking"
@@ -17464,15 +16696,15 @@ msgstr "VRF Route Leaking"
msgid "VRF and NAT"
msgstr "VRF and NAT"
-#: ../../configuration/vrf/index.rst:378
+#: ../../configuration/vrf/index.rst:380
msgid "VRF blue routing table"
msgstr "VRF blue routing table"
-#: ../../configuration/vrf/index.rst:345
+#: ../../configuration/vrf/index.rst:347
msgid "VRF default routing table"
msgstr "VRF default routing table"
-#: ../../configuration/vrf/index.rst:361
+#: ../../configuration/vrf/index.rst:363
msgid "VRF red routing table"
msgstr "VRF red routing table"
@@ -17537,11 +16769,11 @@ msgstr "Valid values are 0..255."
msgid "Value"
msgstr "Value"
-#: ../../configuration/vpn/sstp.rst:252
+#: ../../configuration/vpn/sstp.rst:263
msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address."
-#: ../../configuration/vpn/sstp.rst:247
+#: ../../configuration/vpn/sstp.rst:258
msgid "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
msgstr "Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests."
@@ -17555,6 +16787,10 @@ msgstr "Verification"
msgid "Verification:"
msgstr "Verification:"
+#: ../../configuration/nat/nat66.rst:226
+msgid "Verify that connections are hitting the rule on both sides:"
+msgstr "Verify that connections are hitting the rule on both sides:"
+
#: ../../configuration/highavailability/index.rst:291
msgid "Version"
msgstr "Version"
@@ -17584,22 +16820,6 @@ msgid "VyOS 1.1 supported login as user ``root``. This has been removed due to t
msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2."
#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
-#: ../../_include/interface-dhcpv6-prefix-delegation.txt:3
msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks."
@@ -17615,7 +16835,7 @@ msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are store
msgid "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no longer accept anonymous NTP requests as in VyOS 1.3. All configurations will be migrated to keep the anonymous functionality. For new setups if you have clients using your VyOS installation as NTP server, you must specify the `allow-client` directive."
-#: ../../configuration/interfaces/bonding.rst:None
+#: ../../configuration/interfaces/bonding.rst:-1
msgid "VyOS Arista EOS setup"
msgstr "VyOS Arista EOS setup"
@@ -17635,7 +16855,11 @@ msgstr "VyOS IKE group has the next options:"
msgid "VyOS MIBs"
msgstr "VyOS MIBs"
-#: ../../configuration/nat/nat66.rst:None
+#: ../../configuration/nat/nat66.rst:-1
+msgid "VyOS NAT66 DHCPv6 using a dummy interface"
+msgstr "VyOS NAT66 DHCPv6 using a dummy interface"
+
+#: ../../configuration/nat/nat66.rst:-1
msgid "VyOS NAT66 Simple Configure"
msgstr "VyOS NAT66 Simple Configure"
@@ -17659,7 +16883,7 @@ msgstr "VyOS SNMP supports both IPv4 and IPv6."
msgid "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`."
-#: ../../configuration/service/dhcp-server.rst:580
+#: ../../configuration/service/dhcp-server.rst:504
msgid "VyOS also provides DHCPv6 server functionality which is described in this section."
msgstr "VyOS also provides DHCPv6 server functionality which is described in this section."
@@ -17704,11 +16928,11 @@ msgstr "VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, **IGMP*
msgid "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**."
-#: ../../configuration/service/dns.rst:201
+#: ../../configuration/service/dns.rst:214
msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose."
-#: ../../configuration/service/dns.rst:306
+#: ../../configuration/service/dns.rst:319
msgid "VyOS is also able to use any service relying on protocols supported by ddclient."
msgstr "VyOS is also able to use any service relying on protocols supported by ddclient."
@@ -17720,7 +16944,6 @@ msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where t
msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)."
-#: ../../configuration/firewall/general.rst:13
#: ../../configuration/firewall/general-legacy.rst:17
msgid "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
msgstr "VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering."
@@ -17737,7 +16960,7 @@ msgstr "VyOS not only can now manage certificates issued by 3rd party Certificat
msgid "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
msgstr "VyOS now also has the ability to create CAs, keys, Diffie-Hellman and other keypairs from an easy to access operational level command."
-#: ../../configuration/pki/index.rst:254
+#: ../../configuration/pki/index.rst:292
msgid "VyOS operational mode commands are not only available for generating keys but also to display them."
msgstr "VyOS operational mode commands are not only available for generating keys but also to display them."
@@ -17773,7 +16996,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an
msgid "VyOS provides some operational commands on OpenVPN."
msgstr "VyOS provides some operational commands on OpenVPN."
-#: ../../configuration/service/dhcp-server.rst:173
+#: ../../configuration/service/dhcp-server.rst:138
msgid "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
msgstr "VyOS provides support for DHCP failover. DHCP failover must be configured explicitly by the following statements."
@@ -17781,7 +17004,11 @@ msgstr "VyOS provides support for DHCP failover. DHCP failover must be configure
msgid "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
msgstr "VyOS reverse-proxy is balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications."
-#: ../../configuration/protocols/igmp.rst:30
+#: ../../configuration/protocols/pim.rst:9
+msgid "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+msgstr "VyOS supports :abbr:`PIM-SM (PIM Sparse Mode)` as well as :abbr:`IGMP (Internet Group Management Protocol)` v2 and v3"
+
+#: ../../configuration/protocols/pim.rst:26
msgid "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
msgstr "VyOS supports both IGMP version 2 and version 3 (which allows source-specific multicast)."
@@ -17793,11 +17020,15 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec
msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
+#: ../../configuration/system/updates.rst:5
+msgid "VyOS supports online checking for updates"
+msgstr "VyOS supports online checking for updates"
+
#: ../../configuration/system/sflow.rst:5
msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector."
-#: ../../configuration/system/conntrack.rst:53
+#: ../../configuration/system/conntrack.rst:67
msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states."
@@ -17809,13 +17040,19 @@ msgstr "VyOS supports setting up PPPoE in two different ways to a PPPoE internet
msgid "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
msgstr "VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment."
+#: ../../configuration/service/dhcp-server.rst:7
+msgid "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+msgstr "VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment."
+
+#: ../../configuration/system/frr.rst:7
+msgid "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+msgstr "VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic and static routing. The routing daemon behavior can be adjusted during runtime, but require either a restart of the routing daemon, or a reboot of the system."
+
#: ../../configuration/interfaces/wwan.rst:12
msgid "VyOS uses the `interfaces wwan` subsystem for configuration."
msgstr "VyOS uses the `interfaces wwan` subsystem for configuration."
#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
-#: ../../_include/interface-mirror.txt:9
msgid "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
msgstr "VyOS uses the `mirror` option to configure port mirroring. The configuration is divided into 2 different directions. Destination ports should be configured for different traffic directions."
@@ -17839,7 +17076,7 @@ msgstr "VyOS utilizes accel-ppp_ to provide SSTP server functionality. We suppor
msgid "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
msgstr "WAN Load Balacing should not be used when dynamic routing protocol is used/needed. This feature creates customized routing tables and firewall rules, that makes it incompatible to use with routing protocols."
-#: ../../configuration/vpn/site2site_ipsec.rst:160
+#: ../../configuration/vpn/site2site_ipsec.rst:164
msgid "WAN interface on `eth1`"
msgstr "WAN interface on `eth1`"
@@ -17876,7 +17113,7 @@ msgstr "Warning conditions"
msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode."
-#: ../../configuration/nat/nat44.rst:760
+#: ../../configuration/nat/nat44.rst:782
msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too."
@@ -17896,7 +17133,7 @@ msgstr "We can also create the certificates using Cerbort which is an easy-to-us
msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:"
-#: ../../configuration/protocols/bgp.rst:1248
+#: ../../configuration/protocols/bgp.rst:1249
msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny."
msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny."
@@ -17924,7 +17161,7 @@ msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles.
msgid "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
msgstr "We only allow the 192.168.2.0/24 subnet to travel over the tunnel"
-#: ../../configuration/nat/nat44.rst:699
+#: ../../configuration/nat/nat44.rst:723
msgid "We only need a single step for this interface:"
msgstr "We only need a single step for this interface:"
@@ -17932,11 +17169,15 @@ msgstr "We only need a single step for this interface:"
msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`"
-#: ../../configuration/system/login.rst:418
+#: ../../configuration/system/login.rst:420
msgid "We use a vontainer providing the TACACS serve rin this example."
msgstr "We use a vontainer providing the TACACS serve rin this example."
-#: ../../configuration/service/dhcp-server.rst:364
+#: ../../configuration/firewall/flowtables.rst:114
+msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked."
+
+#: ../../configuration/service/dhcp-server.rst:331
msgid "Web Proxy Autodiscovery (WPAD) URL"
msgstr "Web Proxy Autodiscovery (WPAD) URL"
@@ -17944,19 +17185,31 @@ msgstr "Web Proxy Autodiscovery (WPAD) URL"
msgid "Webproxy"
msgstr "Webproxy"
+#: ../../configuration/service/https.rst:40
+msgid "Webserver should listen on specified port."
+msgstr "Webserver should listen on specified port."
+
+#: ../../configuration/service/https.rst:36
+msgid "Webserver should only listen on specified IP address"
+msgstr "Webserver should only listen on specified IP address"
+
#: ../../configuration/protocols/mpls.rst:220
msgid "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
msgstr "When LDP is working, you will be able to see label information in the outcome of ``show ip route``. Besides that information, there are also specific *show* commands for LDP:"
+#: ../../configuration/protocols/pim.rst:75
+msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source."
+
#: ../../configuration/vrf/index.rst:73
msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface."
-#: ../../configuration/service/dns.rst:341
+#: ../../configuration/service/dns.rst:354
msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified."
-#: ../../configuration/service/dns.rst:334
+#: ../../configuration/service/dns.rst:347
msgid "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
msgstr "When a ``custom`` DynDNS provider is used the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper for available protocols."
@@ -17980,7 +17233,11 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from
msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP."
-#: ../../configuration/service/pppoe-server.rst:182
+#: ../../configuration/service/dns.rst:155
+msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled."
+
+#: ../../configuration/service/pppoe-server.rst:169
msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again."
@@ -17996,11 +17253,13 @@ msgstr "When configuring your filter, you can use the ``Tab`` key to see the man
msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."
-#: ../../configuration/firewall/general.rst:521
+#: ../../configuration/firewall/bridge.rst:210
+#: ../../configuration/firewall/ipv4.rst:290
+#: ../../configuration/firewall/ipv6.rst:290
msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."
-#: ../../configuration/nat/nat44.rst:299
+#: ../../configuration/nat/nat44.rst:311
msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend."
@@ -18031,21 +17290,6 @@ msgid "When mathcing all patterns defined in a rule, then different actions can
msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table."
#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
-#: ../../_include/interface-dhcpv6-options.txt:17
msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix."
@@ -18053,21 +17297,10 @@ msgstr "When no-release is specified, dhcp6c will send a release message on clie
msgid "When no options/parameters are used, the contents of the main syslog file are displayed."
msgstr "When no options/parameters are used, the contents of the main syslog file are displayed."
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
-#: ../../_include/interface-dhcpv6-options.txt:40
+#: ../../configuration/protocols/pim.rst:65
+msgid "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+msgstr "When processing packets from a neighbor process the number of packets incoming at one time before moving on to the next task."
+
#: ../../_include/interface-dhcpv6-options.txt:40
msgid "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements."
@@ -18080,6 +17313,10 @@ msgstr "When remote peer does not have capability negotiation feature, remote pe
msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets."
+#: ../../configuration/protocols/pim.rst:113
+msgid "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+msgstr "When sending PIM hello packets tell PIM to not send any v6 secondary addresses on the interface. This information is used to allow PIM to use v6 nexthops in it's decision for :abbr:`RPF (Reverse Path Forwarding)` lookup if this option is not set (default)."
+
#: ../../configuration/interfaces/pppoe.rst:108
msgid "When set the interface is enabled for \"dial-on-demand\"."
msgstr "When set the interface is enabled for \"dial-on-demand\"."
@@ -18097,37 +17334,19 @@ msgstr "When starting a VyOS live system (the installation CD) the configured ke
msgid "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
msgstr "When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if no ICMP Echo response has been heard, it assigns the address."
-#: ../../configuration/vpn/site2site_ipsec.rst:407
+#: ../../configuration/vpn/site2site_ipsec.rst:416
msgid "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
msgstr "When the close-action option is set on the peers, the connection-type of each peer has to considered carefully. For example, if the option is set on both peers, then both would attempt to initiate and hold open multiple copies of each child SA. This might lead to instability of the device or cpu/memory utilization."
-#: ../../configuration/firewall/general.rst:106
-#: ../../configuration/firewall/general-legacy.rst:58
+#: ../../configuration/firewall/global-options.rst:43
msgid "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
msgstr "When the command above is set, VyOS will answer every ICMP echo request addressed to itself, but that will only happen if no other rule is applied dropping or rejecting local echo requests. In case of conflict, VyOS will not answer ICMP echo requests."
-#: ../../configuration/firewall/general.rst:115
-#: ../../configuration/firewall/general-legacy.rst:67
+#: ../../configuration/firewall/global-options.rst:52
msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them."
#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
-#: ../../_include/interface-address-with-dhcp.txt:14
msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:"
@@ -18135,11 +17354,11 @@ msgstr "When using DHCP to retrieve IPv4 address and if local customizations are
msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!"
-#: ../../configuration/nat/nat44.rst:351
+#: ../../configuration/nat/nat44.rst:365
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
-#: ../../configuration/nat/nat44.rst:238
+#: ../../configuration/nat/nat44.rst:250
msgid "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
msgstr "When using NAT for a large number of host systems it recommended that a minimum of 1 IP address is used to NAT every 256 private host systems. This is due to the limit of 65,000 port numbers available for unique translations and a reserving an average of 200-300 sessions per host system."
@@ -18147,7 +17366,7 @@ msgstr "When using NAT for a large number of host systems it recommended that a
msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options."
-#: ../../configuration/vpn/openconnect.rst:215
+#: ../../configuration/vpn/openconnect.rst:222
msgid "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
msgstr "When using Time-based one-time password (TOTP) (OTP HOTP-time), be sure that the time on the server and the OTP token generator are synchronized by NTP"
@@ -18171,47 +17390,35 @@ msgstr "Where, main key words and configuration paths that needs to be understoo
msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation."
+#: ../../configuration/firewall/ipv4.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color."
+
+#: ../../configuration/firewall/ipv6.rst:42
+msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color."
+
#: ../../configuration/protocols/bgp.rst:86
msgid "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
msgstr "Where routes with a MED were received from the same AS, prefer the route with the lowest MED."
#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
-#: ../../_include/interface-ipv6.txt:77
msgid "Whether to accept DAD (Duplicate Address Detection)."
msgstr "Whether to accept DAD (Duplicate Address Detection)."
-#: ../../configuration/nat/nat44.rst:330
+#: ../../configuration/nat/nat44.rst:342
msgid "Which generates the following configuration:"
msgstr "Which generates the following configuration:"
-#: ../../configuration/nat/nat44.rst:444
+#: ../../configuration/nat/nat44.rst:458
msgid "Which results in a configuration of:"
msgstr "Which results in a configuration of:"
-#: ../../configuration/nat/nat44.rst:522
+#: ../../configuration/nat/nat44.rst:542
msgid "Which would generate the following NAT destination configuration:"
msgstr "Which would generate the following NAT destination configuration:"
-#: ../../configuration/firewall/general.rst:217
-#: ../../configuration/firewall/general-legacy.rst:193
+#: ../../configuration/firewall/groups.rst:44
msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended."
@@ -18293,7 +17500,7 @@ msgstr "Wireless options"
msgid "Wireless options (Station/Client)"
msgstr "Wireless options (Station/Client)"
-#: ../../configuration/firewall/index.rst:23
+#: ../../configuration/firewall/index.rst:7
msgid "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
msgstr "With VyOS being based on top of Linux and its kernel, the Netfilter project created the iptables and now the successor nftables for the Linux kernel to work directly on the data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g. a web server OR another device)."
@@ -18305,8 +17512,7 @@ msgstr "With WireGuard, a Road Warrior VPN config is similar to a site-to-site V
msgid "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the nameservers your ISP sends you and thus you can fully rely on the ones you have configured statically."
-#: ../../configuration/firewall/general.rst:94
-#: ../../configuration/firewall/general-legacy.rst:46
+#: ../../configuration/firewall/global-options.rst:31
msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic."
@@ -18314,29 +17520,29 @@ msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, o
msgid "With this command, you can specify how the URL path should be matched against incoming requests."
msgstr "With this command, you can specify how the URL path should be matched against incoming requests."
-#: ../../configuration/firewall/index.rst:73
+#: ../../configuration/firewall/index.rst:166
msgid "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
msgstr "With zone-based firewalls a new concept was implemented, in addtion to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above."
-#: ../../configuration/service/dhcp-server.rst:290
-#: ../../configuration/service/dhcp-server.rst:295
-#: ../../configuration/service/dhcp-server.rst:300
-#: ../../configuration/service/dhcp-server.rst:310
-#: ../../configuration/service/dhcp-server.rst:315
-#: ../../configuration/service/dhcp-server.rst:345
-#: ../../configuration/service/dhcp-server.rst:350
-#: ../../configuration/service/dhcp-server.rst:355
-#: ../../configuration/service/dhcp-server.rst:375
-#: ../../configuration/service/dhcp-server.rst:380
-#: ../../configuration/service/dhcp-server.rst:390
+#: ../../configuration/service/dhcp-server.rst:257
+#: ../../configuration/service/dhcp-server.rst:262
+#: ../../configuration/service/dhcp-server.rst:267
+#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:282
+#: ../../configuration/service/dhcp-server.rst:312
+#: ../../configuration/service/dhcp-server.rst:317
+#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:342
+#: ../../configuration/service/dhcp-server.rst:347
+#: ../../configuration/service/dhcp-server.rst:357
msgid "Y"
msgstr "Y"
-#: ../../configuration/firewall/zone.rst:99
+#: ../../configuration/firewall/zone.rst:118
msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair."
-#: ../../configuration/system/login.rst:363
+#: ../../configuration/system/login.rst:365
msgid "You are able to set post-login or pre-login banner messages to display certain information for this system."
msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system."
@@ -18348,24 +17554,23 @@ msgstr "You are be able to download the files using SCP, once the SSH service ha
msgid "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
msgstr "You can also configure the time interval for preemption with the \"preempt-delay\" option. For example, to set the higher priority router to take over in 180 seconds, use:"
-#: ../../configuration/system/conntrack.rst:86
+#: ../../configuration/system/conntrack.rst:99
msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
msgstr "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector."
-#: ../../configuration/service/dns.rst:299
+#: ../../configuration/service/dns.rst:312
msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``"
-#: ../../configuration/system/ipv6.rst:106
+#: ../../configuration/system/ipv6.rst:107
msgid "You can also specify which IPv6 access-list should be shown:"
msgstr "You can also specify which IPv6 access-list should be shown:"
-#: ../../configuration/protocols/igmp.rst:121
#: ../../configuration/protocols/pim6.rst:42
msgid "You can also tune multicast with the following commands."
msgstr "You can also tune multicast with the following commands."
-#: ../../configuration/service/pppoe-server.rst:152
+#: ../../configuration/service/pppoe-server.rst:139
msgid "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
msgstr "You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log."
@@ -18377,7 +17582,7 @@ msgstr "You can also write a description for a filter:"
msgid "You can assign multiple keys to the same user by using a unique identifier per SSH key."
msgstr "You can assign multiple keys to the same user by using a unique identifier per SSH key."
-#: ../../configuration/nat/nat44.rst:386
+#: ../../configuration/nat/nat44.rst:400
msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets."
@@ -18402,11 +17607,6 @@ msgid "You can configure multiple interfaces which whould participate in sflow a
msgstr "You can configure multiple interfaces which whould participate in sflow accounting."
#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
-#: ../../_include/interface-vlan-8021q.txt:29
msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094."
@@ -18414,7 +17614,7 @@ msgstr "You can create multiple VLAN interfaces on a physical interface. The VLA
msgid "You can disable a VRRP group with ``disable`` option:"
msgstr "You can disable a VRRP group with ``disable`` option:"
-#: ../../configuration/system/ipv6.rst:148
+#: ../../configuration/system/ipv6.rst:122
msgid "You can get more specific OSPFv3 information by using the parameters shown below:"
msgstr "You can get more specific OSPFv3 information by using the parameters shown below:"
@@ -18422,15 +17622,15 @@ msgstr "You can get more specific OSPFv3 information by using the parameters sho
msgid "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
msgstr "You can not assign the same allowed-ips statement to multiple WireGuard peers. This a design decision. For more information please check the `WireGuard mailing list`_."
-#: ../../configuration/service/mdns.rst:30
+#: ../../configuration/service/mdns.rst:46
msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!"
-#: ../../configuration/vpn/sstp.rst:320
+#: ../../configuration/vpn/sstp.rst:332
msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``."
-#: ../../configuration/system/login.rst:441
+#: ../../configuration/system/login.rst:443
msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container."
@@ -18442,7 +17642,7 @@ msgstr "You can only apply one policy per interface and direction, but you could
msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!"
-#: ../../configuration/service/dhcp-server.rst:211
+#: ../../configuration/service/dhcp-server.rst:176
msgid "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
msgstr "You can specify a static DHCP assignment on a per host basis. You will need the MAC address of the station and your desired IP address. The address must be inside the subnet definition but can be outside of the range statement."
@@ -18462,7 +17662,7 @@ msgstr "You can verify your VRRP group status with the operational mode ``run sh
msgid "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
msgstr "You can view that the policy is being correctly (or incorrectly) utilised with the following command:"
-#: ../../configuration/protocols/ospf.rst:1342
+#: ../../configuration/protocols/ospf.rst:1344
msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`."
@@ -18482,7 +17682,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated
msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature."
-#: ../../configuration/firewall/zone.rst:39
+#: ../../configuration/firewall/zone.rst:58
msgid "You need 2 separate firewalls to define traffic: one for each direction."
msgstr "You need 2 separate firewalls to define traffic: one for each direction."
@@ -18534,7 +17734,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro
msgid "Zone-Policy Overview"
msgstr "Zone-Policy Overview"
-#: ../../configuration/firewall/index.rst:66
+#: ../../configuration/firewall/index.rst:159
msgid "Zone-based firewall"
msgstr "Zone-based firewall"
@@ -18587,25 +17787,6 @@ msgid ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a ne
msgstr ":abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources."
#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
-#: ../../_include/interface-ipv6.txt:25
msgid ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
msgstr ":abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address."
@@ -18625,7 +17806,7 @@ msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally
msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size."
-#: ../../configuration/protocols/igmp.rst:181
+#: ../../configuration/protocols/igmp-proxy.rst:9
msgid ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
msgstr ":abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages on behalf of a connected client. The configuration must define one, and only one upstream interface, and one or more downstream interfaces."
@@ -18637,7 +17818,7 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc
msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP."
-#: ../../configuration/vrf/index.rst:399
+#: ../../configuration/vrf/index.rst:401
msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking."
@@ -18657,6 +17838,10 @@ msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys
msgid ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
msgstr ":abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to make the decision on finding the exit interface, a router will instead use an exact match on a 32 bit/4 byte header called the MPLS label. This label is inserted between the ethernet (layer 2) header and the IP (layer 3) header. One can statically or dynamically assign label allocations, but we will focus on dynamic allocation of labels using some sort of label distribution protocol (such as the aptly named Label Distribution Protocol / LDP, Resource Reservation Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow for the creation of a unidirectional/unicast path called a labeled switched path (initialized as LSP) throughout the network that operates very much like a tunnel through the network. An easy way of thinking about how an MPLS LSP actually forwards traffic throughout a network is to think of a GRE tunnel. They are not the same in how they operate, but they are the same in how they handle the tunneled packet. It would be good to think of MPLS as a tunneling technology that can be used to transport many different types of packets, to aid in traffic engineering by allowing one to specify paths throughout the network (using RSVP or SR), and to generally allow for easier intra/inter network transport of data packets."
+#: ../../configuration/nat/nat64.rst:7
+msgid ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+msgstr ":abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in modern networking, facilitating communication between IPv6 and IPv4 networks. This documentation outlines the setup, configuration, and usage of the NAT64 feature in your project. Whether you are transitioning to IPv6 or need to seamlessly connect IPv4 and IPv6 devices. NAT64 is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP."
+
#: ../../configuration/nat/nat44.rst:7
msgid ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
msgstr ":abbr:`NAT (Network Address Translation)` is a common method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used as a shortcut to avoid the need to readdress every host when a network was moved. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network."
@@ -18685,6 +17870,10 @@ msgstr ":abbr:`NTP (Network Time Protocol`) is a networking protocol for clock s
msgid ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
msgstr ":abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` (2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` addressing model."
+#: ../../configuration/protocols/pim.rst:12
+msgid ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+msgstr ":abbr:`PIM (Protocol Independent Multicast)` must be configured in every interface of every participating router. Every router must also have the location of the Rendevouz Point manually configured. Then, unidirectional shared trees rooted at the Rendevouz Point will automatically be built for multicast distribution."
+
#: ../../configuration/interfaces/pppoe.rst:9
msgid ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
msgstr ":abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the :abbr:`ISPs (Internet Service Providers)` IP network, and from there to the rest of the Internet. A 2005 networking book noted that \"Most DSL providers use PPPoE, which provides authentication, encryption, and compression.\" Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP."
@@ -18706,28 +17895,13 @@ msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementat
msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:"
#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
-#: ../../_include/interface-ipv6.txt:4
msgid ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
msgstr ":abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters."
+#: ../../configuration/nat/nat64.rst:28
+msgid ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+msgstr ":abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful translation mechanism that translates IPv6 addresses to IPv4 addresses."
+
#: ../../configuration/nat/nat44.rst:78
msgid ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
msgstr ":abbr:`SNAT (Source Network Address Translation)` is the most common form of :abbr:`NAT (Network Address Translation)` and is typically referred to simply as NAT. To be more correct, what most people refer to as :abbr:`NAT (Network Address Translation)` is actually the process of :abbr:`PAT (Port Address Translation)`, or NAT overload. SNAT is typically used by internal users/private hosts to access the Internet - the source address is translated and thus kept private."
@@ -18877,25 +18051,10 @@ msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``"
#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
-#: ../../_include/interface-dhcp-options.txt:4
msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client."
-#: ../../configuration/service/dns.rst:217
+#: ../../configuration/service/dns.rst:230
msgid ":rfc:`2136` Based"
msgstr ":rfc:`2136` Based"
@@ -18923,7 +18082,7 @@ msgstr "`3. Add a full path to the script`_"
msgid "`4. Add optional parameters`_"
msgstr "`4. Add optional parameters`_"
-#: ../../configuration/service/dhcp-server.rst:189
+#: ../../configuration/service/dhcp-server.rst:154
msgid "`<name>` must be identical on both sides!"
msgstr "`<name>` must be identical on both sides!"
@@ -18952,42 +18111,10 @@ msgid "``-`` failed"
msgstr "``-`` failed"
#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
-#: ../../_include/interface-address-with-dhcp.txt:19
msgid "``/config/scripts/dhcp-client/post-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/post-hooks.d/``"
#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
-#: ../../_include/interface-address-with-dhcp.txt:18
msgid "``/config/scripts/dhcp-client/pre-hooks.d/``"
msgstr "``/config/scripts/dhcp-client/pre-hooks.d/``"
@@ -19063,6 +18190,10 @@ msgstr "``4800`` - 4800 bps"
msgid "``57600`` - 57,600 bps"
msgstr "``57600`` - 57,600 bps"
+#: ../../configuration/nat/nat64.rst:31
+msgid "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. The prefix is used to represent IPv4 addresses in an IPv6 address format. The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. The high-order 32 bits are set to the well-known prefix 64:ff9b::/96."
+
#: ../../configuration/interfaces/bonding.rst:43
msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification."
@@ -19095,15 +18226,17 @@ msgstr "``a`` - 802.11a - 54 Mbits/sec"
msgid "``ac`` - 802.11ac - 1300 Mbits/sec"
msgstr "``ac`` - 802.11ac - 1300 Mbits/sec"
-#: ../../configuration/policy/route-map.rst:373
+#: ../../configuration/policy/route-map.rst:375
msgid "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
msgstr "``accept-own-nexthop`` - Well-known communities value accept-own-nexthop 0xFFFF0008"
-#: ../../configuration/policy/route-map.rst:366
+#: ../../configuration/policy/route-map.rst:368
msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001"
-#: ../../configuration/firewall/general.rst:334
+#: ../../configuration/firewall/bridge.rst:72
+#: ../../configuration/firewall/ipv4.rst:88
+#: ../../configuration/firewall/ipv6.rst:88
msgid "``accept``: accept the packet."
msgstr "``accept``: accept the packet."
@@ -19135,7 +18268,7 @@ msgstr "``all-available`` all checking target addresses must be available to pas
msgid "``any-available`` any of the checking target addresses must be available to pass this check"
msgstr "``any-available`` any of the checking target addresses must be available to pass this check"
-#: ../../configuration/vpn/site2site_ipsec.rst:376
+#: ../../configuration/vpn/site2site_ipsec.rst:385
msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device."
@@ -19163,7 +18296,7 @@ msgstr "``bgp`` - Border Gateway Protocol (BGP)"
msgid "``bind`` - select a VTI interface to bind to this peer;"
msgstr "``bind`` - select a VTI interface to bind to this peer;"
-#: ../../configuration/policy/route-map.rst:374
+#: ../../configuration/policy/route-map.rst:376
msgid "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
msgstr "``blackhole`` - Well-known communities value BLACKHOLE 0xFFFF029A"
@@ -19191,7 +18324,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating
msgid "``clear`` set action to clear;"
msgstr "``clear`` set action to clear;"
-#: ../../configuration/vpn/site2site_ipsec.rst:402
+#: ../../configuration/vpn/site2site_ipsec.rst:411
msgid "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
msgstr "``close-action = none | clear | hold | restart`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids."
@@ -19215,6 +18348,12 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)"
msgid "``connection-type`` - how to handle this connection process. Possible variants:"
msgstr "``connection-type`` - how to handle this connection process. Possible variants:"
+#: ../../configuration/firewall/bridge.rst:74
+#: ../../configuration/firewall/ipv4.rst:90
+#: ../../configuration/firewall/ipv6.rst:90
+msgid "``continue``: continue parsing next rule."
+msgstr "``continue``: continue parsing next rule."
+
#: ../../configuration/vpn/site2site_ipsec.rst:62
msgid "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check if a certificate for the remote peer is valid or revoked;"
@@ -19223,7 +18362,7 @@ msgstr "``crl-file`` - file with the Certificate Revocation List. Using to check
msgid "``d`` - Execution interval in days"
msgstr "``d`` - Execution interval in days"
-#: ../../configuration/vpn/site2site_ipsec.rst:391
+#: ../../configuration/vpn/site2site_ipsec.rst:400
msgid "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, hold, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``hold`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection."
@@ -19255,7 +18394,7 @@ msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec con
msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default."
-#: ../../configuration/vpn/site2site_ipsec.rst:387
+#: ../../configuration/vpn/site2site_ipsec.rst:396
msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration."
@@ -19279,7 +18418,9 @@ msgstr "``disable`` disable IPComp compression (default);"
msgid "``disable`` disable MOBIKE;"
msgstr "``disable`` disable MOBIKE;"
-#: ../../configuration/firewall/general.rst:336
+#: ../../configuration/firewall/bridge.rst:76
+#: ../../configuration/firewall/ipv4.rst:92
+#: ../../configuration/firewall/ipv6.rst:92
msgid "``drop``: drop the packet."
msgstr "``drop``: drop the packet."
@@ -19347,6 +18488,10 @@ msgstr "``file`` - path to the key file;"
msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+#: ../../configuration/vpn/ipsec.rst:164
+msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;"
+
#: ../../configuration/vpn/site2site_ipsec.rst:97
msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;"
@@ -19355,7 +18500,7 @@ msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagr
msgid "``g`` - 802.11g - 54 Mbits/sec (default)"
msgstr "``g`` - 802.11g - 54 Mbits/sec (default)"
-#: ../../configuration/policy/route-map.rst:365
+#: ../../configuration/policy/route-map.rst:367
msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000"
@@ -19435,7 +18580,7 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which
msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used."
-#: ../../configuration/policy/route-map.rst:364
+#: ../../configuration/policy/route-map.rst:366
msgid "``internet`` - Well-known communities value 0"
msgstr "``internet`` - Well-known communities value 0"
@@ -19447,7 +18592,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);"
msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)"
msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)"
-#: ../../configuration/firewall/general.rst:340
+#: ../../configuration/firewall/bridge.rst:78
+#: ../../configuration/firewall/ipv4.rst:96
+#: ../../configuration/firewall/ipv6.rst:96
msgid "``jump``: jump to another custom chain."
msgstr "``jump``: jump to another custom chain."
@@ -19471,6 +18618,10 @@ msgstr "``latency``: A server profile focused on lowering network latency. This
msgid "``least-connection`` Distributes requests to the server with the fewest active connections"
msgstr "``least-connection`` Distributes requests to the server with the fewest active connections"
+#: ../../configuration/loadbalancing/reverse-proxy.rst:108
+msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections"
+
#: ../../configuration/vpn/ipsec.rst:125
msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;"
@@ -19491,7 +18642,7 @@ msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);"
msgid "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
msgstr "``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);"
-#: ../../configuration/policy/route-map.rst:371
+#: ../../configuration/policy/route-map.rst:373
msgid "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
msgstr "``llgr-stale`` - Well-known communities value LLGR_STALE 0xFFFF0006"
@@ -19499,7 +18650,7 @@ msgstr "``llgr-stale`` - Well-known communities value LLGR_STA
msgid "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
msgstr "``local-address`` - local IP address for IPSec connection with this peer. If defined ``any``, then an IP address which configured on interface with default route will be used;"
-#: ../../configuration/policy/route-map.rst:361
+#: ../../configuration/policy/route-map.rst:363
msgid "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
msgstr "``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03"
@@ -19564,78 +18715,62 @@ msgid "``n`` - 802.11n - 600 Mbits/sec"
msgstr "``n`` - 802.11n - 600 Mbits/sec"
#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
-#: ../../configuration/pki/pki_cli_import_help.txt:5
msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance."
-#: ../../configuration/firewall/general.rst:142
-#: ../../configuration/firewall/general-legacy.rst:93
+#: ../../configuration/firewall/global-options.rst:79
msgid "``net.ipv4.conf.all.accept_redirects``"
msgstr "``net.ipv4.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:132
-#: ../../configuration/firewall/general-legacy.rst:84
+#: ../../configuration/firewall/global-options.rst:69
msgid "``net.ipv4.conf.all.accept_source_route``"
msgstr "``net.ipv4.conf.all.accept_source_route``"
-#: ../../configuration/firewall/general.rst:157
-#: ../../configuration/firewall/general-legacy.rst:108
+#: ../../configuration/firewall/global-options.rst:94
msgid "``net.ipv4.conf.all.log_martians``"
msgstr "``net.ipv4.conf.all.log_martians``"
-#: ../../configuration/firewall/general.rst:165
-#: ../../configuration/firewall/general-legacy.rst:115
+#: ../../configuration/firewall/global-options.rst:102
msgid "``net.ipv4.conf.all.rp_filter``"
msgstr "``net.ipv4.conf.all.rp_filter``"
-#: ../../configuration/firewall/general.rst:150
-#: ../../configuration/firewall/general-legacy.rst:101
+#: ../../configuration/firewall/global-options.rst:87
msgid "``net.ipv4.conf.all.send_redirects``"
msgstr "``net.ipv4.conf.all.send_redirects``"
-#: ../../configuration/firewall/general.rst:124
-#: ../../configuration/firewall/general-legacy.rst:76
+#: ../../configuration/firewall/global-options.rst:61
msgid "``net.ipv4.icmp_echo_ignore_broadcasts``"
msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``"
-#: ../../configuration/firewall/general.rst:180
-#: ../../configuration/firewall/general-legacy.rst:129
+#: ../../configuration/firewall/global-options.rst:117
msgid "``net.ipv4.tcp_rfc1337``"
msgstr "``net.ipv4.tcp_rfc1337``"
-#: ../../configuration/firewall/general.rst:172
-#: ../../configuration/firewall/general-legacy.rst:122
+#: ../../configuration/firewall/global-options.rst:109
msgid "``net.ipv4.tcp_syncookies``"
msgstr "``net.ipv4.tcp_syncookies``"
-#: ../../configuration/firewall/general.rst:143
-#: ../../configuration/firewall/general-legacy.rst:94
+#: ../../configuration/firewall/global-options.rst:80
msgid "``net.ipv6.conf.all.accept_redirects``"
msgstr "``net.ipv6.conf.all.accept_redirects``"
-#: ../../configuration/firewall/general.rst:133
-#: ../../configuration/firewall/general-legacy.rst:85
+#: ../../configuration/firewall/global-options.rst:70
msgid "``net.ipv6.conf.all.accept_source_route``"
msgstr "``net.ipv6.conf.all.accept_source_route``"
-#: ../../configuration/policy/route-map.rst:362
+#: ../../configuration/policy/route-map.rst:364
msgid "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
msgstr "``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02"
-#: ../../configuration/policy/route-map.rst:363
+#: ../../configuration/policy/route-map.rst:365
msgid "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
msgstr "``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01"
-#: ../../configuration/policy/route-map.rst:372
+#: ../../configuration/policy/route-map.rst:374
msgid "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
msgstr "``no-llgr`` - Well-known communities value NO_LLGR 0xFFFF0007"
-#: ../../configuration/policy/route-map.rst:375
+#: ../../configuration/policy/route-map.rst:377
msgid "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
msgstr "``no-peer`` - Well-known communities value NOPEER 0xFFFFFF04"
@@ -19740,7 +18875,9 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en
msgid "``psk`` - Preshared secret key name:"
msgstr "``psk`` - Preshared secret key name:"
-#: ../../configuration/firewall/general.rst:345
+#: ../../configuration/firewall/bridge.rst:83
+#: ../../configuration/firewall/ipv4.rst:101
+#: ../../configuration/firewall/ipv6.rst:101
msgid "``queue``: Enqueue packet to userspace."
msgstr "``queue``: Enqueue packet to userspace."
@@ -19748,7 +18885,8 @@ msgstr "``queue``: Enqueue packet to userspace."
msgid "``rate``: Number of packets. Default 5."
msgstr "``rate``: Number of packets. Default 5."
-#: ../../configuration/firewall/general.rst:338
+#: ../../configuration/firewall/ipv4.rst:94
+#: ../../configuration/firewall/ipv6.rst:94
msgid "``reject``: reject the packet."
msgstr "``reject``: reject the packet."
@@ -19781,7 +18919,9 @@ msgstr "``respond`` - does not try to initiate a connection to a remote peer. In
msgid "``restart`` set action to restart;"
msgstr "``restart`` set action to restart;"
-#: ../../configuration/firewall/general.rst:342
+#: ../../configuration/firewall/bridge.rst:80
+#: ../../configuration/firewall/ipv4.rst:98
+#: ../../configuration/firewall/ipv6.rst:98
msgid "``return``: Return from the current chain and continue at the next rule of the last chain."
msgstr "``return``: Return from the current chain and continue at the next rule of the last chain."
@@ -19801,19 +18941,19 @@ msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential ord
msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line"
-#: ../../configuration/policy/route-map.rst:367
+#: ../../configuration/policy/route-map.rst:369
msgid "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
msgstr "``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002"
-#: ../../configuration/policy/route-map.rst:369
+#: ../../configuration/policy/route-map.rst:371
msgid "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
msgstr "``route-filter-translated-v6`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004"
-#: ../../configuration/policy/route-map.rst:368
+#: ../../configuration/policy/route-map.rst:370
msgid "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
msgstr "``route-filter-v4`` - Well-known communities value ROUTE_FILTER_v4 0xFFFF0003"
-#: ../../configuration/policy/route-map.rst:370
+#: ../../configuration/policy/route-map.rst:372
msgid "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
msgstr "``route-filter-v6`` - Well-known communities value ROUTE_FILTER_v6 0xFFFF0005"
@@ -19829,6 +18969,31 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se
msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;"
+#: ../../configuration/firewall/index.rst:90
+msgid "``set firewall bridge forward filter ...``."
+msgstr "``set firewall bridge forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:61
+msgid "``set firewall ipv4 forward filter ...``."
+msgstr "``set firewall ipv4 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:54
+#: ../../configuration/firewall/index.rst:72
+msgid "``set firewall ipv4 input filter ...``."
+msgstr "``set firewall ipv4 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:63
+msgid "``set firewall ipv6 forward filter ...``."
+msgstr "``set firewall ipv6 forward filter ...``."
+
+#: ../../configuration/firewall/index.rst:56
+msgid "``set firewall ipv6 input filter ...``."
+msgstr "``set firewall ipv6 input filter ...``."
+
+#: ../../configuration/firewall/index.rst:74
+msgid "``set firewall ipv6 output filter ...``."
+msgstr "``set firewall ipv6 output filter ...``."
+
#: ../../configuration/interfaces/wireless.rst:238
msgid "``single-user-beamformee`` - Support for operation as single user beamformee"
msgstr "``single-user-beamformee`` - Support for operation as single user beamformee"
@@ -19877,7 +19042,8 @@ msgstr "``static`` - Statically configured routes"
msgid "``station`` - Connects to another access point"
msgstr "``station`` - Connects to another access point"
-#: ../../configuration/firewall/general.rst:347
+#: ../../configuration/firewall/ipv4.rst:103
+#: ../../configuration/firewall/ipv6.rst:103
msgid "``synproxy``: synproxy the packet."
msgstr "``synproxy``: synproxy the packet."
@@ -19961,10 +19127,18 @@ msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defi
msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;"
+#: ../../configuration/vpn/site2site_ipsec.rst:152
+msgid "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+msgstr "``virtual-address`` - Defines a virtual IP address which is requested by the initiator and one or several IPv4 and/or IPv6 addresses are assigned from multiple pools by the responder."
+
#: ../../configuration/vpn/ipsec.rst:168
msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all."
+#: ../../configuration/vpn/ipsec.rst:168
+msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy."
+
#: ../../configuration/policy/route-map.rst:175
msgid "``vnc`` - Virtual Network Control (VNC)"
msgstr "``vnc`` - Virtual Network Control (VNC)"
@@ -19993,7 +19167,7 @@ msgstr "``yes`` enable remote host re-authentication during an IKE rekey;"
msgid "`source-address` and `source-interface` can not be used at the same time."
msgstr "`source-address` and `source-interface` can not be used at the same time."
-#: ../../configuration/protocols/rpki.rst:16
+#: ../../configuration/protocols/rpki.rst:12
msgid "`tweet by EvilMog`_, 2020-02-21"
msgstr "`tweet by EvilMog`_, 2020-02-21"
@@ -20005,8 +19179,8 @@ msgstr "a bandwidth test over the VPN got these results:"
msgid "a blank indicates that no test has been carried out"
msgstr "a blank indicates that no test has been carried out"
-#: ../../configuration/nat/nat44.rst:728
-#: ../../configuration/nat/nat44.rst:733
+#: ../../configuration/nat/nat44.rst:750
+#: ../../configuration/nat/nat44.rst:755
msgid "aes256 Encryption"
msgstr "aes256 Encryption"
@@ -20020,7 +19194,7 @@ msgstr "alert"
msgid "all"
msgstr "all"
-#: ../../configuration/vrf/index.rst:426
+#: ../../configuration/vrf/index.rst:428
msgid "an RD / RTLIST"
msgstr "an RD / RTLIST"
@@ -20052,27 +19226,31 @@ msgstr "auto - interface duplex setting is auto-negotiated"
msgid "auto - interface speed is auto-negotiated"
msgstr "auto - interface speed is auto-negotiated"
+#: ../../configuration/system/frr.rst:32
+msgid "bgpd"
+msgstr "bgpd"
+
#: ../../configuration/service/router-advert.rst:13
msgid "bonding"
msgstr "bonding"
-#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:305
msgid "boot-size"
msgstr "boot-size"
-#: ../../configuration/service/dhcp-server.rst:331
+#: ../../configuration/service/dhcp-server.rst:298
msgid "bootfile-name"
msgstr "bootfile-name"
-#: ../../configuration/service/dhcp-server.rst:333
+#: ../../configuration/service/dhcp-server.rst:300
msgid "bootfile-name, filename"
msgstr "bootfile-name, filename"
-#: ../../configuration/service/dhcp-server.rst:321
+#: ../../configuration/service/dhcp-server.rst:288
msgid "bootfile-server"
msgstr "bootfile-server"
-#: ../../configuration/service/dhcp-server.rst:336
+#: ../../configuration/service/dhcp-server.rst:303
msgid "bootfile-size"
msgstr "bootfile-size"
@@ -20080,7 +19258,7 @@ msgstr "bootfile-size"
msgid "bridge"
msgstr "bridge"
-#: ../../configuration/service/dhcp-server.rst:269
+#: ../../configuration/service/dhcp-server.rst:236
msgid "client-prefix-length"
msgstr "client-prefix-length"
@@ -20112,11 +19290,11 @@ msgstr "daemon"
msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:"
-#: ../../configuration/service/dns.rst:205
+#: ../../configuration/service/dns.rst:218
msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS."
-#: ../../configuration/service/dns.rst:400
+#: ../../configuration/service/dns.rst:413
msgid "ddclient_ will skip any address located before the string set in `<pattern>`."
msgstr "ddclient_ will skip any address located before the string set in `<pattern>`."
@@ -20128,7 +19306,7 @@ msgstr "debug"
msgid "decrement-lifetime"
msgstr "decrement-lifetime"
-#: ../../configuration/service/dhcp-server.rst:368
+#: ../../configuration/service/dhcp-server.rst:335
msgid "default-lease-time, max-lease-time"
msgstr "default-lease-time, max-lease-time"
@@ -20140,7 +19318,7 @@ msgstr "default-lifetime"
msgid "default-preference"
msgstr "default-preference"
-#: ../../configuration/service/dhcp-server.rst:281
+#: ../../configuration/service/dhcp-server.rst:248
msgid "default-router"
msgstr "default-router"
@@ -20156,7 +19334,7 @@ msgstr "deprecate-prefix"
msgid "destination-hashing"
msgstr "destination-hashing"
-#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:285
msgid "dhcp-server-identifier"
msgstr "dhcp-server-identifier"
@@ -20168,28 +19346,9 @@ msgstr "direct"
msgid "directory"
msgstr "directory"
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/pppoe.rst:241
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
#: ../../configuration/interfaces/sstp-client.rst:113
#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
-#: ../../_include/interface-ip.txt:190
msgid "disable: No source validation"
msgstr "disable: No source validation"
@@ -20197,17 +19356,17 @@ msgstr "disable: No source validation"
msgid "dnssl"
msgstr "dnssl"
-#: ../../configuration/service/dhcp-server.rst:296
-#: ../../configuration/service/dhcp-server.rst:298
+#: ../../configuration/service/dhcp-server.rst:263
+#: ../../configuration/service/dhcp-server.rst:265
msgid "domain-name"
msgstr "domain-name"
-#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:260
msgid "domain-name-servers"
msgstr "domain-name-servers"
-#: ../../configuration/service/dhcp-server.rst:351
-#: ../../configuration/service/dhcp-server.rst:353
+#: ../../configuration/service/dhcp-server.rst:318
+#: ../../configuration/service/dhcp-server.rst:320
msgid "domain-search"
msgstr "domain-search"
@@ -20215,7 +19374,7 @@ msgstr "domain-search"
msgid "emerg"
msgstr "emerg"
-#: ../../configuration/firewall/general.rst:147
+#: ../../configuration/firewall/global-options.rst:84
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
@@ -20223,13 +19382,11 @@ msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following sy
msgid "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
msgstr "enable or disable ICMPv4 redirect messages send by VyOS The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:139
-#: ../../configuration/firewall/general-legacy.rst:90
+#: ../../configuration/firewall/global-options.rst:76
msgid "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS. The following system parameter will be altered:"
-#: ../../configuration/firewall/general.rst:154
-#: ../../configuration/firewall/general-legacy.rst:105
+#: ../../configuration/firewall/global-options.rst:91
msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:"
@@ -20245,11 +19402,11 @@ msgstr "ethernet"
msgid "exact-match: exact match of the network prefixes."
msgstr "exact-match: exact match of the network prefixes."
-#: ../../configuration/service/dhcp-server.rst:376
+#: ../../configuration/service/dhcp-server.rst:343
msgid "exclude"
msgstr "exclude"
-#: ../../configuration/service/dhcp-server.rst:381
+#: ../../configuration/service/dhcp-server.rst:348
msgid "failover"
msgstr "failover"
@@ -20318,11 +19475,15 @@ msgstr "invalid"
msgid "inverse-match: network/netmask to match (requires network be defined)."
msgstr "inverse-match: network/netmask to match (requires network be defined)."
-#: ../../configuration/service/dhcp-server.rst:301
-#: ../../configuration/service/dhcp-server.rst:303
+#: ../../configuration/service/dhcp-server.rst:268
+#: ../../configuration/service/dhcp-server.rst:270
msgid "ip-forwarding"
msgstr "ip-forwarding"
+#: ../../configuration/system/frr.rst:33
+msgid "isisd"
+msgstr "isisd"
+
#: ../../configuration/interfaces/ethernet.rst:90
msgid "it can be used with any NIC,"
msgstr "it can be used with any NIC,"
@@ -20339,7 +19500,11 @@ msgstr "kern"
msgid "l2tpv3"
msgstr "l2tpv3"
-#: ../../configuration/service/dhcp-server.rst:366
+#: ../../configuration/system/frr.rst:34
+msgid "ldpd"
+msgstr "ldpd"
+
+#: ../../configuration/service/dhcp-server.rst:333
msgid "lease"
msgstr "lease"
@@ -20347,19 +19512,19 @@ msgstr "lease"
msgid "least-connection"
msgstr "least-connection"
-#: ../../configuration/vpn/site2site_ipsec.rst:271
+#: ../../configuration/vpn/site2site_ipsec.rst:275
msgid "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
msgstr "left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device"
-#: ../../configuration/vpn/site2site_ipsec.rst:163
+#: ../../configuration/vpn/site2site_ipsec.rst:167
msgid "left local_ip: `198.51.100.3` # server side WAN IP"
msgstr "left local_ip: `198.51.100.3` # server side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:272
+#: ../../configuration/vpn/site2site_ipsec.rst:276
msgid "left public_ip:172.18.201.10"
msgstr "left public_ip:172.18.201.10"
-#: ../../configuration/vpn/site2site_ipsec.rst:161
+#: ../../configuration/vpn/site2site_ipsec.rst:165
msgid "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actually there is no client or server roles)"
@@ -20439,28 +19604,9 @@ msgstr "logalert"
msgid "logaudit"
msgstr "logaudit"
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/pppoe.rst:237
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
#: ../../configuration/interfaces/sstp-client.rst:109
#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
-#: ../../_include/interface-ip.txt:186
msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail."
@@ -20472,7 +19618,15 @@ msgstr "lpr"
msgid "mDNS Repeater"
msgstr "mDNS Repeater"
-#: ../../configuration/service/mdns.rst:28
+#: ../../configuration/service/mdns.rst:38
+msgid "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+msgstr "mDNS repeater can be configured to re-broadcast only specific services. By default, all services are re-broadcasted."
+
+#: ../../configuration/service/mdns.rst:33
+msgid "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or both to re-broadcast. By default, mDNS repeater will listen on both IPv4 and IPv6."
+
+#: ../../configuration/service/mdns.rst:29
msgid "mDNS repeater can be temporarily disabled without deleting the service using"
msgstr "mDNS repeater can be temporarily disabled without deleting the service using"
@@ -20512,12 +19666,12 @@ msgstr "more information related IGP - :ref:`routing-isis`"
msgid "more information related IGP - :ref:`routing-ospf`"
msgstr "more information related IGP - :ref:`routing-ospf`"
-#: ../../configuration/service/dhcp-server.rst:291
+#: ../../configuration/service/dhcp-server.rst:258
#: ../../configuration/service/router-advert.rst:1
msgid "name-server"
msgstr "name-server"
-#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:280
msgid "netbios-name-servers"
msgstr "netbios-name-servers"
@@ -20533,7 +19687,7 @@ msgstr "network: network/netmask to match (requires inverse-match be defined) BU
msgid "news"
msgstr "news"
-#: ../../configuration/service/dhcp-server.rst:323
+#: ../../configuration/service/dhcp-server.rst:290
msgid "next-server"
msgstr "next-server"
@@ -20557,11 +19711,11 @@ msgstr "notice"
msgid "ntp"
msgstr "ntp"
-#: ../../configuration/service/dhcp-server.rst:306
+#: ../../configuration/service/dhcp-server.rst:273
msgid "ntp-server"
msgstr "ntp-server"
-#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:275
msgid "ntp-servers"
msgstr "ntp-servers"
@@ -20573,6 +19727,14 @@ msgstr "one rule with a LAN (inbound-interface) and the WAN (interface)."
msgid "openvpn"
msgstr "openvpn"
+#: ../../configuration/system/frr.rst:35
+msgid "ospf6d"
+msgstr "ospf6d"
+
+#: ../../configuration/system/frr.rst:36
+msgid "ospfd"
+msgstr "ospfd"
+
#: ../../configuration/protocols/ospf.rst:207
msgid "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
msgstr "ospfd supports Opaque LSA :rfc:`2370` as partial support for MPLS Traffic Engineering LSAs. The opaque-lsa capability must be enabled in the configuration."
@@ -20601,8 +19763,8 @@ msgstr "policy extcommunity-list"
msgid "policy large-community-list"
msgstr "policy large-community-list"
-#: ../../configuration/service/dhcp-server.rst:346
-#: ../../configuration/service/dhcp-server.rst:348
+#: ../../configuration/service/dhcp-server.rst:313
+#: ../../configuration/service/dhcp-server.rst:315
msgid "pop-server"
msgstr "pop-server"
@@ -20619,8 +19781,8 @@ msgstr "prefix-list, distribute-list"
msgid "pseudo-ethernet"
msgstr "pseudo-ethernet"
-#: ../../configuration/service/dhcp-server.rst:371
-#: ../../configuration/service/dhcp-server.rst:373
+#: ../../configuration/service/dhcp-server.rst:338
+#: ../../configuration/service/dhcp-server.rst:340
msgid "range"
msgstr "range"
@@ -20636,7 +19798,7 @@ msgstr "reset commands"
msgid "retrans-timer"
msgstr "retrans-timer"
-#: ../../configuration/service/dhcp-server.rst:358
+#: ../../configuration/service/dhcp-server.rst:325
msgid "rfc3442-static-route, windows-static-route"
msgstr "rfc3442-static-route, windows-static-route"
@@ -20644,18 +19806,22 @@ msgstr "rfc3442-static-route, windows-static-route"
msgid "rfc3768-compatibility"
msgstr "rfc3768-compatibility"
-#: ../../configuration/vpn/site2site_ipsec.rst:273
+#: ../../configuration/vpn/site2site_ipsec.rst:277
msgid "right local_ip: 172.18.202.10 # right side WAN IP"
msgstr "right local_ip: 172.18.202.10 # right side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:165
+#: ../../configuration/vpn/site2site_ipsec.rst:169
msgid "right local_ip: `203.0.113.2` # remote office side WAN IP"
msgstr "right local_ip: `203.0.113.2` # remote office side WAN IP"
-#: ../../configuration/vpn/site2site_ipsec.rst:164
+#: ../../configuration/vpn/site2site_ipsec.rst:168
msgid "right subnet: `10.0.0.0/24` site2,remote office side"
msgstr "right subnet: `10.0.0.0/24` site2,remote office side"
+#: ../../configuration/system/frr.rst:37
+msgid "ripd"
+msgstr "ripd"
+
#: ../../configuration/highavailability/index.rst:349
msgid "round-robin"
msgstr "round-robin"
@@ -20665,7 +19831,7 @@ msgstr "round-robin"
msgid "route-map"
msgstr "route-map"
-#: ../../configuration/service/dhcp-server.rst:283
+#: ../../configuration/service/dhcp-server.rst:250
msgid "routers"
msgstr "routers"
@@ -20682,7 +19848,7 @@ msgstr "sFlow is a technology that enables monitoring of network traffic by send
msgid "security"
msgstr "security"
-#: ../../configuration/service/dhcp-server.rst:316
+#: ../../configuration/service/dhcp-server.rst:283
msgid "server-identifier"
msgstr "server-identifier"
@@ -20694,8 +19860,8 @@ msgstr "server example"
msgid "set a destination and/or source address. Accepted input:"
msgstr "set a destination and/or source address. Accepted input:"
-#: ../../configuration/nat/nat44.rst:729
-#: ../../configuration/nat/nat44.rst:734
+#: ../../configuration/nat/nat44.rst:751
+#: ../../configuration/nat/nat44.rst:756
msgid "sha256 Hashes"
msgstr "sha256 Hashes"
@@ -20703,7 +19869,7 @@ msgstr "sha256 Hashes"
msgid "show commands"
msgstr "show commands"
-#: ../../configuration/service/dhcp-server.rst:322
+#: ../../configuration/service/dhcp-server.rst:289
msgid "siaddr"
msgstr "siaddr"
@@ -20711,8 +19877,8 @@ msgstr "siaddr"
msgid "slow: Request partner to transmit LACPDUs every 30 seconds"
msgstr "slow: Request partner to transmit LACPDUs every 30 seconds"
-#: ../../configuration/service/dhcp-server.rst:341
-#: ../../configuration/service/dhcp-server.rst:343
+#: ../../configuration/service/dhcp-server.rst:308
+#: ../../configuration/service/dhcp-server.rst:310
msgid "smtp-server"
msgstr "smtp-server"
@@ -20732,40 +19898,21 @@ msgstr "spoke01-spoke04"
msgid "spoke05"
msgstr "spoke05"
-#: ../../configuration/service/dhcp-server.rst:386
+#: ../../configuration/service/dhcp-server.rst:353
msgid "static-mapping"
msgstr "static-mapping"
-#: ../../configuration/service/dhcp-server.rst:356
+#: ../../configuration/service/dhcp-server.rst:323
msgid "static-route"
msgstr "static-route"
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/pppoe.rst:233
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
#: ../../configuration/interfaces/sstp-client.rst:105
#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
-#: ../../_include/interface-ip.txt:182
msgid "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
msgstr "strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded."
-#: ../../configuration/service/dhcp-server.rst:271
+#: ../../configuration/service/dhcp-server.rst:238
msgid "subnet-mask"
msgstr "subnet-mask"
@@ -20781,8 +19928,8 @@ msgstr "tail"
msgid "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
msgstr "tc_ is a powerful tool for Traffic Control found at the Linux kernel. However, its configuration is often considered a cumbersome task. Fortunately, VyOS eases the job through its CLI, while using ``tc`` as backend."
-#: ../../configuration/service/dhcp-server.rst:326
-#: ../../configuration/service/dhcp-server.rst:328
+#: ../../configuration/service/dhcp-server.rst:293
+#: ../../configuration/service/dhcp-server.rst:295
msgid "tftp-server-name"
msgstr "tftp-server-name"
@@ -20791,16 +19938,16 @@ msgstr "tftp-server-name"
msgid "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
msgstr "this option allows to configure prefix-sid on SR. The ‘no-php-flag’ means NO Penultimate Hop Popping that allows SR node to request to its neighbor to not pop the label. The ‘explicit-null’ flag allows SR node to request to its neighbor to send IP packet with the EXPLICIT-NULL label. The ‘n-flag-clear’ option can be used to explicitly clear the Node flag that is set by default for Prefix-SIDs associated to loopback addresses. This option is necessary to configure Anycast-SIDs."
-#: ../../configuration/service/dhcp-server.rst:275
-#: ../../configuration/service/dhcp-server.rst:277
+#: ../../configuration/service/dhcp-server.rst:242
+#: ../../configuration/service/dhcp-server.rst:244
msgid "time-offset"
msgstr "time-offset"
-#: ../../configuration/service/dhcp-server.rst:286
+#: ../../configuration/service/dhcp-server.rst:253
msgid "time-server"
msgstr "time-server"
-#: ../../configuration/service/dhcp-server.rst:288
+#: ../../configuration/service/dhcp-server.rst:255
msgid "time-servers"
msgstr "time-servers"
@@ -20861,7 +20008,7 @@ msgstr "weighted-round-robin"
msgid "while a *byte* is written as a single **b**."
msgstr "while a *byte* is written as a single **b**."
-#: ../../configuration/service/dhcp-server.rst:311
+#: ../../configuration/service/dhcp-server.rst:278
msgid "wins-server"
msgstr "wins-server"
@@ -20877,14 +20024,18 @@ msgstr "wireless"
msgid "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
msgstr "with :cfgcmd:`set system acceleration qat` on both systems the bandwidth increases."
-#: ../../configuration/service/dhcp-server.rst:361
+#: ../../configuration/service/dhcp-server.rst:328
msgid "wpad-url"
msgstr "wpad-url"
-#: ../../configuration/service/dhcp-server.rst:363
+#: ../../configuration/service/dhcp-server.rst:330
msgid "wpad-url, wpad-url code 252 = text"
msgstr "wpad-url, wpad-url code 252 = text"
#: ../../configuration/service/router-advert.rst:23
msgid "wwan"
msgstr "wwan"
+
+#: ../../configuration/system/frr.rst:38
+msgid "zebra"
+msgstr "zebra"
diff --git a/docs/_locale/uk/contributing.pot b/docs/_locale/uk/contributing.pot
index 781d3731..4db4247d 100644
--- a/docs/_locale/uk/contributing.pot
+++ b/docs/_locale/uk/contributing.pot
@@ -80,8 +80,8 @@ msgstr "A single, short, summary of the commit (recommended 50 characters or les
msgid "Abbreviations and acronyms **must** be capitalized."
msgstr "Abbreviations and acronyms **must** be capitalized."
-#: ../../contributing/build-vyos.rst:403
-#: ../../contributing/build-vyos.rst:591
+#: ../../contributing/build-vyos.rst:443
+#: ../../contributing/build-vyos.rst:631
msgid "Accel-PPP"
msgstr "Accel-PPP"
@@ -93,7 +93,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from
msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``"
-#: ../../contributing/testing.rst:99
+#: ../../contributing/testing.rst:100
msgid "Add one or more IP addresses"
msgstr "Add one or more IP addresses"
@@ -101,17 +101,17 @@ msgstr "Add one or more IP addresses"
msgid "Address"
msgstr "Address"
-#: ../../contributing/build-vyos.rst:800
+#: ../../contributing/build-vyos.rst:840
msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
msgstr "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:"
-#: ../../contributing/build-vyos.rst:627
-#: ../../contributing/build-vyos.rst:656
-#: ../../contributing/build-vyos.rst:691
+#: ../../contributing/build-vyos.rst:667
+#: ../../contributing/build-vyos.rst:696
+#: ../../contributing/build-vyos.rst:731
msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
msgstr "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build."
-#: ../../contributing/testing.rst:50
+#: ../../contributing/testing.rst:51
msgid "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
msgstr "After its first boot into the newly installed system the main Smoketest script is executed, it can be found here: `/usr/bin/vyos-smoketest`"
@@ -147,23 +147,23 @@ msgstr "Always use the ``-x`` option to the ``git cherry-pick`` command when bac
msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
msgstr "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler."
-#: ../../contributing/build-vyos.rst:702
+#: ../../contributing/build-vyos.rst:742
msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub."
-#: ../../contributing/build-vyos.rst:831
+#: ../../contributing/build-vyos.rst:871
msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages."
-#: ../../contributing/testing.rst:56
+#: ../../contributing/testing.rst:57
msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system."
-#: ../../contributing/testing.rst:12
+#: ../../contributing/testing.rst:13
msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
msgstr "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works."
-#: ../../contributing/build-vyos.rst:777
+#: ../../contributing/build-vyos.rst:817
msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
msgstr "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub."
@@ -215,15 +215,15 @@ msgstr "Boot Timing"
msgid "Bug Report/Issue"
msgstr "Bug Report/Issue"
-#: ../../contributing/build-vyos.rst:785
+#: ../../contributing/build-vyos.rst:825
msgid "Build"
msgstr "Build"
-#: ../../contributing/build-vyos.rst:60
+#: ../../contributing/build-vyos.rst:122
msgid "Build Container"
msgstr "Build Container"
-#: ../../contributing/build-vyos.rst:182
+#: ../../contributing/build-vyos.rst:215
msgid "Build ISO"
msgstr "Build ISO"
@@ -231,31 +231,31 @@ msgstr "Build ISO"
msgid "Build VyOS"
msgstr "Build VyOS"
-#: ../../contributing/build-vyos.rst:85
+#: ../../contributing/build-vyos.rst:147
msgid "Build from source"
msgstr "Build from source"
-#: ../../contributing/build-vyos.rst:582
+#: ../../contributing/build-vyos.rst:622
msgid "Building Out-Of-Tree Modules"
msgstr "Building Out-Of-Tree Modules"
-#: ../../contributing/build-vyos.rst:435
+#: ../../contributing/build-vyos.rst:475
msgid "Building The Kernel"
msgstr "Building The Kernel"
-#: ../../contributing/build-vyos.rst:246
+#: ../../contributing/build-vyos.rst:286
msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
msgstr "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!"
-#: ../../contributing/build-vyos.rst:705
+#: ../../contributing/build-vyos.rst:745
msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
msgstr "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO."
-#: ../../contributing/build-vyos.rst:584
+#: ../../contributing/build-vyos.rst:624
msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
msgstr "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules."
-#: ../../contributing/build-vyos.rst:475
+#: ../../contributing/build-vyos.rst:515
msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
msgstr "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware."
@@ -275,7 +275,7 @@ msgstr "C++ Backend Code"
msgid "Capitalization and punctuation"
msgstr "Capitalization and punctuation"
-#: ../../contributing/build-vyos.rst:448
+#: ../../contributing/build-vyos.rst:488
msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):"
@@ -283,7 +283,7 @@ msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.j
msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
msgstr "Clone: ``git clone https://github.com/<user>/vyos-1x.git``"
-#: ../../contributing/build-vyos.rst:441
+#: ../../contributing/build-vyos.rst:481
msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
msgstr "Clone the kernel source to `vyos-build/packages/linux-kernel/`:"
@@ -299,7 +299,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic
msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID."
-#: ../../contributing/testing.rst:151
+#: ../../contributing/testing.rst:152
msgid "Config Load Tests"
msgstr "Config Load Tests"
@@ -323,11 +323,11 @@ msgstr "Consult the documentation_ to ensure that you have configured your syste
msgid "Continuous Integration"
msgstr "Continuous Integration"
-#: ../../contributing/build-vyos.rst:255
+#: ../../contributing/build-vyos.rst:295
msgid "Customize"
msgstr "Customize"
-#: ../../contributing/testing.rst:100
+#: ../../contributing/testing.rst:101
msgid "DHCP client and DHCPv6 prefix delegation"
msgstr "DHCP client and DHCPv6 prefix delegation"
@@ -335,19 +335,31 @@ msgstr "DHCP client and DHCPv6 prefix delegation"
msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
msgstr "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226"
-#: ../../contributing/build-vyos.rst:713
+#: ../../contributing/build-vyos.rst:753
msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
msgstr "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build."
+#: ../../contributing/build-vyos.rst:42
+msgid "Debian Bookworm for VyOS 1.4 (sagitta)"
+msgstr "Debian Bookworm for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:43
+msgid "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+msgstr "Debian Bookworm for the upcoming VyOS 1.5/circinus/current (subject to change) - aka the rolling release"
+
#: ../../contributing/build-vyos.rst:154
msgid "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
msgstr "Debian Bullseye for VyOS 1.4 (sagitta, current) - aka the rolling release"
-#: ../../contributing/build-vyos.rst:153
+#: ../../contributing/build-vyos.rst:154
+msgid "Debian Bullseye for VyOS 1.4 (sagitta)"
+msgstr "Debian Bullseye for VyOS 1.4 (sagitta)"
+
+#: ../../contributing/build-vyos.rst:41
msgid "Debian Buster for VyOS 1.3 (equuleus)"
msgstr "Debian Buster for VyOS 1.3 (equuleus)"
-#: ../../contributing/build-vyos.rst:152
+#: ../../contributing/build-vyos.rst:40
msgid "Debian Jessie for VyOS 1.2 (crux)"
msgstr "Debian Jessie for VyOS 1.2 (crux)"
@@ -379,15 +391,15 @@ msgstr "Development"
msgid "Do not add angle brackets around the format, they will be inserted automatically"
msgstr "Do not add angle brackets around the format, they will be inserted automatically"
-#: ../../contributing/build-vyos.rst:33
+#: ../../contributing/build-vyos.rst:83
msgid "Docker"
msgstr "Docker"
-#: ../../contributing/build-vyos.rst:73
+#: ../../contributing/build-vyos.rst:135
msgid "Dockerhub"
msgstr "Dockerhub"
-#: ../../contributing/build-vyos.rst:50
+#: ../../contributing/build-vyos.rst:112
msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_."
@@ -395,6 +407,10 @@ msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recomm
msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
msgstr "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used."
+#: ../../contributing/build-vyos.rst:87
+msgid "Due to the updated version of Docker, the following examples may become invalid."
+msgstr "Due to the updated version of Docker, the following examples may become invalid."
+
#: ../../contributing/debugging.rst:172
msgid "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
msgstr "During the migration and extensive rewrite of functionality from Perl into Python a significant increase in the overall system boottime was noticed. The system boot time can be analysed and a graph can be generated in the end which shows in detail who called whom during the system startup phase."
@@ -403,7 +419,7 @@ msgstr "During the migration and extensive rewrite of functionality from Perl in
msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
msgstr "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/."
-#: ../../contributing/build-vyos.rst:407
+#: ../../contributing/build-vyos.rst:447
msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
msgstr "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:"
@@ -420,7 +436,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl
msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit."
#: ../../contributing/development.rst:412
-#: ../../contributing/testing.rst:65
+#: ../../contributing/testing.rst:66
msgid "Example:"
msgstr "Example:"
@@ -453,11 +469,11 @@ msgstr "FRR"
msgid "Feature Request"
msgstr "Feature Request"
-#: ../../contributing/build-vyos.rst:560
+#: ../../contributing/build-vyos.rst:600
msgid "Firmware"
msgstr "Firmware"
-#: ../../contributing/build-vyos.rst:593
+#: ../../contributing/build-vyos.rst:633
msgid "First, clone the source code and check out the appropriate version by running:"
msgstr "First, clone the source code and check out the appropriate version by running:"
@@ -485,7 +501,7 @@ msgstr "For example, ``/tmp/vyos.ifconfig.debug`` can be created to enable inter
msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
msgstr "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``."
-#: ../../contributing/build-vyos.rst:170
+#: ../../contributing/build-vyos.rst:72
msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
msgstr "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing."
@@ -534,7 +550,7 @@ msgstr "Good: PPPoE, IPsec"
msgid "Good: RADIUS (as in remote authentication for dial-in user services)"
msgstr "Good: RADIUS (as in remote authentication for dial-in user services)"
-#: ../../contributing/build-vyos.rst:244
+#: ../../contributing/build-vyos.rst:284
msgid "Good luck!"
msgstr "Good luck!"
@@ -562,11 +578,11 @@ msgstr "Horrible: \"frobnication algorithm.\""
msgid "How can we reproduce this Bug?"
msgstr "How can we reproduce this Bug?"
-#: ../../contributing/testing.rst:102
+#: ../../contributing/testing.rst:103
msgid "IP and IPv6 options"
msgstr "IP and IPv6 options"
-#: ../../contributing/build-vyos.rst:308
+#: ../../contributing/build-vyos.rst:348
msgid "ISO Build Issues"
msgstr "ISO Build Issues"
@@ -590,11 +606,11 @@ msgstr "If applicable a reference to a previous commit should be made linking th
msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it."
-#: ../../contributing/build-vyos.rst:699
+#: ../../contributing/build-vyos.rst:739
msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be."
-#: ../../contributing/build-vyos.rst:562
+#: ../../contributing/build-vyos.rst:602
msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts."
@@ -622,7 +638,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di
msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together."
-#: ../../contributing/build-vyos.rst:554
+#: ../../contributing/build-vyos.rst:594
msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above."
@@ -638,7 +654,7 @@ msgstr "Include output"
msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in."
-#: ../../contributing/build-vyos.rst:810
+#: ../../contributing/build-vyos.rst:850
msgid "Install"
msgstr "Install"
@@ -646,7 +662,7 @@ msgstr "Install"
msgid "Install https://pypi.org/project/stdeb/"
msgstr "Install https://pypi.org/project/stdeb/"
-#: ../../contributing/build-vyos.rst:35
+#: ../../contributing/build-vyos.rst:85
msgid "Installing Docker_ and prerequisites:"
msgstr "Installing Docker_ and prerequisites:"
@@ -654,23 +670,23 @@ msgstr "Installing Docker_ and prerequisites:"
msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:"
-#: ../../contributing/build-vyos.rst:632
+#: ../../contributing/build-vyos.rst:672
msgid "Intel NIC"
msgstr "Intel NIC"
-#: ../../contributing/build-vyos.rst:404
+#: ../../contributing/build-vyos.rst:444
msgid "Intel NIC drivers"
msgstr "Intel NIC drivers"
-#: ../../contributing/build-vyos.rst:661
+#: ../../contributing/build-vyos.rst:701
msgid "Intel QAT"
msgstr "Intel QAT"
-#: ../../contributing/build-vyos.rst:405
+#: ../../contributing/build-vyos.rst:445
msgid "Inter QAT"
msgstr "Inter QAT"
-#: ../../contributing/testing.rst:90
+#: ../../contributing/testing.rst:91
msgid "Interface based tests"
msgstr "Interface based tests"
@@ -690,11 +706,11 @@ msgstr "It's an Ada program and requires GNAT and gprbuild for building, depende
msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG."
-#: ../../contributing/testing.rst:17
+#: ../../contributing/testing.rst:18
msgid "Jenkins CI"
msgstr "Jenkins CI"
-#: ../../contributing/build-vyos.rst:816
+#: ../../contributing/build-vyos.rst:856
msgid "Just install using the following commands:"
msgstr "Just install using the following commands:"
@@ -710,7 +726,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi
msgid "Kernel"
msgstr "Kernel"
-#: ../../contributing/build-vyos.rst:787
+#: ../../contributing/build-vyos.rst:827
msgid "Launch Docker container and build package"
msgstr "Launch Docker container and build package"
@@ -734,7 +750,7 @@ msgstr "Like any other project we have some small guidelines about our source co
msgid "Limits:"
msgstr "Limits:"
-#: ../../contributing/build-vyos.rst:390
+#: ../../contributing/build-vyos.rst:430
msgid "Linux Kernel"
msgstr "Linux Kernel"
@@ -742,7 +758,7 @@ msgstr "Linux Kernel"
msgid "Live System"
msgstr "Live System"
-#: ../../contributing/testing.rst:101
+#: ../../contributing/testing.rst:102
msgid "MTU size"
msgstr "MTU size"
@@ -750,11 +766,11 @@ msgstr "MTU size"
msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:"
-#: ../../contributing/testing.rst:60
+#: ../../contributing/testing.rst:61
msgid "Manual Smoketest Run"
msgstr "Manual Smoketest Run"
-#: ../../contributing/testing.rst:168
+#: ../../contributing/testing.rst:169
msgid "Manual config load test"
msgstr "Manual config load test"
@@ -770,7 +786,7 @@ msgstr "Migrating old CLI"
msgid "Move default values to scripts"
msgstr "Move default values to scripts"
-#: ../../contributing/build-vyos.rst:147
+#: ../../contributing/build-vyos.rst:35
msgid "Native Build"
msgstr "Native Build"
@@ -807,23 +823,23 @@ msgstr "None"
msgid "Notes"
msgstr "Notes"
-#: ../../contributing/build-vyos.rst:199
+#: ../../contributing/build-vyos.rst:236
msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:"
-#: ../../contributing/build-vyos.rst:184
+#: ../../contributing/build-vyos.rst:217
msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`."
-#: ../../contributing/build-vyos.rst:384
+#: ../../contributing/build-vyos.rst:424
msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!"
-#: ../../contributing/build-vyos.rst:469
+#: ../../contributing/build-vyos.rst:509
msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages."
-#: ../../contributing/build-vyos.rst:133
+#: ../../contributing/build-vyos.rst:199
msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory."
@@ -831,7 +847,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t
msgid "Old concept/syntax"
msgstr "Old concept/syntax"
-#: ../../contributing/testing.rst:62
+#: ../../contributing/testing.rst:63
msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts."
@@ -843,7 +859,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with
msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:"
-#: ../../contributing/testing.rst:170
+#: ../../contributing/testing.rst:171
msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own."
@@ -851,6 +867,10 @@ msgstr "One is not bound to load all configurations one after another but can al
msgid "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
msgstr "One of the major advantages introduced in VyOS 1.3 is an autmated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+#: ../../contributing/testing.rst:7
+msgid "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+msgstr "One of the major advantages introduced in VyOS 1.3 is an automated test framework. When assembling an ISO image multiple things can go wrong badly and publishing a faulty ISO makes no sense. The user is disappointed by the quality of the image and the developers get flodded with bug reports over and over again."
+
#: ../../contributing/development.rst:665
msgid "Only applicable to leaf nodes"
msgstr "Only applicable to leaf nodes"
@@ -863,7 +883,7 @@ msgstr "Other packages (e.g. vyos-1x) add dependencies to the ISO build procedur
msgid "Our StrongSWAN build differs from the upstream:"
msgstr "Our StrongSWAN build differs from the upstream:"
-#: ../../contributing/testing.rst:19
+#: ../../contributing/testing.rst:20
msgid "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
msgstr "Our `VyOS CI`_ system is based on Jenkins and builds all our required packages for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build Job which builds and tests the VyOS ISO image which is published after a successfull test drive."
@@ -875,12 +895,12 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind
msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:"
-#: ../../contributing/testing.rst:92
+#: ../../contributing/testing.rst:93
msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested."
-#: ../../contributing/build-vyos.rst:697
-#: ../../contributing/build-vyos.rst:766
+#: ../../contributing/build-vyos.rst:737
+#: ../../contributing/build-vyos.rst:806
msgid "Packages"
msgstr "Packages"
@@ -904,11 +924,11 @@ msgstr "Please submit your patches using the well-known GitHub pull-request agai
msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface."
-#: ../../contributing/testing.rst:103
+#: ../../contributing/testing.rst:104
msgid "Port description"
msgstr "Port description"
-#: ../../contributing/testing.rst:104
+#: ../../contributing/testing.rst:105
msgid "Port disable"
msgstr "Port disable"
@@ -952,7 +972,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway?
msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable."
-#: ../../contributing/build-vyos.rst:745
+#: ../../contributing/build-vyos.rst:785
msgid "QEMU"
msgstr "QEMU"
@@ -968,16 +988,16 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca
msgid "Report a Bug"
msgstr "Report a Bug"
-#: ../../contributing/build-vyos.rst:747
+#: ../../contributing/build-vyos.rst:787
msgid "Run the following command after building the ISO image."
msgstr "Run the following command after building the ISO image."
-#: ../../contributing/build-vyos.rst:756
+#: ../../contributing/build-vyos.rst:796
msgid "Run the following command after building the QEMU image."
msgstr "Run the following command after building the QEMU image."
-#: ../../contributing/build-vyos.rst:637
-#: ../../contributing/build-vyos.rst:666
+#: ../../contributing/build-vyos.rst:677
+#: ../../contributing/build-vyos.rst:706
msgid "Simply use our wrapper script to build all of the driver modules."
msgstr "Simply use our wrapper script to build all of the driver modules."
@@ -985,19 +1005,19 @@ msgstr "Simply use our wrapper script to build all of the driver modules."
msgid "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
msgstr "Since VyOS has switched to Debian (11) Bullseye in its ``current`` branch, you will require individual container for `current`, `equuleus` and `crux` builds."
-#: ../../contributing/testing.rst:29
+#: ../../contributing/testing.rst:30
msgid "Smoketests"
msgstr "Smoketests"
-#: ../../contributing/testing.rst:31
+#: ../../contributing/testing.rst:32
msgid "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
msgstr "Smoketests executes predefined VyOS CLI commands and checks if the desired daemon/service configuration is rendert - that is how to put it \"short\"."
-#: ../../contributing/testing.rst:44
+#: ../../contributing/testing.rst:45
msgid "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
msgstr "So if you plan to build your own custom ISO image and wan't to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed."
-#: ../../contributing/build-vyos.rst:136
+#: ../../contributing/build-vyos.rst:202
msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail."
@@ -1005,7 +1025,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver
msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed."
-#: ../../contributing/testing.rst:201
+#: ../../contributing/testing.rst:202
msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file."
@@ -1013,7 +1033,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos
msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb."
-#: ../../contributing/build-vyos.rst:229
+#: ../../contributing/build-vyos.rst:269
msgid "Start the build:"
msgstr "Start the build:"
@@ -1057,15 +1077,15 @@ msgstr "Text generation"
msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code."
-#: ../../contributing/build-vyos.rst:634
+#: ../../contributing/build-vyos.rst:674
msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them."
-#: ../../contributing/build-vyos.rst:662
+#: ../../contributing/build-vyos.rst:702
msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website."
-#: ../../contributing/build-vyos.rst:392
+#: ../../contributing/build-vyos.rst:432
msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:"
@@ -1089,7 +1109,7 @@ msgstr "The ``generate()`` function generates config files for system components
msgid "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
msgstr "The ``get_config()`` function must convert the VyOS config to an abstract, internal representation. No other function is allowed to call the ``vyos.config. Config`` object method directly. The rationale for it is that when config reads are mixed with other logic, it's very hard to change the config syntax since you need to weed out every occurrence of the old syntax. If syntax-specific code is confined to a single function, the rest of the code can be left untouched as long as the internal representation remains compatible."
-#: ../../contributing/testing.rst:47
+#: ../../contributing/testing.rst:48
msgid "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
msgstr "The ``make test`` command from the vyos-build_ repository will launch a new QEmu instance and the ISO image is first installed to the virtual harddisk."
@@ -1101,19 +1121,19 @@ msgstr "The ``verify()`` function takes your internal representation of the conf
msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file."
-#: ../../contributing/build-vyos.rst:54
+#: ../../contributing/build-vyos.rst:116
msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\""
-#: ../../contributing/testing.rst:158
+#: ../../contributing/testing.rst:159
msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs"
-#: ../../contributing/build-vyos.rst:87
+#: ../../contributing/build-vyos.rst:149
msgid "The container can also be built directly from source:"
msgstr "The container can also be built directly from source:"
-#: ../../contributing/build-vyos.rst:62
+#: ../../contributing/build-vyos.rst:124
msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)."
@@ -1121,11 +1141,11 @@ msgstr "The container can be built by hand or by fetching the pre-built one from
msgid "The default template processor for VyOS code is Jinja2_."
msgstr "The default template processor for VyOS code is Jinja2_."
-#: ../../contributing/build-vyos.rst:773
+#: ../../contributing/build-vyos.rst:813
msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages."
-#: ../../contributing/testing.rst:163
+#: ../../contributing/testing.rst:164
msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another."
@@ -1137,6 +1157,10 @@ msgstr "The file can be placed in ``/tmp`` for one time debugging (as the file w
msgid "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
msgstr "The first word of every help string **must** be capitalized. There **must not** be a period at the end of help strings."
+#: ../../contributing/build-vyos.rst:26
+msgid "The following includes the build process for VyOS 1.2 to the latest version."
+msgstr "The following includes the build process for VyOS 1.2 to the latest version."
+
#: ../../contributing/development.rst:71
msgid "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
msgstr "The format should be and is inspired by: https://git-scm.com/book/ch5-2.html It is also worth reading https://chris.beams.io/posts/git-commit/"
@@ -1149,11 +1173,11 @@ msgstr "The great thing about schemas is not only that people can know the compl
msgid "The information is used in three ways:"
msgstr "The information is used in three ways:"
-#: ../../contributing/build-vyos.rst:437
+#: ../../contributing/build-vyos.rst:477
msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it."
-#: ../../contributing/build-vyos.rst:425
+#: ../../contributing/build-vyos.rst:465
msgid "The most obvious reasons could be:"
msgstr "The most obvious reasons could be:"
@@ -1161,7 +1185,7 @@ msgstr "The most obvious reasons could be:"
msgid "The original repo is at https://github.com/dmbaturin/hvinfo"
msgstr "The original repo is at https://github.com/dmbaturin/hvinfo"
-#: ../../contributing/testing.rst:153
+#: ../../contributing/testing.rst:154
msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image."
@@ -1181,7 +1205,7 @@ msgstr "The reason is that the configuration migration backend is rewritten and
msgid "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
msgstr "The repository that contains all the ISO build scripts is: https://github.com/vyos/vyos-build"
-#: ../../contributing/testing.rst:53
+#: ../../contributing/testing.rst:54
msgid "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
msgstr "The script only searches for executable \"test-cases\" under ``/usr/libexec/vyos/tests/smoke/cli/`` and executes them one by one."
@@ -1205,7 +1229,7 @@ msgstr "The switch to the Python programming language for new code is not merely
msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader."
-#: ../../contributing/build-vyos.rst:310
+#: ../../contributing/build-vyos.rst:350
msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:"
@@ -1221,7 +1245,7 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo
msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters."
-#: ../../contributing/build-vyos.rst:257
+#: ../../contributing/build-vyos.rst:297
msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:"
@@ -1249,31 +1273,35 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https
msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay"
-#: ../../contributing/build-vyos.rst:572
+#: ../../contributing/build-vyos.rst:612
msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:"
-#: ../../contributing/build-vyos.rst:26
+#: ../../contributing/build-vyos.rst:76
+msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)."
+
+#: ../../contributing/build-vyos.rst:28
msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster."
-#: ../../contributing/testing.rst:147
+#: ../../contributing/testing.rst:148
msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports."
-#: ../../contributing/testing.rst:97
+#: ../../contributing/testing.rst:98
msgid "Those common tests consists out of:"
msgstr "Those common tests consists out of:"
-#: ../../contributing/build-vyos.rst:107
+#: ../../contributing/build-vyos.rst:173
msgid "Tips and Tricks"
msgstr "Tips and Tricks"
-#: ../../contributing/build-vyos.rst:46
+#: ../../contributing/build-vyos.rst:108
msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``."
-#: ../../contributing/build-vyos.rst:149
+#: ../../contributing/build-vyos.rst:37
msgid "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
msgstr "To build VyOS natively you require a properly configured build host with the following Debian versions installed:"
@@ -1285,7 +1313,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every
msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts."
-#: ../../contributing/build-vyos.rst:333
+#: ../../contributing/build-vyos.rst:373
msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directry. This is explained in the following step by step procedure:"
@@ -1305,19 +1333,19 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll
msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:"
-#: ../../contributing/build-vyos.rst:75
+#: ../../contributing/build-vyos.rst:137
msgid "To manually download the container from DockerHub, run:"
msgstr "To manually download the container from DockerHub, run:"
-#: ../../contributing/build-vyos.rst:156
+#: ../../contributing/build-vyos.rst:46
msgid "To start, clone the repository to your local machine:"
msgstr "To start, clone the repository to your local machine:"
-#: ../../contributing/build-vyos.rst:812
+#: ../../contributing/build-vyos.rst:852
msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one."
-#: ../../contributing/build-vyos.rst:711
+#: ../../contributing/build-vyos.rst:751
msgid "Troubleshooting"
msgstr "Troubleshooting"
@@ -1357,11 +1385,11 @@ msgstr "Useful commands are:"
msgid "VIF (incl. VIF-S/VIF-C)"
msgstr "VIF (incl. VIF-S/VIF-C)"
-#: ../../contributing/testing.rst:105
+#: ../../contributing/testing.rst:106
msgid "VLANs (QinQ and regular 802.1q)"
msgstr "VLANs (QinQ and regular 802.1q)"
-#: ../../contributing/build-vyos.rst:754
+#: ../../contributing/build-vyos.rst:794
msgid "VMware"
msgstr "VMware"
@@ -1373,7 +1401,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form."
msgid "Verbs **should** be avoided. If a verb can be omitted, omit it."
msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it."
-#: ../../contributing/build-vyos.rst:742
+#: ../../contributing/build-vyos.rst:782
msgid "Virtualization Platforms"
msgstr "Virtualization Platforms"
@@ -1381,7 +1409,11 @@ msgstr "Virtualization Platforms"
msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to higest priority. This is good as this gives a deterministic behavior."
-#: ../../contributing/build-vyos.rst:768
+#: ../../contributing/build-vyos.rst:168
+msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO."
+
+#: ../../contributing/build-vyos.rst:808
msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package."
@@ -1389,19 +1421,19 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst
msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO."
-#: ../../contributing/build-vyos.rst:600
+#: ../../contributing/build-vyos.rst:640
msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:"
msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:"
-#: ../../contributing/testing.rst:24
+#: ../../contributing/testing.rst:25
msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository."
-#: ../../contributing/build-vyos.rst:349
+#: ../../contributing/build-vyos.rst:389
msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository."
-#: ../../contributing/build-vyos.rst:341
+#: ../../contributing/build-vyos.rst:381
msgid "We now need to mount some required, volatile filesystems"
msgstr "We now need to mount some required, volatile filesystems"
@@ -1425,7 +1457,7 @@ msgstr "What was the configuration prior to the change?"
msgid "What were you attempting to achieve?"
msgstr "What were you attempting to achieve?"
-#: ../../contributing/testing.rst:34
+#: ../../contributing/testing.rst:35
msgid "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
msgstr "When and ISO image is assembled by the `VyOS CI`_, the ``BUILD_SMOKETEST`` parameter is enabled by default, which will extend the ISO configuration line with the following packages:"
@@ -1437,7 +1469,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is
msgid "When modifying the source code, remember these rules of the legacy elimination campaign:"
msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:"
-#: ../../contributing/build-vyos.rst:241
+#: ../../contributing/build-vyos.rst:281
msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``."
@@ -1449,7 +1481,7 @@ msgstr "When writing a new configuration migrator it may happen that you see an
msgid "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
msgstr "When you are able to verify that it is actually a bug, spend some time to document how to reproduce the issue. This documentation can be invaluable."
-#: ../../contributing/testing.rst:108
+#: ../../contributing/testing.rst:109
msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used."
@@ -1490,11 +1522,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was
msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes."
-#: ../../contributing/build-vyos.rst:827
+#: ../../contributing/build-vyos.rst:867
msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information."
-#: ../../contributing/build-vyos.rst:109
+#: ../../contributing/build-vyos.rst:175
msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:"
@@ -1506,7 +1538,7 @@ msgstr "You can type ``help`` to get an overview of the available commands, and
msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project."
-#: ../../contributing/build-vyos.rst:430
+#: ../../contributing/build-vyos.rst:470
msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers"
@@ -1526,7 +1558,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your
msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on."
-#: ../../contributing/testing.rst:106
+#: ../../contributing/testing.rst:107
msgid "..."
msgstr "..."
@@ -1582,7 +1614,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi
msgid "``set``"
msgstr "``set``"
-#: ../../contributing/build-vyos.rst:427
+#: ../../contributing/build-vyos.rst:467
msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us."
diff --git a/docs/_locale/uk/copyright.pot b/docs/_locale/uk/copyright.pot
index 1e83545b..c2e88942 100644
--- a/docs/_locale/uk/copyright.pot
+++ b/docs/_locale/uk/copyright.pot
@@ -13,8 +13,8 @@ msgid "Copyright Notice"
msgstr "Copyright Notice"
#: ../../copyright.md:3
-msgid "Copyright (C) 2018-2023 VyOS maintainers and contributors"
-msgstr "Copyright (C) 2018-2023 VyOS maintainers and contributors"
+msgid "Copyright (C) 2018-2024 VyOS maintainers and contributors"
+msgstr "Copyright (C) 2018-2024 VyOS maintainers and contributors"
#: ../../copyright.md:9
msgid "Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one."
diff --git a/docs/_locale/uk/index.pot b/docs/_locale/uk/index.pot
index 67dbae2e..e7c83842 100644
--- a/docs/_locale/uk/index.pot
+++ b/docs/_locale/uk/index.pot
@@ -12,23 +12,23 @@ msgstr ""
msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`."
-#: ../../index.rst:70
+#: ../../index.rst:72
msgid "Adminguide"
msgstr "Adminguide"
-#: ../../index.rst:31
+#: ../../index.rst:33
msgid "Automate"
msgstr "Automate"
-#: ../../index.rst:23
+#: ../../index.rst:25
msgid "Configuration and Operation"
msgstr "Configuration and Operation"
-#: ../../index.rst:44
+#: ../../index.rst:46
msgid "Contribute and Community"
msgstr "Contribute and Community"
-#: ../../index.rst:83
+#: ../../index.rst:85
msgid "Development"
msgstr "Development"
@@ -36,31 +36,31 @@ msgstr "Development"
msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_."
-#: ../../index.rst:38
+#: ../../index.rst:40
msgid "Examples"
msgstr "Examples"
-#: ../../index.rst:61
+#: ../../index.rst:63
msgid "First Steps"
msgstr "First Steps"
-#: ../../index.rst:11
+#: ../../index.rst:12
msgid "Get / Build VyOS"
msgstr "Get / Build VyOS"
-#: ../../index.rst:40
+#: ../../index.rst:42
msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure."
-#: ../../index.rst:16
+#: ../../index.rst:18
msgid "Install VyOS"
msgstr "Install VyOS"
-#: ../../index.rst:33
+#: ../../index.rst:35
msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`."
-#: ../../index.rst:96
+#: ../../index.rst:98
msgid "Misc"
msgstr "Misc"
@@ -68,11 +68,11 @@ msgstr "Misc"
msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`."
-#: ../../index.rst:13
+#: ../../index.rst:15
msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version."
-#: ../../index.rst:18
+#: ../../index.rst:20
msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers"
@@ -80,7 +80,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:
msgid "There are many ways to contribute to the project."
msgstr "There are many ways to contribute to the project."
-#: ../../index.rst:25
+#: ../../index.rst:27
msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example."
diff --git a/docs/_locale/uk/installation.pot b/docs/_locale/uk/installation.pot
index 32d05342..4cf97525 100644
--- a/docs/_locale/uk/installation.pot
+++ b/docs/_locale/uk/installation.pot
@@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project."
msgid "**Early Production Access**"
msgstr "**Early Production Access**"
-#: ../../installation/install.rst:538
+#: ../../installation/install.rst:541
msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file."
@@ -56,7 +56,7 @@ msgstr "**Release Candidate**"
msgid "**Requirements**"
msgstr "**Requirements**"
-#: ../../installation/install.rst:543
+#: ../../installation/install.rst:546
msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``."
@@ -128,37 +128,35 @@ msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs"
msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache."
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 custom VyOS powder coat"
msgstr "APU4 custom VyOS powder coat"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop back"
msgstr "APU4 desktop back"
-#: ../../installation/vyos-on-baremetal.rst:None
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 desktop closed"
msgstr "APU4 desktop closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack closed"
msgstr "APU4 rack closed"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack front"
msgstr "APU4 rack front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #1"
msgstr "APU4 rack module #1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #2"
msgstr "APU4 rack module #2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "APU4 rack module #3 with PSU"
msgstr "APU4 rack module #3 with PSU"
@@ -166,7 +164,7 @@ msgstr "APU4 rack module #3 with PSU"
msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page"
-#: ../../installation/install.rst:487
+#: ../../installation/install.rst:490
msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_."
@@ -234,7 +232,7 @@ msgstr "After installation - exit from the console using the key combination ``C
msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``."
-#: ../../installation/update.rst:81
+#: ../../installation/update.rst:88
msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command."
@@ -262,7 +260,7 @@ msgstr "An IP address"
msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode."
-#: ../../installation/install.rst:551
+#: ../../installation/install.rst:554
msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``."
@@ -338,7 +336,7 @@ msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected
msgid "Bits per second : 9600"
msgstr "Bits per second : 9600"
-#: ../../installation/install.rst:580
+#: ../../installation/install.rst:583
msgid "Black screen on install"
msgstr "Black screen on install"
@@ -358,39 +356,39 @@ msgstr "Building from source"
msgid "CLI"
msgstr "CLI"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Back"
msgstr "CSE-505-203B Back"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Front"
msgstr "CSE-505-203B Front"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 1"
msgstr "CSE-505-203B Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 2"
msgstr "CSE-505-203B Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B Open 3"
msgstr "CSE-505-203B Open 3"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open"
msgstr "CSE-505-203B w/ 10GE Open"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 1"
msgstr "CSE-505-203B w/ 10GE Open 1"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 2"
msgstr "CSE-505-203B w/ 10GE Open 2"
-#: ../../installation/vyos-on-baremetal.rst:None
+#: ../../installation/vyos-on-baremetal.rst:-1
msgid "CSE-505-203B w/ 10GE Open 3"
msgstr "CSE-505-203B w/ 10GE Open 3"
@@ -455,7 +453,7 @@ msgstr "Click to ``Instances`` and ``Launch Instance``"
msgid "Click to your new vm and find out your Public IP address."
msgstr "Click to your new vm and find out your Public IP address."
-#: ../../installation/install.rst:562
+#: ../../installation/install.rst:565
msgid "Client Boot"
msgstr "Client Boot"
@@ -491,7 +489,7 @@ msgstr "Configure Security Group. It's recommended that you configure ssh access
msgid "Configure a DHCP server to provide the client with:"
msgstr "Configure a DHCP server to provide the client with:"
-#: ../../installation/install.rst:476
+#: ../../installation/install.rst:479
msgid "Configure a TFTP server so that it serves the following:"
msgstr "Configure a TFTP server so that it serves the following:"
@@ -525,11 +523,8 @@ msgid "Connect to the instance by SSH key."
msgstr "Connect to the instance by SSH key."
#: ../../installation/cloud/index.rst:7
-#: ../../installation/cloud/index.rst:7
-#: ../../installation/index.rst:7
#: ../../installation/index.rst:7
#: ../../installation/virtual/index.rst:5
-#: ../../installation/virtual/index.rst:5
msgid "Content"
msgstr "Content"
@@ -649,7 +644,7 @@ msgstr "Disable XHCI"
msgid "Disk size"
msgstr "Disk size"
-#: ../../installation/install.rst:547
+#: ../../installation/install.rst:550
msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead."
@@ -727,15 +722,10 @@ msgid "Every version is contained in its own squashfs image that is mounted in a
msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts."
#: ../../installation/install.rst:17
-#: ../../installation/install.rst:17
-#: ../../installation/install.rst:21
#: ../../installation/install.rst:21
#: ../../installation/install.rst:25
-#: ../../installation/install.rst:25
-#: ../../installation/install.rst:29
#: ../../installation/install.rst:29
#: ../../installation/install.rst:33
-#: ../../installation/install.rst:33
#: ../../installation/install.rst:37
msgid "Everyone"
msgstr "Everyone"
@@ -752,11 +742,11 @@ msgstr "Example"
msgid "Example:"
msgstr "Example:"
-#: ../../installation/install.rst:519
+#: ../../installation/install.rst:522
msgid "Example of simple (no menu) configuration file:"
msgstr "Example of simple (no menu) configuration file:"
-#: ../../installation/install.rst:499
+#: ../../installation/install.rst:502
msgid "Example of the contents of the TFTP server:"
msgstr "Example of the contents of the TFTP server:"
@@ -768,7 +758,7 @@ msgstr "Extension Modules"
msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_"
-#: ../../installation/install.rst:564
+#: ../../installation/install.rst:567
msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers."
@@ -816,7 +806,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c
msgid "GPG verification"
msgstr "GPG verification"
-#: ../../installation/install.rst:582
+#: ../../installation/install.rst:585
msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image."
@@ -964,7 +954,7 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration
msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**."
-#: ../../installation/install.rst:491
+#: ../../installation/install.rst:494
msgid "In the example we configured our existent VyOS as the TFTP server too:"
msgstr "In the example we configured our existent VyOS as the TFTP server too:"
@@ -985,7 +975,7 @@ msgstr "Installation"
msgid "Installation and Image Management"
msgstr "Installation and Image Management"
-#: ../../installation/install.rst:594
+#: ../../installation/install.rst:597
msgid "Installation can then continue as outlined above."
msgstr "Installation can then continue as outlined above."
@@ -1021,7 +1011,7 @@ msgstr "It is advised that VyOS routers are configured in a resource group with
msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with."
-#: ../../installation/install.rst:575
+#: ../../installation/install.rst:578
msgid "Known Issues"
msgstr "Known Issues"
@@ -1057,7 +1047,7 @@ msgstr "Live installation"
msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)"
msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)"
-#: ../../installation/install.rst:555
+#: ../../installation/install.rst:558
msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients."
@@ -1138,7 +1128,7 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po
msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive."
-#: ../../installation/install.rst:569
+#: ../../installation/install.rst:572
msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation."
@@ -1462,11 +1452,11 @@ msgstr "Stayed in this stage. This is because the KVM console is chosen as the d
msgid "Step 1: DHCP"
msgstr "Step 1: DHCP"
-#: ../../installation/install.rst:474
+#: ../../installation/install.rst:477
msgid "Step 2: TFTP"
msgstr "Step 2: TFTP"
-#: ../../installation/install.rst:531
+#: ../../installation/install.rst:534
msgid "Step 3: HTTP"
msgstr "Step 3: HTTP"
@@ -1498,11 +1488,11 @@ msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be u
msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*"
-#: ../../installation/install.rst:479
+#: ../../installation/install.rst:482
msgid "The *ldlinux.c32* file from the Syslinux distribution"
msgstr "The *ldlinux.c32* file from the Syslinux distribution"
-#: ../../installation/install.rst:478
+#: ../../installation/install.rst:481
msgid "The *pxelinux.0* file from the Syslinux distribution"
msgstr "The *pxelinux.0* file from the Syslinux distribution"
@@ -1582,7 +1572,7 @@ msgstr "The image will be loaded and the last lines you will get will be:"
msgid "The import can be verified with:"
msgstr "The import can be verified with:"
-#: ../../installation/install.rst:483
+#: ../../installation/install.rst:486
msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name."
@@ -1590,7 +1580,7 @@ msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *ini
msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli."
-#: ../../installation/install.rst:480
+#: ../../installation/install.rst:483
msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file."
@@ -1598,7 +1588,7 @@ msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz
msgid "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depending on your use, you might need additional RAM and CPU resources e.g. when having multiple BGP full tables in your system."
-#: ../../installation/update.rst:76
+#: ../../installation/update.rst:83
msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:"
@@ -1618,7 +1608,7 @@ msgstr "The system is fully operational."
msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`."
-#: ../../installation/install.rst:587
+#: ../../installation/install.rst:590
msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:"
@@ -1663,7 +1653,7 @@ msgstr "This guide was developed using an APU4C4 board with the following specs:
msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3."
-#: ../../installation/install.rst:577
+#: ../../installation/install.rst:580
msgid "This is a list of known issues that can arise during installation."
msgstr "This is a list of known issues that can arise during installation."
@@ -1695,6 +1685,10 @@ msgstr "To turn the template into a working VyOS machine, further steps are nece
msgid "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`."
+#: ../../installation/update.rst:81
+msgid "To use the `latest` option the \"system update-check url\" must be configured."
+msgstr "To use the `latest` option the \"system update-check url\" must be configured."
+
#: ../../installation/install.rst:248
msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:"
@@ -1827,7 +1821,7 @@ msgstr "Wait until you get the outcome (bytes copied). Be patient, in some compu
msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3."
-#: ../../installation/install.rst:533
+#: ../../installation/install.rst:536
msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above."
@@ -1879,6 +1873,10 @@ msgstr "You can go back to your Vyatta install using the ``set system image defa
msgid "You can now proceed with a regular image installation as described in :ref:`installation`."
msgstr "You can now proceed with a regular image installation as described in :ref:`installation`."
+#: ../../installation/update.rst:75
+msgid "You can use ``latest`` option. It loads the latest available Rolling release."
+msgstr "You can use ``latest`` option. It loads the latest available Rolling release."
+
#: ../../installation/migrate-from-vyatta.rst:28
msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time."
@@ -1923,7 +1921,7 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.
msgid "``gpg --recv-keys FD220285A0FE6D7E``"
msgstr "``gpg --recv-keys FD220285A0FE6D7E``"
-#: ../../installation/install.rst:590
+#: ../../installation/install.rst:593
msgid "`console=ttyS0,115200`"
msgstr "`console=ttyS0,115200`"
@@ -1955,7 +1953,7 @@ msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-
msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E"
-#: ../../installation/update.rst:79
+#: ../../installation/update.rst:86
msgid "https://vyos.net/get/nightly-builds/"
msgstr "https://vyos.net/get/nightly-builds/"
@@ -1971,6 +1969,6 @@ msgstr "https://www.oracle.com/cloud/"
msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso"
-#: ../../installation/install.rst:592
+#: ../../installation/install.rst:595
msgid "option, and type CTRL-X to boot."
msgstr "option, and type CTRL-X to boot."
diff --git a/docs/_locale/uk/quick-start.pot b/docs/_locale/uk/quick-start.pot
index a4f5f559..dd040c21 100644
--- a/docs/_locale/uk/quick-start.pot
+++ b/docs/_locale/uk/quick-start.pot
@@ -8,19 +8,19 @@ msgstr ""
"Language: uk\n"
"Plural-Forms: nplurals=3; plural=((n%10==1) && (n%100!=11)) ? 0 : ((n%10>=2 && n%10<=4) && ((n%100<12 || n%100>14))) ? 1 : 2;\n"
-#: ../../quick-start.rst:178
+#: ../../quick-start.rst:189
msgid "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
msgstr "A default action of ``return``, which returns the packet back to the original chain if no action is taken."
-#: ../../quick-start.rst:124
+#: ../../quick-start.rst:125
msgid "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
msgstr "A new firewall structure—which uses the ``nftables`` backend, rather than ``iptables``—is available on all installations starting from VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, interlinked chains for each `Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ and allows for more granular control over the packet filtering process."
-#: ../../quick-start.rst:180
+#: ../../quick-start.rst:191
msgid "A rule to ``accept`` packets from established and related connections."
msgstr "A rule to ``accept`` packets from established and related connections."
-#: ../../quick-start.rst:181
+#: ../../quick-start.rst:192
msgid "A rule to ``drop`` packets from invalid connections."
msgstr "A rule to ``drop`` packets from invalid connections."
@@ -40,27 +40,31 @@ msgstr "After switching to :ref:`quick-start-configuration-mode` issue the follo
msgid "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
msgstr "After switching to :ref:`quick-start-configuration-mode` issue the following commands:"
-#: ../../quick-start.rst:301
+#: ../../quick-start.rst:311
msgid "Allow Access to Services"
msgstr "Allow Access to Services"
-#: ../../quick-start.rst:257
+#: ../../quick-start.rst:267
msgid "Allow Management Access"
msgstr "Allow Management Access"
-#: ../../quick-start.rst:208
+#: ../../quick-start.rst:202
msgid "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
msgstr "Alternatively, instead of configuring the ``CONN_FILTER`` chain described above, you can take the more traditional stateful connection filtering approach by creating rules on each hook's chain:"
+#: ../../quick-start.rst:219
+msgid "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+msgstr "Alternatively, you can take the more traditional stateful connection filtering approach by creating rules on each base hook's chain:"
+
#: ../../quick-start.rst:167
msgid "Apply the firewall policies:"
msgstr "Apply the firewall policies:"
-#: ../../quick-start.rst:367
+#: ../../quick-start.rst:377
msgid "As above, commit your changes, save the configuration, and exit configuration mode:"
msgstr "As above, commit your changes, save the configuration, and exit configuration mode:"
-#: ../../quick-start.rst:227
+#: ../../quick-start.rst:237
msgid "Block Incoming Traffic"
msgstr "Block Incoming Traffic"
@@ -76,7 +80,7 @@ msgstr "By default, VyOS is in operational mode, and the command prompt displays
msgid "Commit and Save"
msgstr "Commit and Save"
-#: ../../quick-start.rst:327
+#: ../../quick-start.rst:337
msgid "Commit changes, save the configuration, and exit configuration mode:"
msgstr "Commit changes, save the configuration, and exit configuration mode:"
@@ -84,19 +88,19 @@ msgstr "Commit changes, save the configuration, and exit configuration mode:"
msgid "Configuration Mode"
msgstr "Configuration Mode"
-#: ../../quick-start.rst:143
+#: ../../quick-start.rst:138
msgid "Configure Firewall Groups"
msgstr "Configure Firewall Groups"
-#: ../../quick-start.rst:162
+#: ../../quick-start.rst:157
msgid "Configure Stateful Packet Filtering"
msgstr "Configure Stateful Packet Filtering"
-#: ../../quick-start.rst:271
+#: ../../quick-start.rst:281
msgid "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
msgstr "Configure a rule on the ``input`` hook filter to jump to the ``VyOS_MANAGEMENT`` chain when new connections are addressed to port 22 (SSH) on the router itself:"
-#: ../../quick-start.rst:233
+#: ../../quick-start.rst:243
msgid "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
msgstr "Create a new chain (``OUTSIDE-IN``) which will drop all traffic that is not explicity allowed at some point in the chain. Then, we can jump to that chain from the ``forward`` hook when traffic is coming from the ``WAN`` interface group and is addressed to our local network."
@@ -120,35 +124,35 @@ msgstr "DHCP leases will hold for one day (86400 seconds)"
msgid "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
msgstr "Documentation for most of the new firewall CLI can be found in the :ref:`firewall` chapter.The legacy firewall is still available for versions before ``1.4-rolling-202308040557`` and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the new configuration."
-#: ../../quick-start.rst:341
+#: ../../quick-start.rst:351
msgid "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
msgstr "Especially if you are allowing SSH remote access from the outside/WAN interface, there are a few additional configuration steps that should be taken."
-#: ../../quick-start.rst:281
+#: ../../quick-start.rst:291
msgid "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
msgstr "Finally, configure the ``VyOS_MANAGEMENT`` chain to accept connection from the ``LAN`` interface group while limiting requests coming from the ``WAN`` interface group to 4 per minute:"
-#: ../../quick-start.rst:357
+#: ../../quick-start.rst:367
msgid "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
msgstr "Finally, try and SSH into the VyOS install as your new user. Once you have confirmed that your new user can access your router without a password, delete the original ``vyos`` user and completely disable password authentication for :ref:`ssh`:"
-#: ../../quick-start.rst:319
+#: ../../quick-start.rst:329
msgid "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
msgstr "Finally, we can now configure access to the services running on this router, allowing all connections coming from localhost:"
-#: ../../quick-start.rst:122
+#: ../../quick-start.rst:123
msgid "Firewall"
msgstr "Firewall"
-#: ../../quick-start.rst:263
+#: ../../quick-start.rst:273
msgid "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
msgstr "First, create a new dedicated chain (``VyOS_MANAGEMENT``) for management access, which returns to the parent chain if no action is taken. Add a rule to accept traffic from the ``LAN`` interface group:"
-#: ../../quick-start.rst:339
+#: ../../quick-start.rst:349
msgid "Hardening"
msgstr "Hardening"
-#: ../../quick-start.rst:303
+#: ../../quick-start.rst:313
msgid "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
msgstr "Here we're allowing the router to respond to pings. Then, we can allow access to the DNS recursor we configured earlier, accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` network:"
@@ -156,7 +160,11 @@ msgstr "Here we're allowing the router to respond to pings. Then, we can allow a
msgid "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
msgstr "If you wanted to enable SSH access to your firewall from the outside/WAN interface, you could create some additional rules to allow that kind of traffic."
-#: ../../quick-start.rst:150
+#: ../../quick-start.rst:145
+msgid "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+msgstr "In this case, we will create two interface groups — a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
+
+#: ../../quick-start.rst:144
msgid "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
msgstr "In this case, we will create two interface groups—a ``WAN`` group for our interfaces connected to the public internet and a ``LAN`` group for the interfaces connected to our internal network. Additionally, we will create a network group, ``NET-INSIDE-v4``, that contains our internal subnet."
@@ -164,11 +172,15 @@ msgstr "In this case, we will create two interface groups—a ``WAN`` group for
msgid "Interface Configuration"
msgstr "Interface Configuration"
-#: ../../quick-start.rst:109
+#: ../../quick-start.rst:170
+msgid "Most installations would choose this option, and will contain:"
+msgstr "Most installations would choose this option, and will contain:"
+
+#: ../../quick-start.rst:110
msgid "NAT"
msgstr "NAT"
-#: ../../quick-start.rst:229
+#: ../../quick-start.rst:239
msgid "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
msgstr "Now that we have configured stateful connection filtering to allow traffic from established and related connections, we can block all other incoming traffic addressed to our local network."
@@ -180,19 +192,31 @@ msgstr "Once your configuration works as expected, you can save it permanently b
msgid "Only hosts from your internal/LAN network can use the DNS recursor"
msgstr "Only hosts from your internal/LAN network can use the DNS recursor"
-#: ../../quick-start.rst:168
+#: ../../quick-start.rst:162
msgid "Option 1: Common Chain"
msgstr "Option 1: Common Chain"
-#: ../../quick-start.rst:206
+#: ../../quick-start.rst:163
+msgid "Option 1: Global State Policies"
+msgstr "Option 1: Global State Policies"
+
+#: ../../quick-start.rst:179
+msgid "Option 2: Common/Custom Chain"
+msgstr "Option 2: Common/Custom Chain"
+
+#: ../../quick-start.rst:200
msgid "Option 2: Per-Hook Chain"
msgstr "Option 2: Per-Hook Chain"
+#: ../../quick-start.rst:217
+msgid "Option 3: Per-Hook Chain"
+msgstr "Option 3: Per-Hook Chain"
+
#: ../../quick-start.rst:5
msgid "Quick Start"
msgstr "Quick Start"
-#: ../../quick-start.rst:344
+#: ../../quick-start.rst:354
msgid "Replace the default ``vyos`` system user:"
msgstr "Replace the default ``vyos`` system user:"
@@ -204,7 +228,7 @@ msgstr "Replace the default `vyos` system user:"
msgid "SSH Management"
msgstr "SSH Management"
-#: ../../quick-start.rst:350
+#: ../../quick-start.rst:360
msgid "Set up :ref:`ssh_key_based_authentication`:"
msgstr "Set up :ref:`ssh_key_based_authentication`:"
@@ -216,7 +240,7 @@ msgstr "The address range `192.168.0.2/24 - 192.168.0.8/24` will be reserved for
msgid "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
msgstr "The address range ``192.168.0.2/24 - 192.168.0.8/24`` will be reserved for static assignments"
-#: ../../quick-start.rst:176
+#: ../../quick-start.rst:187
msgid "The chain we will create is called ``CONN_FILTER`` and has three rules:"
msgstr "The chain we will create is called ``CONN_FILTER`` and has three rules:"
@@ -228,7 +252,7 @@ msgstr "The default gateway and DNS recursor address will be `192.168.0.1/24`"
msgid "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
msgstr "The default gateway and DNS recursor address will be ``192.168.0.1/24``"
-#: ../../quick-start.rst:137
+#: ../../quick-start.rst:132
msgid "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
msgstr "The firewall begins with the base ``filter`` tables you define for each of the ``forward``, ``input``, and ``output`` Netfiter hooks. Each of these tables is populated with rules that are processed in order and can jump to other chains for more granular filtering."
@@ -236,11 +260,11 @@ msgstr "The firewall begins with the base ``filter`` tables you define for each
msgid "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
msgstr "The following settings will configure DHCP and DNS services on your internal/LAN network, where VyOS will act as the default gateway and DNS server."
-#: ../../quick-start.rst:111
+#: ../../quick-start.rst:112
msgid "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
msgstr "The following settings will configure :ref:`source-nat` rules for our internal/LAN network, allowing hosts to communicate through the outside/WAN network via IP masquerade."
-#: ../../quick-start.rst:194
+#: ../../quick-start.rst:205
msgid "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
msgstr "Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains:"
@@ -260,31 +284,39 @@ msgstr "This chapter will guide you on how to get up to speed quickly using your
msgid "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
msgstr "This configuration creates a proper stateful firewall that blocks all traffic which was not initiated from the internal/LAN side first."
-#: ../../quick-start.rst:145
+#: ../../quick-start.rst:140
msgid "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
msgstr "To make firewall configuration easier, we can create groups of interfaces, networks, addresses, ports, and domains that describe different parts of our network. We can then use them for filtering within our firewall rulesets, allowing for more concise and readable configuration."
+#: ../../quick-start.rst:164
+msgid "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+msgstr "Using options defined in ``set firewall global-options state-policy``, state policy rules that applies for both IPv4 and IPv6 are created. These global state policies also applies for all traffic that passes through the router (transit) and for traffic originated/destinated to/from the router itself, and will be avaluated before any other rule defined in the firewall."
+
#: ../../quick-start.rst:90
msgid "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
msgstr "VyOS will serve as a full DNS recursor, replacing the need to utilize Google, Cloudflare, or other public DNS servers (which is good for privacy)"
-#: ../../quick-start.rst:170
+#: ../../quick-start.rst:181
msgid "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
msgstr "We can create a common chain for stateful connection filtering of multiple interfaces (or multiple netfilter hooks on one interface). Those individual chains can then jump to the common chain for stateful connection filtering, returning to the original chain for further rule processing if no action is taken on the packet."
-#: ../../quick-start.rst:259
+#: ../../quick-start.rst:269
msgid "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
msgstr "We can now configure access to the router itself, allowing SSH access from the inside/LAN network and rate limiting SSH access from the outside/WAN network."
-#: ../../quick-start.rst:247
+#: ../../quick-start.rst:257
msgid "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
msgstr "We should also block all traffic destinated to the router itself that isn't explicitly allowed at some point in the chain for the ``input`` hook. As we've already configured stateful packet filtering above, we only need to set the default action to ``drop``:"
-#: ../../quick-start.rst:164
+#: ../../quick-start.rst:159
+msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the three alternative approaches below."
+
+#: ../../quick-start.rst:158
msgid "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
msgstr "With the new firewall structure, we have have a lot of flexibility in how we group and order our rules, as shown by the two alternative approaches below."
-#: ../../quick-start.rst:379
+#: ../../quick-start.rst:389
msgid "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
msgstr "You now should have a simple yet secure and functioning router to experiment with further. Enjoy!"
diff --git a/docs/_static/css/breadcrumbs.css b/docs/_static/css/breadcrumbs.css
new file mode 100644
index 00000000..bdc91993
--- /dev/null
+++ b/docs/_static/css/breadcrumbs.css
@@ -0,0 +1,165 @@
+.wy-breadcrumbs {
+
+ & > li,
+ & > li a {
+ color: #636A6D;
+ font-family: 'Roboto', sans-serif;
+ font-weight: 500;
+ letter-spacing: -0.5px;
+ height: 26px;
+ }
+
+ & > li a {
+ padding: 0 5px 0 0;
+ }
+
+ & > li:nth-child(1) {
+ visibility: hidden;
+ position: relative;
+ padding-left: 0;
+ }
+
+ & > li > .icon-home::after {
+ content: url('../images/breadcrumbs-icon.svg');
+ visibility: visible;
+ top: 6px;
+ position: absolute;
+ }
+
+ & > li > .icon-home::before {
+ padding-right: 0;
+ content: 'Home';
+ visibility: visible;
+ font-family: 'Roboto', sans-serif;
+ letter-spacing: -0.5px;
+ font-weight: 500;
+ }
+
+ & > li:nth-child(n + 1) {
+ font-weight: 500;
+ position: relative;
+ }
+
+ & > li:nth-child(n + 1)::before {
+ display: none;
+ }
+
+ & > li:nth-last-child(2) {
+ color: #121010;
+ }
+
+ & > li:nth-last-child(2)::after,
+ & > li:nth-last-child(1)::after {
+ display: none !important
+ }
+
+ & > li:nth-child(n + 1)::after {
+ content: url('../images/breadcrumbs-icon.svg');
+ top: 0;
+ position: absolute;
+ width: 20px;
+ height: 100%;
+ display: flex;
+ justify-content: center;
+ align-items: center;
+ background-color: #fff;
+ }
+
+ & > li:last-of-type:has(a),
+ & > li:last-of-type:has(a) a {
+ font-family: 'Archivo', sans-serif;
+ font-size: 14px;
+ font-weight: 700;
+ letter-spacing: -0.02em;
+ color: #fff;
+ background-color: #121010;
+ display: flex;
+ align-items: center;
+ }
+
+ & > li:last-of-type:has(a) {
+ padding: 7px 10px;
+ border-radius: 4px;
+ height: 30px;
+ }
+
+ & > li:last-of-type:has(a) a {
+ max-height: 100%;
+ }
+
+ & > li:last-of-type:has(a) a::before {
+ content: url('../images/github.svg');
+ margin-right: 4px;
+ display: flex;
+ align-items: center;
+ }
+
+ & > li:last-of-type::before {
+ display: none;
+ }
+}
+
+@media screen and (max-width: 375px) {
+
+ .wy-breadcrumbs {
+ & > li > .icon-home::after {
+ right: -2px;
+ }
+
+ & > li:nth-child(n + 1)::after {
+ right: -13px;
+ }
+ }
+
+ .wy-breadcrumbs > li {
+ padding: 5px 5px 5px 0;
+ }
+
+ .wy-breadcrumbs > li,
+ .wy-breadcrumbs > li a {
+ font-size: 14px;
+ }
+
+ .wy-breadcrumbs > li > .icon-home::before {
+ font-size: 14px;
+ }
+}
+
+@media screen and (min-width: 376px) {
+ .wy-breadcrumbs {
+ & > li > .icon-home::after {
+ right: -8px;
+ }
+
+ & > li:nth-child(n + 1)::after {
+ right: -13px;
+ }
+ }
+
+ .wy-breadcrumbs > li {
+ padding: 5px 5px 5px 10px;
+ }
+
+ .wy-breadcrumbs > li,
+ .wy-breadcrumbs > li a {
+ font-size: 16px;
+ }
+
+ .wy-breadcrumbs > li > .icon-home::before {
+ font-size: 16px;
+ }
+}
+
+@media screen and (max-width: 991px) {
+ li.wy-breadcrumbs-aside {
+ display: none !important;
+ }
+}
+
+@media screen and (max-width: 1200px) {
+ ul.wy-breadcrumbs:has(li + li + li + li) li.wy-breadcrumbs-aside {
+ margin: 24px 0 16px;
+ max-width: 140px;
+ float: none;
+ }
+}
diff --git a/docs/_static/css/code-snippets.css b/docs/_static/css/code-snippets.css
new file mode 100644
index 00000000..555b80d7
--- /dev/null
+++ b/docs/_static/css/code-snippets.css
@@ -0,0 +1,233 @@
+.rst-content {
+ & div[class^=highlight],
+ & pre.literal-block {
+ border: none;
+ background: linear-gradient(#FF9000, #FFBF12);
+ border-radius: 8px;
+ padding-left: 5px;
+ }
+
+ & div[class^=highlight] div[class^=highlight],
+ & pre.literal-block div[class^=highlight] {
+ background: #525659 !important;
+ border-radius: 0;
+ border: none;
+ padding: 0;
+ position: relative;
+ }
+
+ & .linenodiv pre,
+ & div[class^=highlight] pre,
+ & pre.literal-block {
+ font-size: 16px;
+ font-family: 'Roboto Mono', monospace;
+ font-weight: 400;
+ letter-spacing: -0.04em;
+ color: #fff;
+ line-height: 1.2;
+ overflow-x: scroll;
+ scroll-behavior: smooth;
+ }
+
+ & .linenodiv pre::-webkit-scrollbar,
+ & div[class^=highlight] pre::-webkit-scrollbar,
+ & pre.literal-block::-webkit-scrollbar {
+ height: 3px;
+ color: #99A0A5 transparent;
+ }
+
+ & .linenodiv pre::-webkit-scrollbar-track,
+ & div[class^=highlight] pre::-webkit-scrollbar-track,
+ & pre.literal-block::-webkit-scrollbar-track {
+ background-color: transparent;
+ border-radius: 8px;
+ margin: 0 18px;
+ }
+
+ & .linenodiv pre::-webkit-scrollbar-thumb,
+ & div[class^=highlight] pre::-webkit-scrollbar-thumb,
+ & pre.literal-block::-webkit-scrollbar-thumb {
+ background-color: #99A0A5;
+ border-radius: 8px;
+ margin: 0 10px;
+ }
+
+}
+
+/* copy code div */
+.highlight > .copyDiv {
+ display: flex;
+ align-items: center;
+ transition: transform linear 250ms, width linear 250ms;
+ bottom: 0;
+ right: 0;
+ width: 100%;
+ padding: 5px 12px;
+ justify-content: end;
+ background-color: #393C3F;
+ height: 32px;
+ margin-top: 4px;
+}
+
+.copiedNotifier > span {
+ font-size: 14px !important;
+ color: #fff !important;
+ text-align: center;
+ margin-bottom: 0;
+}
+
+.highlight {
+
+ & .kn {
+ color: #ccffda;
+ }
+
+ & .nn {
+ color: #d0eefb;
+ }
+
+ & .o {
+ color: #e6e6e6;
+ }
+
+ & .s2 {
+ color: #dbe6f0;
+ }
+
+ & .s1 {
+ color: #dbe6f0;
+ }
+
+ & .nb {
+ color: #ccffda;
+ }
+
+ & .c1 {
+ color: #dcebef;
+ font-style: italic;
+ }
+
+ & .nt {
+ color: #8db1fe;
+ font-weight: bold;
+ }
+
+ & .k {
+ color: #ccffda;
+ font-weight: bold;
+ }
+
+ & .se {
+ color: #dbe6f0;
+ font-weight: bold;
+ }
+
+ & .nv {
+ color: #eed7f4;
+ }
+
+ & .gh {
+ color: #ccccff;
+ font-weight: bold;
+ }
+
+ & .gd {
+ color: #ffcccc;
+ }
+
+ & .gi {
+ color: #ccffcc;
+ }
+
+ & .gu {
+ color: #ffc2ff;
+ font-weight: bold;
+ }
+
+ & .na {
+ color: #81c0ff;
+ }
+
+ & .s {
+ color: #dbe6f0;
+ }
+
+ & .ni {
+ color: #f4d4cd;
+ font-weight: bold;
+ }
+
+ & .cm {
+ color: #d5e7ec;
+ font-style: italic;
+ }
+
+ & .cp {
+ color: #c2ffd3;
+ }
+
+ & .mi {
+ color: #cef3e0;
+ }
+
+ & .nf {
+ color: #c5d4fc;
+ }
+
+ & .kc {
+ color: #c2ffd3;
+ font-weight: bold;
+ }
+
+ & .ch {
+ color: #d5e7ec;
+ font-style: italic;
+ }
+
+ & .mf {
+ color: #d6f5e6;
+ }
+
+ & .go {
+ color: #e6e6e6;
+ }
+
+ & .m {
+ color: #d6f5e6;
+ }
+}
+
+.rst-content blockquote {
+ margin: 0
+}
+
+.rst-content div:has(ul + blockquote) blockquote {
+ margin: 15px 0 15px 24px
+}
+
+@media screen and (max-width: 991px) {
+ .rst-content .linenodiv pre,
+ .rst-content div[class^=highlight] pre,
+ .rst-content pre.literal-block {
+ padding: 16px 20px;
+ }
+
+ .copyDiv > p {
+ margin: 0 10px 0 0;
+ color: #fff;
+ font-family: 'Roboto', sans-serif;
+ font-size: 14px;
+ }
+}
+
+@media screen and (min-width: 992px) {
+ .rst-content .linenodiv pre,
+ .rst-content div[class^=highlight] pre,
+ .rst-content pre.literal-block {
+ padding: 24px 36px 18px;
+ }
+
+ .copyDiv > p {
+ display: none;
+ }
+}
diff --git a/docs/_static/css/configuration/index.css b/docs/_static/css/configuration/index.css
new file mode 100644
index 00000000..a759ea45
--- /dev/null
+++ b/docs/_static/css/configuration/index.css
@@ -0,0 +1,23 @@
+#configuration-guide > div > ul > li {
+ list-style: none !important;
+ position: relative;
+}
+
+#configuration-guide > div > ul > li::before {
+ content: '';
+ position: absolute;
+ top: 9px;
+ left: -15px;
+ width: 6px;
+ height: 6px;
+ background-color: #000;
+ border-radius: 50%;
+}
+
+#configuration-guide .toctree-l1 > a {
+ color: #FD8F01;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ font-weight: 400;
+ letter-spacing: -0.5px;
+} \ No newline at end of file
diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css
index e934fb54..cdb036d2 100644
--- a/docs/_static/css/custom.css
+++ b/docs/_static/css/custom.css
@@ -1,215 +1,535 @@
-div.card-header {
- font-weight: bold;
- background: #fdab10;
-}
-
-span.opcmd,
-span.cfgcmd {
- font-weight: bold;
- background-color: transparent;
- border: none;
- padding: 0;
- font-size: 100% !important;
- max-width: 100%;
- color: #000;
- font-family: SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;
-}
-
-span.cfgcmd:before {
- content: "#";
- margin-right: 0px;
-}
-
-td a.cmdlink span.cfgcmd:before,
-td a.cmdlink span.opcmd:before {
- content: "";
+p.devwarning {
+ top: 10px;
+ position: sticky;
+ margin: 10px 10px 10px 310px;
+ padding: 5px 10px;
+ border-radius: 4px;
+ letter-spacing: 1px;
+ color: #000;
+ text-align: center;
+ background: #d40
+ repeating-linear-gradient(
+ 135deg,
+ transparent,
+ transparent 56px,
+ rgba(255, 255, 255, 0.2) 56px,
+ rgba(255, 255, 255, 0.2) 112px
+ );
+ background-color: #fdab10;
+}
+
+/* main page */
+.wy-body-for-nav {
+ background: #fff;
+ overflow-y: hidden
+}
+
+.wy-grid-for-nav {
+ margin: 0 auto;
+ position: relative;
+ padding-top: 80px;
+ display: flex;
+
+ &:has(nav.wy-nav-side.shift) {
+ background: #E7E7E7;
+ }
+
+ &:not(:has(nav.shift)) > section > div.overlay {
+ background-color: transparent
+ }
+
+ &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li a::before,
+ &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li a::after,
+ &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li::before,
+ &:not(:has(nav.shift)) section > div.overlay > div .wy-breadcrumbs > li::after {
+ background-color: #fff;
+ }
+}
+
+.wy-nav-content-wrap {
+ width: 100%;
+ margin-left: auto;
+ background-color: transparent;
}
-td a.cmdlink,
-td a.cmdlink {
- margin-left: 0px;
-}
+.wy-nav-content {
+ max-width: 100%;
+ background-color: transparent;
+
+ &.overlay > div > div[role=navigation] .wy-breadcrumbs > li a::before,
+ &.overlay > div > div[role=navigation] .wy-breadcrumbs > li a::after,
+ &.overlay > div > div[role=navigation] .wy-breadcrumbs > li::before,
+ &.overlay > div > div[role=navigation] .wy-breadcrumbs > li::after,
+ &.overlay > div > div.document div.sd-card,
+ &.overlay > div > div.document div.sd-card-title {
+ background-color: #E7E7E7;
+ }
+
+ &.overlay > div.rst-content > footer > .rst-footer-buttons > a {
+ background-color: #E7E7E7 !important;
+ }
+
+}
+
+/* main-page content */
+#vyos-user-guide {
+ & .sd-container-fluid {
+ padding-left: 0;
+ padding-right: 0;
+ }
+
+ & .sd-container-fluid > .docutils > .sd-col {
+ max-width: 387px;
+ box-shadow: none;
+ flex: none;
+ width: 100% !important;
+ padding: 0 !important;
+ margin-top: 0 !important;
+
+ & .sd-card-body .sd-card-text {
+ min-height: 120px;
+ }
+ }
+
+ & > div.sd-container-fluid {
+ margin-top: 30px;
+
+ & > div.docutils {
+ margin: 0;
+ display: grid;
+ }
+ }
+
+ & > .pb-4 {
+ padding-bottom: 1.4rem !important;
+ }
+}
+
+div.sd-card-title {
+ font-weight: bold;
+ background: #fff;
+ border: none;
+ font-family: 'Archivo', sans-serif;
+}
+
+.sd-card {
+ background: #fff;
+ border: none;
+ border-bottom: 1px solid #ffae12;
+ border-radius: 0;
+ box-shadow: none !important;
+}
+
+.sd-card-body {
+ padding: 0;
+}
+
+.sd-card-title,
+.sd-card-text {
+ padding: 0;
+}
+
+.internal > .std-ref,
+.line > .external {
+ color: #fd8f01;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ letter-spacing: -0.5px;
+ font-weight: 400;
+}
+
+img {
+ height: auto !important;
+ border: 1px solid #C4C9CC;
+ margin-bottom: 20px !important;
+ border-radius: 8px;
+}
+
+footer {
+ text-align: center;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ font-weight: 400;
+ letter-spacing: -0.5px;
+ color: #636a6d;
+
+ & > a {
+ color: #fd8f01;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ letter-spacing: -0.5px;
+ font-weight: 400;
+ }
+
+ & > hr {
+ display: none;
+ }
+
+ & p {
+ margin-top: 105px;
+ text-align: center;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ font-weight: 400;
+ letter-spacing: -0.5px;
+ color: #636a6d;
+
+ &:has(a) > a,
+ &:has(a) > a:visited {
+ color: #636a6d;
+ }
+ }
+
+}
+
+.rst-versions {
+ position: static;
+ background: transparent;
+ width: 262px;
+ display: block;
+
+ &.shift-up {
+ background: #525659;
+ z-index: 100;
+ position: absolute;
+ left: 19px;
+ bottom: 30px;
+ border-radius: 6px;
+ overflow: hidden;
+ }
+
+ & .rst-current-version {
+ background-color: #525659;
+ color: #01D38E;
+ border-radius: 6px;
+ width: 264px;
+ font-family: 'Roboto', sans-serif;
+ letter-spacing: -0.5px;
+ }
+
+ & .rst-current-version span.fa-book {
+ color: #fff !important;
+ font-family: 'Roboto', sans-serif;
+ letter-spacing: -0.5px;
+ }
+}
+
+.rst-other-versions {
+ & dt {
+ color: #808080;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ letter-spacing: -0.5px;
+ }
+
+ & small {
+ font-family: 'Roboto', sans-serif;
+ color: #fff;
+
+ & a {
+ font-family: 'Roboto', sans-serif;
+ letter-spacing: -0.5px;
+ color: #fd8f01;
+ }
+ }
+
+}
+
+div#rtd-sidebar {
+ display: none;
+}
+
+.wy-nav-content-opened-sidebar {
+ padding: 25px 0 27px 40px;
+}
+
+.wy-nav-content-wrap-opened-sidebar {
+ max-width: calc(100% - 294px);
+ margin-left: 294px;
+}
+
+.wy-nav-content-closed-sidebar {
+ padding: 26px 0 !important;
+}
+
+.wy-nav-content-wrap-closed-sidebar {
+ max-width: 100% !important;
+ width: 100% !important;
+}
+
+html {
+ scroll-padding-top: 90px !important;
+}
+
+.overlayDiv {
+ position: absolute;
+ top: 0;
+ left: 0;
+ bottom: 0;
+ right: 0;
+ width: 100%;
+ height: 100%;
+ z-index: 111;
+ background-color: #121010;
+ opacity: 0.1;
+}
+
+.iframe-container {
+ position: relative;
+ width: 100%;
+ background-color: #f0f0f0;
+ z-index: 201;
+ overflow: hidden;
+
+ &::-webkit-scrollbar {
+ display: none;
+ }
+
+ & iframe {
+ width: 100%;
+ height: 100%;
+ border: none;
+ overflow: hidden;
+
+ &::-webkit-scrollbar {
+ display: none;
+ }
+ }
+
+}
+
+@media screen and (min-width: 320px) and (max-width: 575px) {
+ #vyos-user-guide .container > .row {
+ grid-gap: 0px 15px
+ }
+}
+
+@media screen and (max-width: 575px) {
+ .wy-nav-content-wrap,
+ .wy-nav-content-wrap.shift {
+ max-width: 100%;
+ width: 100%
+ }
+
+ .wy-nav-content-wrap.shift {
+ padding: 70px 15px 0;
+ overflow: auto;
+ }
+
+ .wy-nav-side {
+ display: none;
+ min-height: unset;
+ }
+
+ .wy-nav-side.shift {
+ display: inherit;
+ width: 100%;
+ max-width: 320px;
+ }
-tr td p {
- margin-bottom:0px
- }
+ #vyos-user-guide .container > .docutils > .p-2 {
+ max-width: 100%;
+ &:nth-child(2n) {
+ margin-left: 0;
+ }
-span.opcmd:before {
- content: "$";
- margin-right: 0px;
-}
+ & .card-body .card-text {
+ min-height: 80px;
+ }
+ }
-.cfgcmd-heading {
- display: inline-block;
- margin: 6px 0;
- font-size: 90%;
- line-height: normal;
- background: #f0d481;
- color: #2980B9;
- border-top: solid 3px #6ab0de;
- border-top-width: 3px;
- border-top-style: solid;
- border-top-color: #FF9302;
- padding: 6px;
-}
+ .wy-nav-content-wrap-opened-sidebar {
+ max-width: 100%;
+ margin-left: unset;
+ }
-.opcmd-heading {
- display: inline-block;
- margin: 6px 0;
- font-size: 90%;
- line-height: normal;
- background: #e7f2fa;
- color: #2980B9;
- border-top: solid 3px #6ab0de;
- border-top-width: 3px;
- border-top-style: solid;
- border-top-color: rgb(106, 176, 222);
- padding: 6px;
-}
+ dl.footnote > dt {
+ padding-left: 0 !important;
+ }
-.opcmd-body,
-.cfgcmd-body {
- margin: 6px 0;
- padding-left: 12px;
+ .wy-grid-for-nav {
+ padding: 80px 20px 0;
+ max-width: 738px;
+ }
+}
+
+@media screen and (min-width: 575px) and (max-width: 768px) {
+ .wy-nav-content-wrap,
+ .wy-nav-content-wrap.shift {
+ max-width: 100%;
+ width: 100%
+ }
+
+ .wy-nav-content-wrap.shift {
+ padding: 70px 15px 0;
+ overflow: auto;
+ width: calc(100% - 294px);
+
+ }
+
+ .wy-nav-side {
+ display: none;
+ min-height: unset;
+ }
+
+ .wy-nav-side.shift {
+ display: inherit;
+ width: 294px;
+ }
+}
+
+@media screen and (min-width: 575px) {
+ #vyos-user-guide div.sd-container-fluid > div.docutils {
+ grid-gap: 30px;
+ grid-template-columns: 1fr 1fr;
+ }
}
+@media screen and (max-width: 767px) {
+ .wy-nav-content-wrap,
+ .wy-nav-content-wrap.shift {
+ margin: 0 auto;
+ }
+ .wy-nav-top {
+ background-color: #fdab10;
+ }
-.cfgcmd-heading .cmdlink:after,
-.opcmd-heading .cmdlink:after{
- content: "";
- font-family: FontAwesome
-}
-
+ p.devwarning {
+ margin: 10px 10px 10px 10px;
+ }
-.cfgcmd-heading:not(:hover) .cmdlink,
-.opcmd-heading:not(:hover) .cmdlink {
- display: none;
-}
+ #vyos-user-guide .container {
+ max-width: none;
+ }
-.defaultvalue{
- font-size: 90%;
- color: gray;
- margin-bottom: 5px;
+ .wy-nav-content-wrap .wy-nav-content {
+ padding: 0 0 26px 0;
+ }
-}
+ .wy-grid-for-nav {
+ padding: 80px 15px 0;
+ max-width: 738px;
+ }
-a.cmdlink {
- font-size: 80%;
- margin-left: 6px;
+ .rst-content > div > hr {
+ display: none;
+ }
}
-a.cmdlink span{
- color: #2980B9;
-}
+@media screen and (min-width: 768px) {
+ .wy-nav-content-wrap {
+ width: calc(100% - 292px);
+ }
-a.cmdlink span:hover{
- color: #3091d1;
+ .rst-content > div > hr {
+ margin: 16px 0 26px 0;
+ }
}
-.wy-nav-content {
- max-width : none;
-}
+@media screen and (min-width: 768px) and (max-width: 991px) {
+ .wy-nav-content {
+ padding: 25px 0 27px 40px;
+ }
-.wy-tray-container li.wy-tray-item-info {
- background : #409ad5;
-}
+ .wy-nav-content-wrap {
+ max-width: calc(100% - 294px);
+ }
-.wy-table-responsive {
- overflow : visible !important;
+ .wy-grid-for-nav {
+ max-width: 738px;
+ padding: 70px 15px 0;
+ }
}
-.wy-table-responsive table td {
- white-space : normal !important;
-}
+@media screen and (min-width: 992px) and (max-width: 1266px) {
+ .wy-nav-content {
+ padding: 25px 0 27px 40px;
+ }
-.wy-menu-vertical header,
-.wy-menu-vertical p.caption {
- color : #ffcc00 !important;
-}
+ .wy-nav-content-wrap {
+ max-width: calc(100% - 294px);
+ }
-.wy-menu-vertical li.current a {
- color : #040077 !important;
+ .wy-grid-for-nav {
+ max-width: calc(100% - 130px);
+ }
}
-.wy-menu-vertical li ul li a {
- color : #ffffff !important;
-}
+@media screen and (min-width: 1266px) {
+ .wy-nav-content {
+ padding: 25px 0 27px 40px;
+ }
-.wy-menu-vertical a {
- color : #ffffff !important;
-}
+ .wy-nav-content-wrap {
+ max-width: calc(100% - 294px);
+ }
-.wy-menu-vertical a:active {
- background-color : #409ad5 !important;
+ .wy-grid-for-nav {
+ max-width: 1140px;
+ }
}
-.wy-side-nav-search {
- background-color : #ffffff !important;
-}
+@media screen and (min-width: 1500px) {
+ .wy-nav-content {
+ padding: 25px 0 27px 40px;
+ }
-.wy-side-nav-search img {
- background-color : #ffffff !important;
-}
+ .wy-nav-content-wrap {
+ max-width: calc(100% - 294px);
+ }
-.wy-side-nav-search > div.version {
- color : #000000 !important;
+ .wy-grid-for-nav {
+ max-width: 1340px;
+ }
}
-.wy-side-nav-search>a,
-.wy-side-nav-search .wy-dropdown>a {
- color:#000000;
- font-size:100%;
- font-weight:bold;
- display:inline-block;
- padding:4px 6px;
- margin-bottom:.809em
-}
+@media screen and (max-height: 500px) {
+ .rst-versions {
+ margin-top: 10px;
+ }
-.wy-nav-top {
- background-color : #ffffff;
+ .closeButtonDivLine {
+ bottom: 45px;
+ }
}
-.wy-nav-top img {
- background-color : #000000 !important;
-}
+@media screen and (min-height: 501px) and (max-height: 1000px) {
+ .rst-versions {
+ margin-top: 10px;
+ }
-.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-ok,
-.rst-content table.docutils td.coverage-ok {
- color: green;
- text-align: center;
+ .closeButtonDivLine {
+ bottom: 55px;
+ }
}
-.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-fail,
-.rst-content table.docutils td.coverage-fail {
- color: red;
- text-align: center;
+@media screen and (min-height: 1001px) and (max-height: 1300px) {
+ .rst-versions {
+ margin-top: 10px;
+ }
+ .closeButtonDivLine {
+ bottom: 60px;
+ }
}
+@media screen and (min-height: 1301px) and (max-height: 1600px) {
+ .rst-versions {
+ margin-top: 25px;
+ }
-p.devwarning {
- top: 10px;
- position: sticky;
- margin: 10px 10px 10px 310px;
- padding: 5px 10px;
- border-radius: 4px;
- letter-spacing: 1px;
- color: #000;
- text-align: center;
- background: #d40 repeating-linear-gradient( 135deg, transparent, transparent 56px, rgba(255, 255, 255, 0.2) 56px, rgba(255, 255, 255, 0.2) 112px );
- background-color: #fdab10;
+ .closeButtonDivLine {
+ bottom: 75px;
+ }
}
+@media screen and (min-height: 1601px) {
+ .rst-versions {
+ margin-top: 35px;
+ }
-@media screen and (max-width: 768px) {
- .wy-nav-top{
- background-color: #fdab10;
- }
-}
-
-@media screen and (max-width: 768px) {
- p.devwarning {
- margin: 10px 10px 10px 10px;
- }
+ .closeButtonDivLine {
+ bottom: 85px;
+ }
} \ No newline at end of file
diff --git a/docs/_static/css/headers.css b/docs/_static/css/headers.css
new file mode 100644
index 00000000..48b78a41
--- /dev/null
+++ b/docs/_static/css/headers.css
@@ -0,0 +1,134 @@
+h1,
+h2,
+h3,
+h4,
+h5 {
+ font-family: 'Archivo', sans-serif !important;
+ font-weight: 700 !important;
+ letter-spacing: -0.02em !important;
+ display: flex;
+ color: #121010;
+ margin-bottom: 15px !important;
+}
+
+h2,
+h3,
+h4,
+h5 {
+ margin-top: 15px !important;
+}
+
+h1:has(a) > a,
+h2:has(a) > a,
+h3:has(a) > a,
+h4:has(a) > a,
+h5:has(a) > a {
+ display: flex !important;
+ position: relative;
+ padding-left: 5px;
+}
+
+@media screen and (max-width: 767px) {
+ h1 {
+ font-size: 28px !important;
+ }
+
+ h2 {
+ font-size: 22px !important;
+ }
+
+ h3 {
+ font-size: 20px !important;
+ }
+
+ h4 {
+ font-size: 18px !important;
+ }
+
+ h5 {
+ font-size: 16px !important;
+ }
+}
+
+@media screen and (min-width: 768px) {
+ h1 {
+ font-size: 48px !important;
+ }
+
+ h2 {
+ font-size: 34px !important;
+ }
+
+ h3 {
+ font-size: 24px !important;
+ }
+
+ h4 {
+ font-size: 22px !important;
+ }
+
+ h5 {
+ font-size: 20px !important;
+ }
+}
+
+@media screen and (max-width: 991px) {
+ h1 {
+ margin-top: 15px;
+ }
+
+ a.headerlink {
+ opacity: 1 !important;
+ color: transparent;
+ }
+
+ h1:has(a):hover > a::after,
+ h2:has(a):hover > a::after,
+ h3:has(a):hover > a::after,
+ h4:has(a):hover > a::after,
+ h5:has(a):hover > a::after {
+ content: none !important;
+ display: none !important;
+ }
+
+ h1:has(a) > a::before,
+ h2:has(a) > a::before,
+ h3:has(a) > a::before,
+ h4:has(a) > a::before,
+ h5:has(a) > a::before {
+ content: url('../images/cmnd-link-icon.svg');
+ display: flex;
+ align-items: center;
+ justify-content: center;
+ position: absolute;
+ top: 25%;
+ height: 100%;
+ width: 20px;
+ z-index: 2;
+ background-color: transparent;
+ }
+}
+
+@media screen and (min-width: 992px) {
+ h1:has(a):hover > a::after,
+ h2:has(a):hover > a::after,
+ h3:has(a):hover > a::after,
+ h4:has(a):hover > a::after,
+ h5:has(a):hover > a::after {
+ content: url('../images/cmnd-link-icon.svg');
+ display: flex;
+ align-items: center;
+ justify-content: center;
+ position: absolute;
+ top: 0;
+ height: 100%;
+ width: 20px;
+ z-index: 2;
+ background-color: transparent;
+ }
+
+ a.headerlink {
+ color: transparent;
+ }
+}
+
diff --git a/docs/_static/css/hints.css b/docs/_static/css/hints.css
new file mode 100644
index 00000000..fd7553f5
--- /dev/null
+++ b/docs/_static/css/hints.css
@@ -0,0 +1,123 @@
+div {
+ &.note,
+ &.hint,
+ &.warning,
+ &.error,
+ &.seealso,
+ &.tip {
+ border-radius: 8px;
+
+ & > .admonition-title {
+ padding: 5px 8px;
+ border-radius: 6px;
+ font-family: 'Archivo', sans-serif !important;
+ font-size: 14px !important;
+ letter-spacing: -0.02em !important;
+ font-weight: 600 !important;
+ margin: -12px -16px 12px;
+ }
+
+ & > .admonition-title::before {
+ content: url('../images/note-icon.svg');
+ }
+
+ & > .highlight-none {
+ margin-top: 10px;
+ }
+
+ & > p:nth-child(1n+2) {
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ letter-spacing: -0.5px;
+ color: #525659;
+ font-weight: 400;
+ margin: 10px 0 0 0 !important;
+ }
+ }
+
+ &.note,
+ &.seealso {
+ background-color: #F5FCFF !important;
+ }
+
+ &.note:has(a.reference),
+ &.hint:has(a.reference),
+ &.warning:has(a.reference),
+ &.error:has(a.reference),
+ &.seealso:has(a.reference),
+ &.tip:has(a.reference) {
+ & a.reference,
+ & a.reference span {
+ color: #508EEB !important;
+ }
+ }
+
+ &.note,
+ &.seealso {
+ & > .admonition-title {
+ background-color: #CCEFFB !important;
+ color: #356E81 !important;
+ }
+ }
+
+ &.hint,
+ &.tip {
+ background-color: #F7FDFB !important;
+
+ & > .admonition-title {
+ background-color: #C6F0E3 !important;
+ color: #3F6461 !important;
+ }
+ }
+
+ &.warning,
+ &.error {
+ background-color: #FDF7F7 !important;
+
+ & > .admonition-title {
+ background-color: #F0C6C6 !important;
+ color: #8E2F2F !important;
+ }
+ }
+
+}
+
+#running-on-bare-metal div.note > p:nth-child(2) {
+ padding: 8px 12px 0 12px;
+}
+
+@media screen and (max-width: 575px) {
+ div.note,
+ div.hint,
+ div.warning,
+ div.error,
+ div.seealso,
+ div.tip {
+ padding: 24px 32px !important;
+ border-radius: 8px;
+ }
+}
+
+@media screen and (min-width: 576px) and (max-width: 991px) {
+ div.note,
+ div.hint,
+ div.warning,
+ div.error,
+ div.seealso,
+ div.tip {
+ padding: 24px 32px !important;
+ border-radius: 8px;
+ }
+}
+
+@media screen and (min-width: 992px) {
+ div.note,
+ div.hint,
+ div.warning,
+ div.error,
+ div.seealso,
+ div.tip {
+ padding: 24px 32px !important;
+ border-radius: 8px;
+ }
+}
diff --git a/docs/_static/css/installation/running-on-bare-metal.css b/docs/_static/css/installation/running-on-bare-metal.css
new file mode 100644
index 00000000..25ad7bbb
--- /dev/null
+++ b/docs/_static/css/installation/running-on-bare-metal.css
@@ -0,0 +1,11 @@
+.toctree-l1 {
+ background-color: transparent;
+}
+
+.current > .current > .internal {
+ background-color: #fff;
+ color: #FD8F01;
+ border: transparent;
+ padding: 11px 12px 11px 28px;
+ border: none !important;
+} \ No newline at end of file
diff --git a/docs/_static/css/leftSidebar.css b/docs/_static/css/leftSidebar.css
new file mode 100644
index 00000000..87112121
--- /dev/null
+++ b/docs/_static/css/leftSidebar.css
@@ -0,0 +1,371 @@
+nav.wy-nav-side {
+ padding-bottom: 1em !important;
+}
+
+.wy-nav-side {
+ padding: 20px 19px;
+ width: 294px;
+ height: calc(100vh - 50px);
+}
+
+.wy-form input {
+ height: 32px;
+}
+
+.wy-form input::placeholder {
+ font-family: 'Archivo', sans-serif;
+ font-weight: 400;
+ font-size: 14px;
+ letter-spacing: -0.02em;
+}
+
+.wy-side-nav-search {
+ width: 100%;
+ padding: 0;
+ margin-bottom: 0;
+
+ & > .icon-home,
+ & > .version {
+ display: none
+ }
+
+ & input {
+ border-color: #C4C9CC;
+
+ &::placeholder {
+ color: #8D9499;
+ }
+ }
+}
+
+.wy-nav-side,
+.wy-nav-side .wy-side-nav-search {
+ background-color: #F6F7F7
+}
+
+ul.current > li.toctree-l1[aria-expanded=false] > a.current {
+ padding-left: 25px;
+ color: #FD8F01;
+
+ & button.toctree-expand::before {
+ content: '+';
+ color: #FD8F01;
+ }
+}
+
+ul.current > li.toctree-l1[aria-expanded=false] > a.internal:has( + ul[aria-expanded=false]) {
+ padding-left: 25px;
+ color: #FD8F01;
+
+ & button.toctree-expand::before {
+ content: '+';
+ color: #FD8F01;
+ }
+}
+
+ul.current > li.toctree-l1.current > ul > li.toctree-l2[aria-expanded=false]:has(ul > li > a.current) > a.internal {
+ color: #FD8F01;
+ padding-top: 11px;
+ padding-bottom: 11px;
+ padding-right: 12px;
+}
+
+ul.current > li.toctree-l1.current >
+ ul > li.toctree-l2.current > ul > li.toctree-l3[aria-expanded=false]
+ > a.current {
+ color: #FD8F01;
+ padding-top: 11px;
+ padding-bottom: 11px;
+ padding-right: 12px;
+}
+
+ul.current > li.toctree-l1.current >
+ ul > li.toctree-l2.current > ul > li.toctree-l3[aria-expanded=false]:has(ul > li.toctree-l4 > a.current)
+ > a.internal {
+ color: #FD8F01;
+ padding-top: 11px;
+ padding-bottom: 11px;
+ padding-right: 12px;
+}
+
+.toctree-l2 > ul > li.toctree-l3.current {
+ padding-left: 0 !important;
+ background-color: #fff;
+}
+
+.wy-menu-vertical {
+ width: 100%;
+ max-width: 292px;
+
+ & a {
+ color: #121010;
+ font-family: 'Archivo', sans-serif;
+ font-weight: 500;
+ font-size: 14px;
+ letter-spacing: -0.02em;
+ padding: 11px 12px;
+ }
+
+ & p.caption {
+ color: #8D9499;
+ font-family: 'Archivo', sans-serif;
+ font-weight: 600;
+ font-size: 14px;
+ letter-spacing: -0.02em;
+ padding: 5px 12px;
+ margin-top: 6px;
+ margin-bottom: 4px;
+ text-transform: none;
+ }
+
+ & li.toctree-l1.current > a {
+ background-color: #fff;
+ color: #FD8F01;
+ border: transparent;
+ padding: 11px 12px;
+ }
+
+ & > ul.current > li.toctree-l1.current > a.internal:has(+ ul) {
+ padding-left: 25px !important;
+ }
+
+ & > ul.current > li.toctree-l1.current > a.current {
+ padding-left: 12px;
+ }
+
+ & li.toctree-l1.current .toctree-l2 > a {
+ background-color: #fff;
+ border: transparent;
+ }
+
+ & li.toctree-l1.current .toctree-l2 > a.internal {
+ padding-left: 35px !important;
+ }
+
+ & li.toctree-l1.current .toctree-l2.current > a.internal:first-of-type {
+ color: #fdab10;
+ }
+
+ & li.toctree-l1.current .toctree-l2 > a:hover {
+ background-color: #E1E4E5;
+ }
+
+ & li.toctree-l1.current .toctree-l2 > a.current {
+ color: #fdab10;
+ padding: 11px 12px 11px 35px;
+ }
+
+ & li.toctree-l1.current .toctree-l2 > a:hover {
+ background-color: #E1E4E5;
+ }
+
+ & li.toctree-l2.current > a,
+ & li.toctree-l2.current li.toctree-l3 > a {
+ background: #fff;
+ border: none;
+ padding-left: 50px;
+ }
+
+ & li.toctree-l2.current li.toctree-l3 > a.current,
+ & li.toctree-l2.current li.toctree-l3.current > a.internal {
+ padding-left: 50px !important;
+ color: #fdab10;
+ }
+
+ & li.toctree-l3.current li.toctree-l4 > a {
+ background: #fff;
+ padding-left: 65px !important;
+ border-right: none;
+ }
+
+ & li.toctree-l3.current li.toctree-l4 > a.current {
+ color: #fdab10;
+ }
+}
+
+.wy-menu-vertical a:hover,
+.wy-menu-vertical > ul.current > li.toctree-l1.current > a:hover,
+.wy-menu-vertical li.toctree-l1.current .toctree-l2 > a:hover,
+.wy-menu-vertical li.toctree-l2.current li.toctree-l3 > a:hover,
+.wy-menu-vertical li.toctree-l3.current li.toctree-l4 > a:hover {
+ background-color: #E1E4E5;
+}
+
+.wy-menu-vertical ul li .current > a {
+ padding: 11px 12px !important;
+}
+
+.wy-menu-vertical > ul.current[aria-expanded=true] > li.toctree-l1:has(a[aria-expanded=false]) > a {
+ padding-left: 25px;
+}
+
+.wy-menu-vertical > ul.current[aria-expanded=true] > li.toctree-l1:not(:has( ~ li:only-child a)) > a:has(.toctree-expand) {
+ padding-left: 25px;
+}
+
+.wy-side-scroll {
+ /* that makes scroll possible to the end of div */
+ height: 94%;
+}
+
+.wy-nav-top {
+ display: none;
+}
+
+.openLeftSidebarMenuButton {
+ width: 24px;
+ height: 24px;
+ cursor: pointer;
+ transition: transform 250ms linear;
+}
+
+.openLeftSidebarMenuButton:hover,
+.closeLeftSidebarMenuButton:hover {
+ transform: scale(1.05);
+}
+
+div.wy-nav-content > div.rst-content > div:has(div.openLeftSidebarMenuButton) {
+ display: flex;
+}
+
+div.wy-nav-content
+ > div.rst-content
+ > div:has(div.openLeftSidebarMenuButton)
+ > .wy-breadcrumbs {
+ margin-left: 20px;
+ width: 100%;
+}
+
+.closeButtonDivLine {
+ width: 100%;
+ display: flex;
+ position: sticky;
+ height: 30px;
+ justify-content: flex-end;
+}
+
+.closeLeftSidebarMenuButton {
+ width: 83px;
+ height: 32px;
+ margin-right: -6px;
+ display: flex;
+ justify-content: center;
+ align-items: center;
+ background-color: #FFBF12;
+ border-radius: 4px;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ letter-spacing: -0.5px;
+ font-weight: 400;
+ color: #FFF;
+ cursor: pointer;
+ align-self: flex-end;
+ transition: transform 250ms linear;
+
+ &::before {
+ content: url('../images/close-sidebar-icon.svg');
+ height: 100%;
+ display: flex;
+ align-items: center;
+ width: 14px;
+ margin-right: 10px;
+ margin-top: 3px;
+ }
+}
+
+.additionalStylesForShift {
+ display: block !important;
+ padding-bottom: 10px !important;
+}
+
+.overlay {
+ background-color: #E7E7E7;
+}
+
+.wy-body-for-nav:has(.overlay) {
+ background-color: rgb(209,209,209);
+}
+
+.display_none {
+ display: none !important;
+}
+
+@media screen and (max-width: 575px) {
+ .wy-menu-vertical {
+ padding: 10px 0 0 0;
+ }
+}
+
+@media screen and (min-width: 576px) {
+ .wy-side-nav-search {
+ max-width: 256px;
+ }
+
+ .wy-menu-vertical {
+ padding: 10px 35px 0 0;
+ }
+}
+
+@media screen and (max-width: 767px) {
+ .wy-nav-side {
+ border-radius: 0;
+ position: fixed;
+ top: 60px;
+ }
+
+ .wy-side-scroll::-webkit-scrollbar {
+ display: none
+ }
+}
+
+@media screen and (min-width: 768px) {
+ .wy-nav-side {
+ border-radius: 16px;
+ position: fixed;
+ left: unset;
+ top: 70px;
+ min-height: unset;
+ }
+}
+
+@media screen and (max-width: 1200px) {
+ .wy-nav-side {
+ height: calc(100vh - 60px);
+ }
+}
+
+@media screen and (min-width: 1200px) {
+ .wy-nav-side {
+ height: calc(100vh - 73px);
+ }
+}
+
+@media screen and (max-height: 300px) {
+ .wy-side-scroll {
+ height: 78%;
+ }
+}
+
+@media screen and (min-height: 301px) and (max-height: 400px) {
+ .wy-side-scroll {
+ height: 82%;
+ }
+}
+
+@media screen and (min-height: 401px) and (max-height: 500px) {
+ .wy-side-scroll {
+ height: 88%;
+ }
+}
+
+@media screen and (min-height: 501px) and (max-height: 700px) {
+ .wy-side-scroll {
+ height: 90%;
+ }
+}
+
+@media screen and (min-height: 701px) {
+ .wy-side-scroll {
+ height: 94%;
+ }
+} \ No newline at end of file
diff --git a/docs/_static/css/linkButtons.css b/docs/_static/css/linkButtons.css
new file mode 100644
index 00000000..11a48e64
--- /dev/null
+++ b/docs/_static/css/linkButtons.css
@@ -0,0 +1,57 @@
+.rst-footer-buttons {
+ .fa-arrow-circle-left {
+ padding-left: 25px;
+ }
+
+ .fa-arrow-circle-left::before {
+ content: url('../images/arrow-left.svg');
+ position: absolute;
+ top: 10px;
+ left: 15px;
+ }
+
+ & > .btn-neutral {
+ background: #fff !important;
+ min-width: 90px;
+ height: 40px;
+ border: 2px solid #FD8F01;
+ color: #121010 !important;
+ font-family: 'Archivo', sans-serif;
+ font-size: 16px;
+ font-weight: 600;
+ letter-spacing: -0.02em;
+ position: relative;
+ text-align: left;
+ box-shadow: none;
+ transition: transform 250ms linear;
+ display: flex;
+ align-items: center;
+ padding-top: 0;
+ padding-bottom: 0;
+ border-radius: 4px;
+
+ &:hover,
+ &:active {
+ transform: scale(1.05);
+ /* padding-left: 16px; */
+ }
+
+ &:focus {
+ outline: none;
+ }
+
+ .fa-arrow-circle-right::before {
+ content: url('../images/arrow-right.svg');
+ position: absolute;
+ top: 10px;
+ right: 15px;
+ }
+ }
+}
+
+p > a.reference.external,
+p > a,
+#partaker-i5 > p > a.external {
+ color: #FD8F01;
+ word-break: break-word;
+}
diff --git a/docs/_static/css/lists.css b/docs/_static/css/lists.css
new file mode 100644
index 00000000..140663c9
--- /dev/null
+++ b/docs/_static/css/lists.css
@@ -0,0 +1,56 @@
+.simple > li,
+.compound > ul > li,
+.simple > li > ul > li,
+#installation-and-image-management > div > ul > li.toctree-l1 > ul > li.toctree-l2,
+#running-vyos-in-virtual-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2,
+#running-vyos-in-virtual-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3,
+#running-vyos-in-cloud-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2,
+#running-vyos-in-cloud-environments > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3,
+#configuration-blueprints > div > ul > li.toctree-l1 > ul > li.toctree-l2,
+#configuration-blueprints > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3,
+#contributing > div > ul > li.toctree-l1 > ul > li.toctree-l2,
+#contributing > div > ul > li.toctree-l1 > ul > li.toctree-l2 > ul > li.toctree-l3 {
+ list-style: none !important;
+ position: relative;
+
+ &::before {
+ content: '';
+ position: absolute;
+ top: 8px;
+ left: -15px;
+ width: 6px;
+ height: 6px;
+ background-color: #000;
+ border-radius: 50%;
+ }
+}
+
+.simple > li a,
+.compound > ul > li a,
+.simple > li > ul > li a {
+ color: #FD8F01;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ font-weight: 400;
+ letter-spacing: -0.5px;
+ height: 26px;
+}
+
+.simple > li > ul > li p {
+ color: #525659;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ font-weight: 400;
+ letter-spacing: -0.5px;
+ height: 26px;
+}
+
+#site-to-site ul,
+#troubleshooting ol,
+#troubleshooting ul {
+ margin-bottom: 0 !important;
+}
+
+.rst-content:has(#troubleshooting) .rst-footer-buttons {
+ margin-top: 20px !important;
+} \ No newline at end of file
diff --git a/docs/_static/css/scrolls.css b/docs/_static/css/scrolls.css
new file mode 100644
index 00000000..26cfe413
--- /dev/null
+++ b/docs/_static/css/scrolls.css
@@ -0,0 +1,20 @@
+.wy-table-responsive {
+ scrollbar-color: #99A0A5 transparent;
+ scroll-behavior: smooth;
+
+ &::-webkit-scrollbar {
+ height: 5px;
+ }
+
+ &::-webkit-scrollbar-track {
+ background-color: transparent;
+ border-radius: 8px;
+ margin: 0 10px;
+ }
+
+ &::-webkit-scrollbar-thumb {
+ background-color: #99A0A5;
+ border-radius: 8px;
+ margin: 0 10px;
+ }
+}
diff --git a/docs/_static/css/separate-commands.css b/docs/_static/css/separate-commands.css
new file mode 100644
index 00000000..5547c4ad
--- /dev/null
+++ b/docs/_static/css/separate-commands.css
@@ -0,0 +1,116 @@
+.rst-content code.literal {
+ border: unset;
+ background-color: unset;
+ border: 1px solid rgba(253, 143, 1, 0.2);
+ background-color: #FFF4E6;
+ font-family: 'Archivo', sans-serif !important;
+ font-size: 14px !important;
+ font-weight: 500 !important;
+ color: #121010 !important;
+ border-radius: 4px;
+ padding: 3px 6px;
+ word-break: break-all;
+
+ & > span.pre:nth-child(n+ 2) {
+ padding-left: 5px;
+ }
+}
+
+div.opcmd-heading,
+div.cfgcmd-heading,
+table .opcmd,
+table .cfgcmd {
+ padding: 0;
+ display: flex;
+ background-color: unset;
+ border: none;
+ border-radius: 8px 0 0 8px;
+}
+
+div.opcmd-heading,
+div.cfgcmd-heading {
+ margin-bottom: 15px;
+}
+
+div.opcmd-heading,
+table .opcmd {
+ border-left: 5px solid #B8E9F9;
+}
+
+div.cfgcmd-heading,
+table .cfgcmd {
+ border-left: 5px solid #FD8F01;
+}
+
+span {
+ &.opcmd,
+ &.cfgcmd {
+ display: flex;
+ padding: 4px 8px 8px 30px;
+ align-items: center;
+ color: #121010 !important;
+ font-family: 'Roboto Mono', monospace !important;
+ letter-spacing: -0.04em !important;
+ font-weight: 500 !important;
+ position: relative;
+ word-break: break-all;
+
+ &::before {
+ content: url('../images/cmnd-link-dollar-icon.svg');
+ display: flex;
+ padding-right: 8px;
+ align-items: center;
+ position: absolute;
+ top: 6px;
+ left: 8px;
+ }
+ }
+
+ &.opcmd {
+ background-color: #EBF9FF;
+ }
+
+ &.cfgcmd {
+ background-color: #FFF4E6;
+ }
+}
+
+span.opcmd,
+span.cfgcmd {
+ font-size: 16px !important;
+}
+
+table span.opcmd,
+table span.cfgcmd {
+ font-size: 13px !important;
+}
+
+.opcmd-heading > a.cmdlink,
+.cfgcmd-heading > a.cmdlink {
+ display: flex;
+
+ &::after {
+ display: flex;
+ align-items: center;
+ content: '';
+ height: 100%;
+ align-items: center;
+ padding-right: 12px;
+ padding-top: 3px;
+ border-radius: 0 8px 8px 0;
+ }
+}
+
+.opcmd-heading:hover a.cmdlink:after,
+.cfgcmd-heading:hover a.cmdlink:after {
+ content: url('../images/cmnd-link-icon.svg');
+ padding-right: 10px;
+}
+
+.opcmd-heading a.cmdlink:after {
+ background-color: #EBF9FF;
+}
+
+.cfgcmd-heading a.cmdlink:after {
+ background-color: #FFF4E6;
+} \ No newline at end of file
diff --git a/docs/_static/css/tables.css b/docs/_static/css/tables.css
new file mode 100644
index 00000000..7a106d56
--- /dev/null
+++ b/docs/_static/css/tables.css
@@ -0,0 +1,231 @@
+.wy-table-responsive {
+ overflow : auto !important ;
+ width: 100%;
+
+ & table {
+ border: none !important;
+
+
+ & td {
+ white-space : normal !important;
+ }
+
+ & > caption:hover a {
+ position: relative;
+
+ &::after {
+ content: url('../images/cmnd-link-icon.svg');
+ position: absolute;
+ top: 0;
+ right: -3px;
+ z-index: 2;
+ background-color: #fff;
+ width: 20px;
+ height: 100%;
+ }
+ }
+ }
+}
+
+#coverage table.docutils td.coverage-ok p {
+ color: green;
+ text-align: center;
+}
+
+#coverage table.docutils:not(.field-list) tr:nth-child(2n-1) td.coverage-fail p,
+#coverage table.docutils td.coverage-fail p {
+ color: red;
+ text-align: center;
+}
+
+#coverage a.paginate_button.current,
+#coverage a.paginate_button.next,
+#coverage a.paginate_button.previous {
+ color: #FD8F01 !important;
+ background-color: none;
+ background: none;
+}
+
+#coverage a.paginate_button {
+ margin-left: 0;
+ border: unset;
+ border-radius: 8px;
+ transition: background-color 250ms linear, color 250ms linear;
+}
+
+#coverage a.paginate_button:hover,
+#coverage a.paginate_button.current:hover,
+#coverage a.paginate_button.next:hover,
+#coverage a.paginate_button.previous:hover {
+ background-color: #E1E4E5 !important;
+ background: none;
+ border: unset;
+ color: #121010 !important;
+}
+
+.selectDiv {
+ width: 20px;
+ height: 20px;
+ position: absolute;
+ top: 10px;
+ right: 10px;
+ z-index: 11111;
+ background-color: red;
+}
+
+#table-cfgcmd_wrapper,
+#table-opcmd_wrapper {
+ & label {
+ color: #121010 !important;
+ font-family: 'Archivo', sans-serif;
+ font-size: 14px;
+ font-weight: 600;
+ letter-spacing: -0.02em;
+ }
+
+ & option {
+ color: #8D9499 !important;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ font-weight: 500;
+ letter-spacing: -0.02em;
+ }
+
+ & select {
+ height: 40px;
+ width: 80px;
+ padding: 10px 14px;
+ margin: 0 10px;
+ border-radius: 4px;
+ border: 1px solid #C6C9CC !important;
+ color: #8D9499;
+ font-size: 16px;
+ position: relative;
+ -webkit-appearance: none;
+ -moz-appearance: none;
+ appearance: none;
+ background-image: url("../images/select-arrow.svg");
+ background-repeat: no-repeat;
+ background-position: right 18px top 50%;
+ }
+
+ & input {
+ margin-left: 16px;
+ height: 40px;
+ padding: 10px 14px;
+ width: 245px;
+ border: 1px solid #C6C9CC !important;
+ color: #8D9499;
+ font-size: 16px;
+ }
+
+ & .wy-table-responsive {
+ padding-top: 24px;
+ }
+}
+
+@media screen and (max-width: 575px) {
+ #table-cfgcmd_wrapper,
+ #table-opcmd_wrapper {
+ & label {
+ & input {
+ margin-top: 10px
+ }
+ }
+ }
+}
+
+thead tr th {
+ padding: 10px 16px !important;
+ border-top: none !important;
+ border-left: none !important;
+ border-right: none !important;
+ max-height: 40px;
+
+ & p {
+ color: #121010 !important;
+ font-family: 'Archivo', sans-serif;
+ font-size: 14px !important;
+ font-weight: 600;
+ letter-spacing: -0.02em;
+ margin-right: 3px;
+ }
+}
+
+.rst-content table.docutils td,
+.wy-table-bordered-all td {
+ border-left: none !important;
+}
+
+.rst-content table.docutils th:nth-child(2n),
+.rst-content table.field-list th:nth-child(2n),
+.wy-table td, .wy-table th:nth-child(2n) {
+ border-radius: 8px 8px 0 0 ;
+}
+
+.wy-grid-for-nav:has(nav.display_none) .rst-content table.docutils td:nth-child(2n),
+.wy-grid-for-nav:has(nav.display_none) .rst-content table.docutils th:nth-child(2n),
+.wy-grid-for-nav:has(nav.display_none) .rst-content table.field-list td:nth-child(2n),
+.wy-grid-for-nav:has(nav.display_none) .rst-content table.field-list th:nth-child(2n),
+.wy-grid-for-nav:has(nav.display_none) .wy-table td,
+.wy-grid-for-nav:has(nav.display_none) .wy-table th:nth-child(2n) {
+ background-color: #FAFAFA !important;
+}
+
+.wy-grid-for-nav:has(nav.shift) .wy-nav-content-wrap-closed-sidebar .rst-content table th,
+.wy-grid-for-nav:has(nav.shift) .wy-nav-content-wrap-closed-sidebar .rst-content table td {
+ background-color: #E7E7E7 !important;
+}
+
+.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,
+.wy-table-backed,
+.wy-table-odd td,
+.wy-table-striped tr:nth-child(2n-1) td {
+ background-color: unset;
+}
+
+tbody tr td {
+ & p {
+ color: #525659 !important;
+ font-family: 'Roboto', sans-serif;
+ font-size: 14px !important;
+ font-weight: 400;
+ letter-spacing: -0.02em;
+ }
+
+ &.coverage-ok {
+ & p {
+ color: transparent !important;
+ width: 100%;
+ height: 100%;
+ margin: 0;
+ position: relative;
+
+ &::before {
+ content: url('../images/check.svg');
+ display: flex;
+ justify-content: center;
+ align-items: center;
+ width: 100%;
+ height: 100%;
+ position: absolute;
+ top: 0;
+ }
+ }
+ }
+}
+
+.dataTables_info {
+ color: #121010 !important;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px !important;
+ font-weight: 400;
+ letter-spacing: -0.5px;
+}
+
+.paginate_button {
+ font-family: 'Archivo', sans-serif;
+ font-size: 16px !important;
+ font-weight: 600;
+ letter-spacing: -0.5px;
+} \ No newline at end of file
diff --git a/docs/_static/css/text.css b/docs/_static/css/text.css
new file mode 100644
index 00000000..f1179534
--- /dev/null
+++ b/docs/_static/css/text.css
@@ -0,0 +1,120 @@
+.docutils .card-header p {
+ font-family: 'Archivo', sans-serif;
+ font-weight: 600;
+ font-size: 18px;
+ letter-spacing: -0.05em;
+ padding-bottom: 18px;
+ color: #121010;
+}
+
+p,
+blockquote > div > dl,
+blockquote > div > dd,
+#container dl,
+#firewall dl,
+#high-availability dl,
+#development td,
+#development th,
+caption.caption-text,
+.simple > dt,
+div.line-block,
+.paginate_button,
+.dataTables_info,
+#operational-commands label,
+.card-body .card-text,
+#search-results a {
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ letter-spacing: -0.5px;
+ font-weight: 400;
+ color: #525659;
+ line-height: 1.6;
+}
+
+p > strong {
+ color: #121010;
+}
+
+.card-body .card-text {
+ padding-bottom: 22px;
+ display: block;
+}
+
+.simple > dt {
+ font-weight: 600;
+}
+
+#dual-hub-dmvpn-with-vyos td > p,
+#route-based-redundant-site-to-site-vpn-to-azure-bgp-over-ikev2-ipsec td > p,
+#route-based-site-to-site-vpn-to-azure-bgp-over-ikev2-ipsec td > p,
+#development td p,
+#development th p {
+ font-size: 14px !important;
+}
+
+#development #writing-good-commit-messages > ul.simple > li > ul {
+
+ & > li:nth-child(2) {
+ padding-bottom: 23px;
+ }
+
+ & > li:nth-child(2) {
+ padding-bottom: 53px;
+ }
+}
+
+#installation-and-image-management > div > p > span {
+ font-family: 'Archivo', sans-serif;
+ font-weight: 700;
+ letter-spacing: -0.02em;
+ font-size: 24px;
+ color: #121010;
+}
+
+.caption-text {
+ text-align: left;
+ font-family: 'Roboto', sans-serif;
+}
+
+p .caption-text {
+ color: #8D9499;
+ font-family: 'Roboto', sans-serif;
+}
+
+aside.footnote .label {
+ & > a[role=doc-backlink] {
+ color: #fd8f01;
+ font-family: 'Roboto', sans-serif;
+ font-size: 16px;
+ }
+}
+
+aside.footnote > p {
+ padding-bottom: 15px !important;
+}
+
+#about a .external,
+#a-note-on-copyright > dl.brackets > dt,
+#a-note-on-copyright > dl.brackets > dt > .brackets > a,
+a.footnote-reference.brackets,
+#search-results a {
+ color: #FD8F01;
+}
+
+#history p {
+ padding-bottom: 22px;
+ margin-bottom: 0;
+ font-size: 16px;
+}
+
+#a-note-on-copyright > dl p {
+ padding-bottom: 12px;
+}
+
+#search-results a {
+ font-size: 19px;
+}
+
+#specify-custom-config-file {
+ padding-top: 15px;
+} \ No newline at end of file
diff --git a/docs/_static/images/IPSec_close_action_settings.jpg b/docs/_static/images/IPSec_close_action_settings.jpg
index a4e258cc..6996f857 100644
--- a/docs/_static/images/IPSec_close_action_settings.jpg
+++ b/docs/_static/images/IPSec_close_action_settings.jpg
Binary files differ
diff --git a/docs/_static/images/VyOS_Dual-Hub_DMVPN.png b/docs/_static/images/VyOS_Dual-Hub_DMVPN.png
new file mode 100644
index 00000000..9c25a308
--- /dev/null
+++ b/docs/_static/images/VyOS_Dual-Hub_DMVPN.png
Binary files differ
diff --git a/docs/_static/images/arrow-left.svg b/docs/_static/images/arrow-left.svg
new file mode 100644
index 00000000..16d6750b
--- /dev/null
+++ b/docs/_static/images/arrow-left.svg
@@ -0,0 +1,3 @@
+<svg width="15" height="16" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M18 10.5L5.32396 10.5L10.1836 16.0076L7.93407 17.9924L-0.000432575 9L7.93406 0.0075688L10.1836 1.99243L5.32396 7.5L18 7.5L18 10.5Z" fill="#FFAE12"/>
+</svg>
diff --git a/docs/_static/images/arrow-right.svg b/docs/_static/images/arrow-right.svg
new file mode 100644
index 00000000..15ab0eb4
--- /dev/null
+++ b/docs/_static/images/arrow-right.svg
@@ -0,0 +1,3 @@
+<svg width="15" height="16" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M-4.58639e-07 10.5L12.676 10.5L7.81642 16.0076L10.0659 17.9924L18.0004 9L10.0659 0.0075688L7.81642 1.99243L12.676 7.5L-3.27505e-07 7.5L-4.58639e-07 10.5Z" fill="#FFAE12"/>
+</svg>
diff --git a/docs/_static/images/breadcrumbs-icon.svg b/docs/_static/images/breadcrumbs-icon.svg
new file mode 100644
index 00000000..6420468b
--- /dev/null
+++ b/docs/_static/images/breadcrumbs-icon.svg
@@ -0,0 +1,3 @@
+<svg width="7" height="10" viewBox="0 0 7 10" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M1 1L5 5L1 9" stroke="#8D9499" stroke-width="2"/>
+</svg>
diff --git a/docs/_static/images/check.svg b/docs/_static/images/check.svg
new file mode 100644
index 00000000..fcec28a1
--- /dev/null
+++ b/docs/_static/images/check.svg
@@ -0,0 +1,3 @@
+<svg width="20" height="15" viewBox="0 0 20 15" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M2 6L8 12L18 2" stroke="#FFAE12" stroke-width="3"/>
+</svg>
diff --git a/docs/_static/images/close-sidebar-icon.svg b/docs/_static/images/close-sidebar-icon.svg
new file mode 100644
index 00000000..e630ce27
--- /dev/null
+++ b/docs/_static/images/close-sidebar-icon.svg
@@ -0,0 +1,3 @@
+<svg width="15" height="16" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M18 10.5L5.32396 10.5L10.1836 16.0076L7.93407 17.9924L-0.000432575 9L7.93406 0.0075688L10.1836 1.99243L5.32396 7.5L18 7.5L18 10.5Z" fill="#FFF"/>
+</svg> \ No newline at end of file
diff --git a/docs/_static/images/cmnd-link-dollar-icon.svg b/docs/_static/images/cmnd-link-dollar-icon.svg
new file mode 100644
index 00000000..b0e4a74b
--- /dev/null
+++ b/docs/_static/images/cmnd-link-dollar-icon.svg
@@ -0,0 +1,3 @@
+<svg width="14" height="14" viewBox="0 0 7 12" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M3.36 2.992V0.877999H4.06V2.992H3.36ZM3.36 11.686V9.46H4.06V11.686H3.36ZM3.654 10.048C3.14067 10.048 2.688 9.99667 2.296 9.894C1.904 9.782 1.57733 9.628 1.316 9.432C1.05467 9.22667 0.854 8.98867 0.714 8.718C0.583333 8.438 0.518 8.13 0.518 7.794C0.518 7.74733 0.518 7.70533 0.518 7.668C0.527333 7.63067 0.532 7.598 0.532 7.57H1.974C1.974 7.598 1.974 7.626 1.974 7.654C1.974 7.67267 1.974 7.696 1.974 7.724C1.974 8.01333 2.05333 8.24667 2.212 8.424C2.37067 8.592 2.58067 8.71333 2.842 8.788C3.11267 8.85333 3.40667 8.886 3.724 8.886C4.004 8.886 4.26067 8.85333 4.494 8.788C4.73667 8.72267 4.93267 8.62 5.082 8.48C5.24067 8.33067 5.32 8.14867 5.32 7.934C5.32 7.654 5.222 7.43933 5.026 7.29C4.83 7.14067 4.57333 7.024 4.256 6.94C3.93867 6.84667 3.60733 6.75333 3.262 6.66C2.954 6.576 2.646 6.48267 2.338 6.38C2.03933 6.27733 1.76867 6.15133 1.526 6.002C1.28333 5.84333 1.08733 5.64267 0.938 5.4C0.788667 5.148 0.714 4.84 0.714 4.476C0.714 4.13067 0.788667 3.82733 0.938 3.566C1.08733 3.30467 1.29267 3.08533 1.554 2.908C1.82467 2.73067 2.142 2.59533 2.506 2.502C2.87933 2.40867 3.28533 2.362 3.724 2.362C4.18133 2.362 4.58733 2.41333 4.942 2.516C5.29667 2.60933 5.59533 2.74933 5.838 2.936C6.09 3.11333 6.28133 3.32333 6.412 3.566C6.54267 3.80867 6.608 4.07 6.608 4.35C6.608 4.41533 6.60333 4.476 6.594 4.532C6.594 4.588 6.594 4.62533 6.594 4.644H5.166V4.518C5.166 4.33133 5.11467 4.16333 5.012 4.014C4.90933 3.86467 4.746 3.74333 4.522 3.65C4.30733 3.55667 4.018 3.51 3.654 3.51C3.41133 3.51 3.19667 3.53333 3.01 3.58C2.82333 3.61733 2.66933 3.678 2.548 3.762C2.42667 3.83667 2.33333 3.92533 2.268 4.028C2.212 4.12133 2.184 4.23333 2.184 4.364C2.184 4.57867 2.25867 4.74667 2.408 4.868C2.56667 4.98 2.772 5.078 3.024 5.162C3.276 5.23667 3.54667 5.32067 3.836 5.414C4.172 5.50733 4.51267 5.60533 4.858 5.708C5.20333 5.80133 5.52067 5.92267 5.81 6.072C6.10867 6.22133 6.34667 6.43133 6.524 6.702C6.71067 6.96333 6.804 7.30867 6.804 7.738C6.804 8.14867 6.72467 8.50333 6.566 8.802C6.40733 9.09133 6.18333 9.32933 5.894 9.516C5.614 9.70267 5.28267 9.838 4.9 9.922C4.51733 10.006 4.102 10.048 3.654 10.048Z" fill="#121010"/>
+</svg>
diff --git a/docs/_static/images/cmnd-link-icon.svg b/docs/_static/images/cmnd-link-icon.svg
new file mode 100644
index 00000000..4602fadf
--- /dev/null
+++ b/docs/_static/images/cmnd-link-icon.svg
@@ -0,0 +1,3 @@
+<svg width="14" height="14" viewBox="0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M11.2426 9.12076L10.1821 8.06026L11.2426 6.99976C11.5212 6.72118 11.7421 6.39045 11.8929 6.02646C12.0437 5.66248 12.1213 5.27236 12.1213 4.87838C12.1213 4.48441 12.0437 4.09429 11.8929 3.7303C11.7421 3.36632 11.5212 3.03559 11.2426 2.75701C10.964 2.47843 10.6333 2.25744 10.2693 2.10667C9.9053 1.95591 9.51518 1.87831 9.1212 1.87831C8.72723 1.87831 8.33711 1.95591 7.97312 2.10667C7.60914 2.25744 7.27841 2.47843 6.99983 2.75701L5.93933 3.81751L4.87883 2.75701L5.93933 1.69651C6.78556 0.863948 7.9265 0.3995 9.11361 0.404334C10.3007 0.409168 11.4378 0.882891 12.2773 1.72232C13.1167 2.56174 13.5904 3.69886 13.5953 4.88597C13.6001 6.07309 13.1356 7.21403 12.3031 8.06026L11.2426 9.12076ZM9.12083 11.2425L8.06033 12.303C7.64372 12.7265 7.14739 13.0632 6.59998 13.2939C6.05256 13.5246 5.46489 13.6446 4.87086 13.647C4.27684 13.6494 3.68821 13.5342 3.13893 13.308C2.58966 13.0818 2.0906 12.7491 1.67056 12.329C1.25051 11.909 0.917792 11.4099 0.691584 10.8607C0.465375 10.3114 0.350158 9.72275 0.352576 9.12872C0.354995 8.5347 0.475003 7.94703 0.705677 7.39961C0.936351 6.85219 1.27313 6.35587 1.69658 5.93926L2.75708 4.87876L3.81758 5.93926L2.75708 6.99976C2.47849 7.27834 2.25751 7.60907 2.10674 7.97305C1.95597 8.33704 1.87837 8.72716 1.87837 9.12113C1.87837 9.51511 1.95597 9.90523 2.10674 10.2692C2.25751 10.6332 2.47849 10.9639 2.75708 11.2425C3.03566 11.5211 3.36639 11.7421 3.73037 11.8928C4.09436 12.0436 4.48448 12.1212 4.87845 12.1212C5.27243 12.1212 5.66255 12.0436 6.02653 11.8928C6.39052 11.7421 6.72124 11.5211 6.99983 11.2425L8.06033 10.182L9.12083 11.2425ZM9.12083 3.81751L10.1821 4.87876L4.87883 10.1813L3.81758 9.12076L9.12083 3.81751Z" fill="#8D9499"/>
+</svg>
diff --git a/docs/_static/images/copy-code-icon.svg b/docs/_static/images/copy-code-icon.svg
new file mode 100644
index 00000000..3417dfe5
--- /dev/null
+++ b/docs/_static/images/copy-code-icon.svg
@@ -0,0 +1,4 @@
+<svg width="13" height="12" viewBox="0 0 13 12" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="4.95605" y="4.5" width="7" height="7" rx="1.5" stroke="#FD8F01"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M0.456055 2C0.456055 0.895431 1.35149 0 2.45605 0H6.45605C7.56062 0 8.45605 0.895431 8.45605 2V3H7.45605V2C7.45605 1.44772 7.00834 1 6.45605 1H2.45605C1.90377 1 1.45605 1.44772 1.45605 2V6C1.45605 6.55228 1.90377 7 2.45605 7H3.45605V8H2.45605C1.35149 8 0.456055 7.10457 0.456055 6V2Z" fill="#FD8F01"/>
+</svg>
diff --git a/docs/_static/images/github.svg b/docs/_static/images/github.svg
new file mode 100644
index 00000000..cb3d30ef
--- /dev/null
+++ b/docs/_static/images/github.svg
@@ -0,0 +1,10 @@
+<svg width="15" height="14" viewBox="0 0 15 14" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_17762_41)">
+<path d="M3.93172 10.8809C3.75672 10.7642 3.60622 10.6155 3.43005 10.4049C3.33861 10.293 3.248 10.1804 3.15822 10.0672C2.88813 9.73174 2.7178 9.57716 2.54163 9.51358C2.39598 9.46128 2.27706 9.35327 2.21103 9.2133C2.14501 9.07333 2.1373 8.91286 2.18959 8.7672C2.24188 8.62154 2.3499 8.50262 2.48987 8.4366C2.62984 8.37058 2.79031 8.36287 2.93597 8.41516C3.37463 8.57266 3.67155 8.84391 4.07172 9.34149C4.01688 9.27324 4.27005 9.59058 4.3243 9.65591C4.43513 9.78833 4.5168 9.86883 4.58097 9.91141C4.69997 9.99133 4.92338 10.0257 5.2518 9.99308C5.26522 9.77024 5.30663 9.55383 5.36963 9.35433C3.6383 8.93083 2.6583 7.81433 2.6583 5.62333C2.6583 4.89999 2.87413 4.24899 3.27547 3.70299C3.1483 3.18149 3.16755 2.55091 3.45163 1.84099C3.48387 1.76069 3.53358 1.68856 3.59714 1.62984C3.6607 1.57112 3.73653 1.52728 3.81913 1.50149C3.86638 1.48749 3.89322 1.48108 3.94047 1.47408C4.40888 1.40233 5.07038 1.57324 5.93255 2.11341C6.44635 1.99329 6.97232 1.933 7.49997 1.93374C8.03197 1.93374 8.56047 1.99441 9.06563 2.11341C9.92722 1.56916 10.5899 1.39824 11.0618 1.47408C11.1114 1.48166 11.1534 1.49158 11.189 1.50324C11.27 1.52995 11.3441 1.57408 11.4062 1.63253C11.4683 1.69099 11.5168 1.76235 11.5483 1.84158C11.8324 2.55091 11.8516 3.18149 11.7245 3.70241C12.1276 4.24841 12.3416 4.89533 12.3416 5.62333C12.3416 7.81491 11.3651 8.92791 9.6338 9.35199C9.70672 9.59408 9.74463 9.86474 9.74463 10.157C9.74469 10.6851 9.74235 11.2132 9.73763 11.7413C9.86864 11.7699 9.9858 11.8427 10.0694 11.9476C10.153 12.0524 10.1979 12.1828 10.1966 12.3169C10.1953 12.451 10.1479 12.5805 10.0622 12.6837C9.97663 12.7869 9.85808 12.8575 9.72655 12.8835C9.06213 13.0165 8.5698 12.5732 8.5698 11.9939L8.57097 11.7337L8.57388 11.3225C8.5768 10.9095 8.57797 10.542 8.57797 10.157C8.57797 9.75041 8.47122 9.48499 8.33005 9.36366C7.94447 9.03116 8.13988 8.39824 8.64505 8.34166C10.3758 8.14741 11.175 7.47716 11.175 5.62333C11.175 5.06624 10.993 4.60599 10.6424 4.22099C10.5685 4.14005 10.5189 4.03994 10.4993 3.93213C10.4797 3.82432 10.4909 3.71317 10.5316 3.61141C10.6284 3.36991 10.6698 3.05316 10.5876 2.66991L10.5817 2.67166C10.2953 2.75274 9.93422 2.92833 9.49788 3.22524C9.42752 3.27299 9.34758 3.30478 9.26364 3.31838C9.1797 3.33199 9.09381 3.32708 9.01197 3.30399C8.51958 3.16766 8.01088 3.09917 7.49997 3.10041C6.9808 3.10041 6.4663 3.16983 5.98797 3.30458C5.90643 3.32748 5.82088 3.33235 5.73727 3.31885C5.65366 3.30535 5.57399 3.27381 5.5038 3.22641C5.06513 2.93066 4.7023 2.75566 4.41413 2.67399C4.33013 3.05491 4.37155 3.37049 4.4678 3.61141C4.50852 3.71312 4.51978 3.82424 4.50028 3.93205C4.48078 4.03985 4.43132 4.13999 4.35755 4.22099C4.0093 4.60249 3.82497 5.07149 3.82497 5.62333C3.82497 7.47366 4.62472 8.14799 6.34613 8.34166C6.85072 8.39824 7.04672 9.02824 6.66347 9.36133C6.55147 9.45933 6.41322 9.78833 6.41322 10.157V11.9945C6.41322 12.5697 5.92613 13.0007 5.26988 12.8858C5.13675 12.8624 5.01586 12.7936 4.92789 12.6909C4.83991 12.5883 4.79031 12.4583 4.78755 12.3232C4.7848 12.188 4.82906 12.0561 4.91278 11.95C4.9965 11.8439 5.11448 11.7701 5.24655 11.7413V11.1638C4.71572 11.1994 4.27705 11.1125 3.93172 10.8809Z" fill="white"/>
+</g>
+<defs>
+<clipPath id="clip0_17762_41">
+<rect width="14" height="14" fill="white" transform="translate(0.5)"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/docs/_static/images/hamburger-icon.svg b/docs/_static/images/hamburger-icon.svg
new file mode 100644
index 00000000..9fad3003
--- /dev/null
+++ b/docs/_static/images/hamburger-icon.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M0 5.3335H24M0 12.0002H24M0 18.6668H24" stroke="#FFAE12" stroke-width="3"/>
+</svg>
diff --git a/docs/_static/images/keypairs.png b/docs/_static/images/keypairs.png
new file mode 100644
index 00000000..7e772ae9
--- /dev/null
+++ b/docs/_static/images/keypairs.png
Binary files differ
diff --git a/docs/_static/images/lac-lns-diagram.jpg b/docs/_static/images/lac-lns-diagram.jpg
new file mode 100644
index 00000000..4463a3c3
--- /dev/null
+++ b/docs/_static/images/lac-lns-diagram.jpg
Binary files differ
diff --git a/docs/_static/images/lac-lns-winclient.jpg b/docs/_static/images/lac-lns-winclient.jpg
new file mode 100644
index 00000000..9fa99152
--- /dev/null
+++ b/docs/_static/images/lac-lns-winclient.jpg
Binary files differ
diff --git a/docs/_static/images/note-icon.svg b/docs/_static/images/note-icon.svg
new file mode 100644
index 00000000..fd4f05c3
--- /dev/null
+++ b/docs/_static/images/note-icon.svg
@@ -0,0 +1,5 @@
+<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6.58341 8.91675V7.75008H5.41675V8.91675H6.58341Z" fill="#356E81"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M6.00008 0.166748C9.22008 0.166748 11.8334 2.78008 11.8334 6.00008C11.8334 9.22008 9.22008 11.8334 6.00008 11.8334C2.78008 11.8334 0.166748 9.22008 0.166748 6.00008C0.166748 2.78008 2.78008 0.166748 6.00008 0.166748ZM6.00008 10.6667C8.57841 10.6667 10.6667 8.57841 10.6667 6.00008C10.6667 3.42175 8.57841 1.33341 6.00008 1.33341C3.42175 1.33341 1.33341 3.42175 1.33341 6.00008C1.33341 8.57841 3.42175 10.6667 6.00008 10.6667Z" fill="#356E81"/>
+<path d="M5.41675 6.87508H6.58341V3.08341H5.41675V6.87508Z" fill="#356E81"/>
+</svg>
diff --git a/docs/_static/images/sg.png b/docs/_static/images/sg.png
new file mode 100644
index 00000000..8be51e1f
--- /dev/null
+++ b/docs/_static/images/sg.png
Binary files differ
diff --git a/docs/_static/images/traffic.png b/docs/_static/images/traffic.png
new file mode 100644
index 00000000..74002b16
--- /dev/null
+++ b/docs/_static/images/traffic.png
Binary files differ
diff --git a/docs/_static/images/wireguard_site2site_diagram.jpg b/docs/_static/images/wireguard_site2site_diagram.jpg
index fc305952..4a7a95e4 100644
--- a/docs/_static/images/wireguard_site2site_diagram.jpg
+++ b/docs/_static/images/wireguard_site2site_diagram.jpg
Binary files differ
diff --git a/docs/_static/images/zone-policy-diagram.png b/docs/_static/images/zone-policy-diagram.png
index 49e3e046..cfde4af6 100644
--- a/docs/_static/images/zone-policy-diagram.png
+++ b/docs/_static/images/zone-policy-diagram.png
Binary files differ
diff --git a/docs/_static/js/codecopier.js b/docs/_static/js/codecopier.js
new file mode 100644
index 00000000..bf0b3b4d
--- /dev/null
+++ b/docs/_static/js/codecopier.js
@@ -0,0 +1,67 @@
+const hamburgerIcon = `
+ <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+ <path d="M0 5.3335H24M0 12.0002H24M0 18.6668H24" stroke="#FFAE12" stroke-width="3"/>
+ </svg>
+`
+
+const innersOfCopyDiv = `
+ <p>Copy</p>
+ <svg width="13" height="12" viewBox="0 0 13 12" fill="none" xmlns="http://www.w3.org/2000/svg">
+ <rect x="4.95605" y="4.5" width="7" height="7" rx="1.5" stroke="#FD8F01"/>
+ <path fill-rule="evenodd" clip-rule="evenodd" d="M0.456055 2C0.456055 0.895431 1.35149 0 2.45605 0H6.45605C7.56062 0 8.45605 0.895431 8.45605 2V3H7.45605V2C7.45605 1.44772 7.00834 1 6.45605 1H2.45605C1.90377 1 1.45605 1.44772 1.45605 2V6C1.45605 6.55228 1.90377 7 2.45605 7H3.45605V8H2.45605C1.35149 8 0.456055 7.10457 0.456055 6V2Z" fill="#FD8F01"/>
+ </svg>
+`
+
+function formDiv(id) {
+ return `
+ <div class='copyDiv' data-identifier='${id}'>
+ ${innersOfCopyDiv}
+ </div>
+`
+}
+
+$(document).ready(async function () {
+ const codeSnippets = $(
+ '.rst-content div[class^=highlight] div[class^=highlight], .rst-content pre.literal-block div[class^=highlight], .rst-content pre.literal-block div[class^=highlight]'
+ )
+
+ codeSnippets.each((index, el) => {
+ el.insertAdjacentHTML('beforeend', formDiv(index))
+ })
+
+ const copyButton = $('.copyDiv')
+
+ copyButton.click(async ({
+ currentTarget
+ }) => {
+ // we obtain text and copy it
+ const id = currentTarget.dataset.identifier
+
+ try {
+ await navigator.clipboard.writeText(currentTarget.offsetParent.innerText)
+ } catch (error) {
+ console.log('Copiing text failed, please try again', {
+ error
+ })
+ }
+
+ // we edit the copyDiv connected to copied text
+ const divWithNeededId = $(`div[data-identifier='${id}']`)
+ divWithNeededId.addClass('copiedNotifier')
+ divWithNeededId.html('<span>Copied!</span>')
+
+ setTimeout(() => {
+ divWithNeededId.html(innersOfCopyDiv)
+ divWithNeededId.removeClass('copiedNotifier')
+
+ }, 2000)
+ })
+
+ // we edit the button that is added by readthedocs portal
+ const readTheDocsButton = $('div.rst-versions')
+ const navbar = $('nav[data-toggle=wy-nav-shift]')
+
+ navbar.append(readTheDocsButton)
+
+});
+
diff --git a/docs/_static/js/footer.js b/docs/_static/js/footer.js
new file mode 100644
index 00000000..5f135768
--- /dev/null
+++ b/docs/_static/js/footer.js
@@ -0,0 +1,92 @@
+$(document).ready(function() {
+ insertIframe()
+
+ const options = {
+ threshold: 0.01,
+ }
+ const divDoc = document.querySelector('.iframe-container')
+ const innerSidebar = $('.wy-side-scroll')
+
+ intersectionObserver(options, divDoc, innerSidebar)
+
+ $(window).resize(function() {
+ intersectionObserver(options, divDoc, innerSidebar)
+ })
+
+ $(window).scroll(function() {
+ intersectionObserver(options, divDoc, innerSidebar)
+ })
+});
+
+function intersectionObserver(options, divDoc, innerSidebar) {
+ // we delete any inline-styles from innerSidebar
+ if($(innerSidebar).attr('style')) {
+ innerSidebar.removeAttr('style')
+ }
+ const screenWidth = $(window).width()
+ const sidebar = $('.wy-nav-side')
+ const documentHeight = $(document).height()
+ const iframeHeight = $('.iframe-container').height()
+ const currentPosition = $(document).scrollTop()
+ const additionalPaddingFromSidebar = screenWidth > 991 ? 70 : 83
+ const heightThatIsAddedByPaddings = 36
+ const resultOfSums = documentHeight -
+ iframeHeight -
+ currentPosition -
+ additionalPaddingFromSidebar -
+ heightThatIsAddedByPaddings
+ const heightOfAdditionalButton = 50
+
+ const onEntry = (entries, observer) => {
+ entries.forEach(entry => {
+ if(entry.isIntersecting) {
+ if(resultOfSums <= 70) {
+ $(sidebar).hide()
+ return
+ }
+ $(sidebar).show()
+ $(sidebar).height(resultOfSums)
+ $(sidebar).css('margin-bottom', '20px')
+ $(innerSidebar).removeAttr('style')
+ $(innerSidebar).height(resultOfSums - heightOfAdditionalButton)
+ return
+ } else {
+ $(sidebar).removeAttr('style')
+ $(innerSidebar).removeAttr('style')
+ }
+ })
+ }
+ const observer = new IntersectionObserver(onEntry, options);
+ observer.observe(divDoc)
+
+ if($(innerSidebar).attr('style')) {
+ observer.unobserve(divDoc)
+ }
+
+ determineHeightOfFooterContainer()
+
+}
+
+function determineHeightOfFooterContainer() {
+ const iframeFooter= $('#vyos-footer-iframe');
+ const title = window.document.getElementsByTagName('title')?.[0]?.text;
+ const iframeContainer = $('.iframe-container')
+ const href = window.location.href;
+
+ window.addEventListener('message',function(message){
+ if(message.data.footerIframeHeight){
+ $(iframeFooter).css('min-height', `${message.data.footerIframeHeight + 1}px`)
+ $(iframeContainer).height(message.data.footerIframeHeight + 1)
+ iframeFooter[0].contentWindow.postMessage({title, href},'*');
+ }
+ })
+}
+
+function insertIframe() {
+ const body = $('.wy-body-for-nav')
+ body.append(divWithIframe)
+}
+
+const divWithIframe = `<div class="iframe-container">
+ <iframe src='https://vyos.io/iframes/footer' id='vyos-footer-iframe'></iframe>
+</div>`
diff --git a/docs/_static/js/sidebar.js b/docs/_static/js/sidebar.js
new file mode 100644
index 00000000..8b5c029d
--- /dev/null
+++ b/docs/_static/js/sidebar.js
@@ -0,0 +1,162 @@
+$(document).ready(function () {
+ removeOverlayAndCloseSidebar()
+ documentLoaded()
+
+ $(window).on("resize", function () {
+ const screenWidth = window.innerWidth
+
+ if (screenWidth <= 991) return userIsInTabletScreenWidth(screenWidth)
+ return removeOverlayAndButtons(screenWidth)
+ })
+
+})
+
+function removeButtons() {
+ const alreadyCreatedOpenButtonCheck = $('.openLeftSidebarMenuButton')
+ const alreadyCreatedCloseButtonCheck = $('.closeButtonDivLine')
+
+ if(alreadyCreatedOpenButtonCheck[0]) alreadyCreatedOpenButtonCheck[0].remove()
+ if(alreadyCreatedCloseButtonCheck[0]) alreadyCreatedCloseButtonCheck[0].remove()
+}
+
+function documentLoaded() {
+ const screenWidth = window.innerWidth
+
+ if (screenWidth <= 991) return userIsInTabletScreenWidth(screenWidth)
+ return
+}
+
+function userIsInTabletScreenWidth(screenWidth) {
+ const alreadyCreatedButtonCheck = $('.openLeftSidebarMenuButton')
+ if (alreadyCreatedButtonCheck[0]) return
+ createOpenSidebarButton(screenWidth)
+ createCloseSidebarButton(screenWidth)
+ removeOverlayAndCloseSidebar()
+}
+
+function createOverlay(screenWidth) {
+ const contentContainer = $('.wy-nav-content')
+ contentContainer.addClass('overlay')
+
+ const overlayDiv = `
+ <div class='overlayDiv' />
+ `
+
+ contentContainer.append(overlayDiv)
+
+ $('.wy-nav-content.overlay').on('click', onOverlayClickHandler)
+}
+
+function onOverlayClickHandler() {
+ removeOverlayAndCloseSidebar()
+}
+
+function removeOverlayAndCloseSidebar() {
+ const screenWidth = window.innerWidth
+
+ const contentContainer = $('.wy-nav-content')
+ contentContainer.removeClass('overlay')
+
+ const overlayDiv = $('.overlayDiv')
+ overlayDiv.remove()
+
+ const leftSidebarOpened = $('nav.wy-nav-side.shift')
+ leftSidebarOpened.removeClass('shift')
+
+ const leftSidebar = $('nav.wy-nav-side')
+
+ // that's working don't touch
+ if(screenWidth > 991) {
+ // when user is not in tablet -> we add classes on opened sidebar and remove classes on closed sidebar
+ const contentSection = $('section.wy-nav-content-wrap')
+ const contentDiv = $('div.wy-nav-content')
+ contentSection.addClass('wy-nav-content-wrap-opened-sidebar')
+ contentDiv.addClass('wy-nav-content-opened-sidebar')
+ contentSection.removeClass('wy-nav-content-wrap-closed-sidebar')
+ contentDiv.removeClass('wy-nav-content-closed-sidebar')
+ leftSidebar.removeClass('display_none')
+ return
+ }
+
+ if(screenWidth <= 991) {
+ // I add closed classes to make contentContainer 100% width
+ const contentSection = $('section.wy-nav-content-wrap')
+ const contentDiv = $('div.wy-nav-content')
+ contentSection.removeClass('wy-nav-content-wrap-opened-sidebar')
+ contentDiv.removeClass('wy-nav-content-opened-sidebar')
+ contentSection.addClass('wy-nav-content-wrap-closed-sidebar')
+ contentDiv.addClass('wy-nav-content-closed-sidebar')
+ leftSidebar.addClass('display_none')
+ }
+
+}
+
+function createOpenSidebarButton() {
+ const divToInsert = $('div[role=navigation][aria-label="Page navigation"]')
+ divToInsert[0].insertAdjacentHTML('afterbegin', formOpenSidebarButton())
+
+ const newlyCreatedButton = $('.openLeftSidebarMenuButton')
+
+ newlyCreatedButton.on('click', onOpenLeftSidebarMenuButtonClickHandler)
+}
+
+function onOpenLeftSidebarMenuButtonClickHandler(e) {
+ e.stopPropagation()
+ const leftSidebar = $('nav.wy-nav-side')
+ const leftSidebarOpened = $('nav.wy-nav-side.shift')
+ if(leftSidebarOpened[0]) {
+ // leftSidebarOpened.removeClass('shift')
+ removeOverlayAndCloseSidebar()
+ }
+
+ createOverlay()
+ if(leftSidebar.hasClass('display_none')) leftSidebar.removeClass('display_none')
+ if(leftSidebar.hasClass('.additionalStylesForShift')) leftSidebar.removeClass('.additionalStylesForShift')
+ // here I add classes to contentSection and contentDiv to make them margined left and remove closed classes if any
+ const contentSection = $('section.wy-nav-content-wrap')
+ const contentDiv = $('div.wy-nav-content')
+ // contentSection.removeClass('wy-nav-content-wrap-closed-sidebar')
+ // contentDiv.removeClass('wy-nav-content-closed-sidebar')
+ // contentSection.addClass('wy-nav-content-wrap-opened-sidebar')
+ // contentDiv.addClass('wy-nav-content-opened-sidebar')
+ return leftSidebar.addClass('shift')
+}
+
+function createCloseSidebarButton(screenWidth) {
+ const updatedLeftSidebarScrollDiv = $('nav.wy-nav-side')
+
+ const alreadyCreatedButtonCheck = $('div.closeLeftSidebarMenuButton')
+ if(alreadyCreatedButtonCheck[0]) return
+
+ updatedLeftSidebarScrollDiv[0].insertAdjacentHTML('beforeend', formCloseLeftSidebarButton())
+ updatedLeftSidebarScrollDiv.addClass('additionalStylesForShift')
+
+ const createdCloseSidebarButton = $('.closeButtonDivLine')
+
+ createdCloseSidebarButton.on('click', function () {
+ removeOverlayAndCloseSidebar()
+ })
+}
+
+function formOpenSidebarButton() {
+ return `
+ <div class='openLeftSidebarMenuButton'>
+ ${hamburgerIcon}
+ </div>
+ `
+}
+
+function formCloseLeftSidebarButton() {
+ return `
+ <div class='closeButtonDivLine'>
+ <div class='closeLeftSidebarMenuButton'>
+ Close
+ </div>
+ </div>
+ `
+}
+
+function removeOverlayAndButtons(screenWidth) {
+ removeOverlayAndCloseSidebar()
+ removeButtons()
+}
diff --git a/docs/_templates/layout.html b/docs/_templates/layout.html
index 6cb68508..5736a26f 100644
--- a/docs/_templates/layout.html
+++ b/docs/_templates/layout.html
@@ -1,12 +1,32 @@
{% extends "!layout.html" %}
{%- set current_version = "1.5.x circinus" %}
{% block extrahead %}
+ <style>#vyos-header-iframe{position:fixed;top:0;left:0;right:0;z-index:999999999;width:100%;border:none}</style>
+ <style>#vyos-footer-iframe{width:100%;border:none}</style>
+ <iframe src='https://vyos.io/iframes/header' id='vyos-header-iframe'></iframe>
+ <script>const iframeHeader=document.getElementById('vyos-header-iframe');const postMessageToIframe=()=>{iframeHeader.contentWindow.postMessage({height:window.innerHeight,width:window.width},'*')};window.addEventListener('message',function(message){if(message.data.headerIframeHeight){iframeHeader.style.height=`${message.data.headerIframeHeight}px`;postMessageToIframe()}});window.addEventListener('resize',event=>{postMessageToIframe()})</script>
<link href="{{ pathto("_static/css/custom.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/lists.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/hints.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/headers.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/breadcrumbs.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/linkButtons.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/text.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/leftSidebar.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/scrolls.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/tables.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/installation/running-on-bare-metal.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/code-snippets.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/separate-commands.css", True) }}" rel="stylesheet" type="text/css">
+ <link href="{{ pathto("_static/css/configuration/index.css", True) }}" rel="stylesheet" type="text/css">
<link href="{{ pathto("_static/css/datatables.css", True) }}" rel="stylesheet" type="text/css">
+ <link rel="preconnect" href="https://fonts.googleapis.com">
+ <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+ <link href="https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800&display=swap" rel="stylesheet">
<script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/datatables.js", True) }}"></script>
<script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/tables.js", True) }}"></script>
-{% endblock %}
-{% block extrabody %}
- <p class="devwarning">Warning: This is the dev version. The latest stable version is
- <a href="https://docs.vyos.io/en/equuleus/">Equuleus 1.3.x</a>.</a></p>
+ <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/codecopier.js", True) }}"></script>
+ <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/sidebar.js", True) }}"></script>
+ <script type="text/javascript" charset="utf8" src="{{ pathto("_static/js/footer.js", True) }}"></script>
+ </script>
{% endblock %}
diff --git a/docs/automation/index.rst b/docs/automation/index.rst
index ecabff7a..48e83a96 100644
--- a/docs/automation/index.rst
+++ b/docs/automation/index.rst
@@ -8,11 +8,11 @@ VyOS Automation
.. toctree::
- :maxdepth: 1
+ :maxdepth: 2
vyos-api
vyos-ansible
- vyos-terraform
+ terraform/index
vyos-napalm
vyos-netmiko
vyos-salt
diff --git a/docs/automation/terraform/index.rst b/docs/automation/terraform/index.rst
new file mode 100644
index 00000000..9a51df91
--- /dev/null
+++ b/docs/automation/terraform/index.rst
@@ -0,0 +1,18 @@
+##############
+VyOS Terraform
+##############
+
+
+ * Nornir
+ * startup scripts
+
+
+.. toctree::
+ :maxdepth: 1
+ :caption: Content
+
+ terraformAWS
+# terraformAZ
+# terraformvSphere
+# terraformGoogle
+
diff --git a/docs/automation/terraform/terraformAWS.rst b/docs/automation/terraform/terraformAWS.rst
new file mode 100644
index 00000000..c81fe906
--- /dev/null
+++ b/docs/automation/terraform/terraformAWS.rst
@@ -0,0 +1,579 @@
+:lastproofread: 2024-01-11
+
+.. _vyos-terraform:
+
+Terraform for VyOS
+==================
+
+VyOS supports development infrastructure via Terraform and provisioning via Ansible.
+Terraform allows you to automate the process of deploying instances on many cloud and virtual platforms.
+In this article, we will look at using terraforms to deploy vyos on platforms - AWS, AZURE, and vSphere.
+More detailed about what is Terraform you can write using the link_.
+
+Need to install_ Terraform
+
+Structure of files in the standard Terraform project:
+
+.. code-block:: none
+
+ .
+ ├── main.tf # The main script
+ ├── version.tf # File for the changing version of Terraform.
+ ├── variables.tf # The file of all variables in "main.tf"
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+General commands that we will use for running Terraform scripts
+
+
+.. code-block:: none
+
+ #cd /<your folder> # go to the Terrafom project
+ #terraform init # install all addons and provider (aws az and so on)
+ #terraform plan # show wtah is changing
+ #terraform apply # run script
+ #yes # apply running
+
+
+Deploying vyos in the AWS cloud
+-------------------------------
+With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform.
+Also we will make provisioning using Ansible.
+
+
+.. image:: /_static/images/aws.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible.
+
+
+Preparation steps for deploying VyOS on AWS
+-------------------------------------------
+
+How to create a single instance and install your configuration using Terraform+Ansible+AWS
+Step by step:
+
+AWS
+
+
+1.1 Create an account with AWS and get your "access_key", "secret key"
+
+1.2 Create a key pair_ and download your .pem key
+
+.. image:: /_static/images/keypairs.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+1.3 Create a security group_ for the new VyOS instance and open all traffic
+
+.. image:: /_static/images/sg.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+
+.. image:: /_static/images/traffic.png
+ :width: 50%
+ :align: center
+ :alt: Network Topology Diagram
+
+Terraform
+
+
+2.1 Create a0 UNIX or Windows instance
+
+2.2 Download and install Terraform
+
+2.3 Create the folder for example /root/awsterraform
+
+.. code-block:: none
+
+ mkdir /root/awsterraform
+
+2.4 Copy all files into your Terraform project "/root/awsterraform" (vyos.tf, var.tf, terraform.tfvars,version.tf), more detailed see `Structure of files Terrafom for AWS`_
+
+2.5 Type the commands :
+
+.. code-block:: none
+
+ #cd /<your folder>
+ #terraform init
+
+
+Ansible
+
+
+3.1 Create a UNIX instance whenever you want (local, cloud, and so on)
+
+3.2 Download and install Ansible
+
+3.3 Create the folder for example /root/aws/
+
+3.4 Copy all files into your Ansible project "/root/aws/" (ansible.cfg, instance.yml, mykey.pem and "all"), more detailed see `Structure of files Ansible for AWS`_
+
+mykey.pem you have to get using step 1.2
+
+
+Start
+
+
+4.1 Type the commands on your Terrafom instance:
+
+.. code-block:: none
+
+ #cd /<your folder>
+ #terraform plan
+ #terraform apply
+ #yes
+
+
+Start creating an AWS instance and check the result
+---------------------------------------------------
+
+.. code-block:: none
+
+ root@localhost:~/awsterraform# terraform apply
+
+ Terraform used the selected providers to generate the following execution plan.
+ Resource actions are indicated with the following symbols:
+ + create
+
+ Terraform will perform the following actions:
+
+ # aws_instance.myVyOSec2 will be created
+ + resource "aws_instance" "myVyOSec2" {
+ + ami = "ami-************62c2d"
+ + arn = (known after apply)
+ + associate_public_ip_address = (known after apply)
+ + availability_zone = (known after apply)
+ + cpu_core_count = (known after apply)
+ + cpu_threads_per_core = (known after apply)
+ + disable_api_stop = (known after apply)
+ + disable_api_termination = (known after apply)
+ + ebs_optimized = (known after apply)
+ + get_password_data = false
+ + host_id = (known after apply)
+ + host_resource_group_arn = (known after apply)
+ + iam_instance_profile = (known after apply)
+ + id = (known after apply)
+ + instance_initiated_shutdown_behavior = (known after apply)
+ + instance_lifecycle = (known after apply)
+ + instance_state = (known after apply)
+ + instance_type = "t2.micro"
+ + ipv6_address_count = (known after apply)
+ + ipv6_addresses = (known after apply)
+ + key_name = "awsterraform"
+ + monitoring = (known after apply)
+ + outpost_arn = (known after apply)
+ + password_data = (known after apply)
+ + placement_group = (known after apply)
+ + placement_partition_number = (known after apply)
+ + primary_network_interface_id = (known after apply)
+ + private_dns = (known after apply)
+ + private_ip = (known after apply)
+ + public_dns = (known after apply)
+ + public_ip = (known after apply)
+ + secondary_private_ips = (known after apply)
+ + security_groups = [
+ + "awsterraformsg",
+ ]
+ + source_dest_check = true
+ + spot_instance_request_id = (known after apply)
+ + subnet_id = (known after apply)
+ + tags = {
+ + "name" = "VyOS System"
+ }
+ + tags_all = {
+ + "name" = "VyOS System"
+ }
+ + tenancy = (known after apply)
+ + user_data = (known after apply)
+ + user_data_base64 = (known after apply)
+ + user_data_replace_on_change = false
+ + vpc_security_group_ids = (known after apply)
+ }
+
+ # local_file.ip will be created
+ + resource "local_file" "ip" {
+ + content = (known after apply)
+ + content_base64sha256 = (known after apply)
+ + content_base64sha512 = (known after apply)
+ + content_md5 = (known after apply)
+ + content_sha1 = (known after apply)
+ + content_sha256 = (known after apply)
+ + content_sha512 = (known after apply)
+ + directory_permission = "0777"
+ + file_permission = "0777"
+ + filename = "ip.txt"
+ + id = (known after apply)
+ }
+
+ # null_resource.SSHconnection1 will be created
+ + resource "null_resource" "SSHconnection1" {
+ + id = (known after apply)
+ }
+
+ # null_resource.SSHconnection2 will be created
+ + resource "null_resource" "SSHconnection2" {
+ + id = (known after apply)
+ }
+
+ Plan: 4 to add, 0 to change, 0 to destroy.
+
+ Changes to Outputs:
+ + my_IP = (known after apply)
+
+ Do you want to perform these actions?
+ Terraform will perform the actions described above.
+ Only 'yes' will be accepted to approve.
+
+ Enter a value: yes
+
+ aws_instance.myVyOSec2: Creating...
+ aws_instance.myVyOSec2: Still creating... [10s elapsed]
+ aws_instance.myVyOSec2: Still creating... [20s elapsed]
+ aws_instance.myVyOSec2: Still creating... [30s elapsed]
+ aws_instance.myVyOSec2: Still creating... [40s elapsed]
+ aws_instance.myVyOSec2: Creation complete after 44s [id=i-09edfca15aac2fe0a]
+ null_resource.SSHconnection1: Creating...
+ null_resource.SSHconnection2: Creating...
+ null_resource.SSHconnection1: Provisioning with 'file'...
+ null_resource.SSHconnection2: Provisioning with 'remote-exec'...
+ null_resource.SSHconnection2 (remote-exec): Connecting to remote host via SSH...
+ null_resource.SSHconnection2 (remote-exec): Host: 10.217.80.104
+ null_resource.SSHconnection2 (remote-exec): User: root
+ null_resource.SSHconnection2 (remote-exec): Password: true
+ null_resource.SSHconnection2 (remote-exec): Private key: false
+ null_resource.SSHconnection2 (remote-exec): Certificate: false
+ null_resource.SSHconnection2 (remote-exec): SSH Agent: false
+ null_resource.SSHconnection2 (remote-exec): Checking Host Key: false
+ null_resource.SSHconnection2 (remote-exec): Target Platform: unix
+ local_file.ip: Creating...
+ local_file.ip: Creation complete after 0s [id=e8e91f2e24579cd28b92e2d152c0c24c3bf4b52c]
+ null_resource.SSHconnection2 (remote-exec): Connected!
+ null_resource.SSHconnection1: Creation complete after 0s [id=7070868940858935600]
+
+ null_resource.SSHconnection2 (remote-exec): PLAY [integration of terraform and ansible] ************************************
+
+ null_resource.SSHconnection2 (remote-exec): TASK [Wait 300 seconds, but only start checking after 60 seconds] **************
+ null_resource.SSHconnection2: Still creating... [10s elapsed]
+ null_resource.SSHconnection2: Still creating... [20s elapsed]
+ null_resource.SSHconnection2: Still creating... [30s elapsed]
+ null_resource.SSHconnection2: Still creating... [40s elapsed]
+ null_resource.SSHconnection2: Still creating... [50s elapsed]
+ null_resource.SSHconnection2: Still creating... [1m0s elapsed]
+ null_resource.SSHconnection2 (remote-exec): ok: [54.144.84.120]
+
+ null_resource.SSHconnection2 (remote-exec): TASK [Configure general settings for the vyos hosts group] *********************
+ null_resource.SSHconnection2: Still creating... [1m10s elapsed]
+ null_resource.SSHconnection2 (remote-exec): changed: [54.144.84.120]
+
+ null_resource.SSHconnection2 (remote-exec): PLAY RECAP *********************************************************************
+ null_resource.SSHconnection2 (remote-exec): 54.144.84.120 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
+
+ null_resource.SSHconnection2: Creation complete after 1m16s [id=4902256962410024771]
+
+ Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
+
+ Outputs:
+
+ my_IP = "54.144.84.120"
+
+
+
+After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition.
+If you need to delete the instance please type the command:
+
+.. code-block:: none
+
+ #terraform destroy
+
+
+Troubleshooting
+---------------
+
+1. Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/.
+Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location).
+Make sure that you have opened access to the instance in the security group.
+
+2. Terraform doesn't connect via SSH to your Ansible instance: you have to check the correct login and password in the part of the file vyos. tf
+
+.. code-block:: none
+
+ connection {
+ type = "ssh"
+ user = "root" # open root access using login and password on your Ansible
+ password = var.password # check password in the file terraform.tfvars isn't empty
+ host = var.host # check the correct IP address of your Ansible host
+ }
+
+
+Make sure that Ansible is pinging from Terrafom.
+
+Structure of files Terrafom for AWS
+-----------------------------------
+
+.. code-block:: none
+
+ .
+ ├── vyos.tf # The main script
+ ├── var.tf # File for the changing version of Terraform.
+ ├── versions.tf # The file of all variables in "vyos.tf"
+ └── terraform.tfvars # The value of all variables (passwords, login, ip adresses and so on)
+
+
+
+File contents of Terrafom for AWS
+---------------------------------
+
+vyos.tf
+
+.. code-block:: none
+
+
+ ##############################################################################
+ # Build an VyOS VM from the Marketplace
+ # To finde nessesery AMI image_ in AWS
+ #
+ # In the script vyos.tf we'll use default values (you can chang it as you need)
+ # AWS Region = "us-east-1"
+ # AMI = "standard AMI of VyOS from AWS Marketplace"
+ # Size of VM = "t2.micro"
+ # AWS Region = "us-east-1"
+ # After deploying the AWS instance and getting an IP address, the IP address is copied into the file
+ #"ip.txt" and copied to the Ansible node for provisioning.
+ ##############################################################################
+
+ provider "aws" {
+ access_key = var.access
+ secret_key = var.secret
+ region = var.region
+ }
+
+ variable "region" {
+ default = "us-east-1"
+ description = "AWS Region"
+ }
+
+ variable "ami" {
+ default = "ami-**************3b3" # ami image please enter your details
+ description = "Amazon Machine Image ID for VyOS"
+ }
+
+ variable "type" {
+ default = "t2.micro"
+ description = "Size of VM"
+ }
+
+ # my resource for VyOS
+
+ resource "aws_instance" "myVyOSec2" {
+ ami = var.ami
+ key_name = "awsterraform" # Please enter your details from 1.2 of Preparation steps for deploying VyOS on AWS
+ security_groups = ["awsterraformsg"] # Please enter your details from 1.3 of Preparation steps for deploying VyOS on AWS
+ instance_type = var.type
+ tags = {
+ name = "VyOS System"
+ }
+ }
+
+ ##############################################################################
+ # specific variable (to getting type "terraform plan"):
+ # aws_instance.myVyOSec2.public_ip - the information about public IP address
+ # of our instance, needs for provisioning and ssh connection from Ansible
+ ##############################################################################
+
+ output "my_IP"{
+ value = aws_instance.myVyOSec2.public_ip
+ }
+
+ ##############################################################################
+ #
+ # IP of aws instance copied to a file ip.txt in local system Terraform
+ # ip.txt looks like:
+ # cat ./ip.txt
+ # ххх.ххх.ххх.ххх
+ ##############################################################################
+
+ resource "local_file" "ip" {
+ content = aws_instance.myVyOSec2.public_ip
+ filename = "ip.txt"
+ }
+
+ #connecting to the Ansible control node using SSH connection
+
+ ##############################################################################
+ # Steps "SSHconnection1" and "SSHconnection2" need to get file ip.txt from the terraform node and start remotely the playbook of Ansible.
+ ##############################################################################
+
+ resource "null_resource" "SSHconnection1" {
+ depends_on = [aws_instance.myVyOSec2]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+
+ #copying the ip.txt file to the Ansible control node from local system
+
+ provisioner "file" {
+ source = "ip.txt"
+ destination = "/root/aws/ip.txt" # The folder of your Ansible project
+ }
+ }
+
+ resource "null_resource" "SSHconnection2" {
+ depends_on = [aws_instance.myVyOSec2]
+ connection {
+ type = "ssh"
+ user = "root"
+ password = var.password
+ host = var.host
+ }
+ #command to run Ansible playbook on remote Linux OS
+ provisioner "remote-exec" {
+ inline = [
+ "cd /root/aws/",
+ "ansible-playbook instance.yml" # more detailed in "File contents of Ansible for AWS"
+ ]
+ }
+ }
+
+
+var.tf
+
+.. code-block:: none
+
+ variable "password" {
+ description = "pass for Ansible"
+ type = string
+ sensitive = true
+ }
+ variable "host"{
+ description = "The IP of my Ansible"
+ type = string
+ }
+ variable "access" {
+ description = "my access_key for AWS"
+ type = string
+ sensitive = true
+ }
+ variable "secret" {
+ description = "my secret_key for AWS"
+ type = string
+ sensitive = true
+ }
+
+versions.tf
+
+.. code-block:: none
+
+ terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+ }
+
+terraform.tfvars
+
+.. code-block:: none
+
+ password = "" # password for Ansible SSH
+ host = "" # IP of my Ansible
+ access = "" # access_key for AWS
+ secret = "" # secret_key for AWS
+
+
+Structure of files Ansible for AWS
+----------------------------------
+
+.. code-block:: none
+
+ .
+ ├── group_vars
+ └── all
+ ├── ansible.cfg
+ ├── mykey.pem
+ └── instance.yml
+
+
+File contents of Ansible for AWS
+--------------------------------
+
+ansible.cfg
+
+.. code-block:: none
+
+ [defaults]
+ inventory = /root/aws/ip.txt
+ host_key_checking= False
+ private_key_file = /root/aws/awsterraform.pem # check the name
+ remote_user=vyos
+
+mykey.pem
+
+.. code-block:: none
+
+ Copy your key.pem from AWS
+
+
+instance.yml
+
+
+
+.. code-block:: none
+
+ ##############################################################################
+ # About tasks:
+ # "Wait 300 seconds, but only start checking after 60 seconds" - try to make ssh connection every 60 seconds until 300 seconds
+ # "Configure general settings for the vyos hosts group" - make provisioning into AWS VyOS node
+ # You have to add all necessary cammans of VyOS under the block "lines:"
+ ##############################################################################
+
+
+ - name: integration of terraform and ansible
+ hosts: all
+ gather_facts: 'no'
+
+ tasks:
+
+ - name: "Wait 300 seconds, but only start checking after 60 seconds"
+ wait_for_connection:
+ delay: 60
+ timeout: 300
+
+ - name: "Configure general settings for the vyos hosts group"
+ vyos_config:
+ lines:
+ - set system name-server 8.8.8.8
+ save:
+ true
+
+
+all
+
+.. code-block:: none
+
+ ansible_connection: ansible.netcommon.network_cli
+ ansible_network_os: vyos.vyos.vyos
+ ansible_user: vyos
+
+Sourse files for AWS from GIT
+-----------------------------
+
+All files about the article can be found here_
+
+
+.. _link: https://developer.hashicorp.com/terraform/intro
+.. _install: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
+.. _pair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html
+.. _group: https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2-sg.html
+.. _image: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
+.. _here: https://github.com/vyos/vyos-automation/tree/main/TerraformCloud/AWS_terraform_ansible_single_vyos_instance-main \ No newline at end of file
diff --git a/docs/automation/vyos-terraform.rst b/docs/automation/vyos-terraform.rst
deleted file mode 100644
index 75967202..00000000
--- a/docs/automation/vyos-terraform.rst
+++ /dev/null
@@ -1,1036 +0,0 @@
-:lastproofread: 2024-01-11
-
-.. _vyos-terraform:
-
-Terraform
-=========
-
-VyOS supports develop infrastructia via Terraform and provisioning via ansible.
-Need to install ``Terraform``
-
-Structure of files
-
-.. code-block:: none
-
- .
- ├── main.tf
- ├── version.tf
- ├── variables.tf
- └── terraform.tfvars
-
-Run Terraform
--------------
-
-.. code-block:: none
-
- #cd /your folder
- #terraform init
- #terraform plan
- #terraform apply
- #yes
-
-
-Deploying vyos in the AWS cloud
--------------------------------
-With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the AWS cloud. If necessary, the infrastructure can be removed using terraform.
-Also we will make provisioning using Ansible.
-
-Structure of files Terrafom
-
-.. code-block:: none
-
- .
- ├── vyos.tf
- └── var.tf
-
-File contents
--------------
-
-vyos.tf
-
-.. code-block:: none
-
- terraform {
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = "~> 5.0"
- }
- }
- }
-
- provider "aws" {
- access_key = var.access
- secret_key = var.secret
- region = var.region
- }
-
- variable "region" {
- default = "us-east-1"
- description = "AWS Region"
- }
-
- variable "ami" {
- default = "ami-**************" # ami image please enter your details
- description = "Amazon Machine Image ID for VyOS"
- }
-
- variable "type" {
- default = "t2.micro"
- description = "Size of VM"
- }
-
- # my resource for VyOS
-
- resource "aws_instance" "myVyOSec2" {
- ami = var.ami
- key_name = "mykeyname" # Please enter your details
- security_groups = ["my_sg"] # Please enter your details
- instance_type = var.type
- tags = {
- name = "VyOS System"
- }
- }
-
- output "my_IP"{
- value = aws_instance.myVyOSec2.public_ip
- }
-
-
- #IP of aws instance copied to a file ip.txt in local system Terraform
-
- resource "local_file" "ip" {
- content = aws_instance.myVyOSec2.public_ip
- filename = "ip.txt"
- }
-
- #connecting to the Ansible control node using SSH connection
-
- resource "null_resource" "SSHconnection1" {
- depends_on = [aws_instance.myVyOSec2]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
- #copying the ip.txt file to the Ansible control node from local system
- provisioner "file" {
- source = "ip.txt"
- destination = "/root/aws/ip.txt" # The folder of your Ansible project
- }
- }
-
- resource "null_resource" "SSHconnection2" {
- depends_on = [aws_instance.myVyOSec2]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
- #command to run Ansible playbook on remote Linux OS
- provisioner "remote-exec" {
- inline = [
- "cd /root/aws/",
- "ansible-playbook instance.yml"
- ]
- }
- }
-
-
-var.tf
-
-.. code-block:: none
-
- variable "password" {
- description = "pass for Ansible"
- type = string
- sensitive = true
- }
- variable "host"{
- description = "The IP of my Ansible"
- }
- variable "access" {
- description = "my access_key for AWS"
- type = string
- sensitive = true
- }
- variable "secret" {
- description = "my secret_key for AWS"
- type = string
- sensitive = true
- }
-
-
-Structure of files Ansible
-
-.. code-block:: none
-
- .
- ├── group_vars
- └── all
- ├── ansible.cfg
- ├── mykey.pem
- └── instance.yml
-
-
-File contents
--------------
-
-ansible.cfg
-
-.. code-block:: none
-
- [defaults]
- inventory = /root/aws/ip.txt
- host_key_checking= False
- private_key_file = /root/aws/mykey.pem
- remote_user=vyos
-
-mykey.pem
-
-.. code-block:: none
-
- -----BEGIN OPENSSH PRIVATE KEY-----
-
- Copy your key.pem from AWS
-
- -----END OPENSSH PRIVATE KEY-----
-
-instance.yml
-
-.. code-block:: none
-
- - name: integration of terraform and ansible
- hosts: all
- gather_facts: 'no'
-
- tasks:
-
- - name: "Wait 300 seconds, but only start checking after 60 seconds"
- wait_for_connection:
- delay: 60
- timeout: 300
-
- - name: "Configure general settings for the vyos hosts group"
- vyos_config:
- lines:
- - set system name-server 8.8.8.8
- save:
- true
-
-
-all
-
-.. code-block:: none
-
- ansible_connection: ansible.netcommon.network_cli
- ansible_network_os: vyos.vyos.vyos
- ansible_user: vyos
-
-AWS_terraform_ansible_single_vyos_instance
-------------------------------------------
-
-How to create a single instance and install your configuration using Terraform+Ansible+AWS
-Step by step:
-
-AWS
----
-
-1.1 Create an account with AWS and get your "access_key", "secret key"
-
-1.2 Create a key pair and download your .pem key
-
-1.3 Create a security group for the new VyOS instance
-
-Terraform
----------
-
-2.1 Create a UNIX or Windows instance
-
-2.2 Download and install Terraform
-
-2.3 Create the folder for example ../awsvyos/
-
-2.4 Copy all files into your Terraform project (vyos.tf, var.tf)
-2.4.1 Please type the information into the strings 22, 35, 36 of file "vyos.tf"
-
-2.5 Type the commands :
-
- #cd /your folder
-
- #terraform init
-
-Ansible
--------
-
-3.1 Create a UNIX instance
-
-3.2 Download and install Ansible
-
-3.3 Create the folder for example /root/aws/
-
-3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml, mykey.pem)
-
-mykey.pem you have to get using step 1.2
-
-Start
------
-
-4.1 Type the commands on your Terrafom instance:
-
- #cd /your folder
-
- #terraform plan
-
- #terraform apply
-
- #yes
-
-.. image:: /_static/images/aws.png
- :width: 80%
- :align: center
- :alt: Network Topology Diagram
-
-
-
-Deploying vyos in the Azure cloud
----------------------------------
-With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform.
-
-Structure of files Terrafom
-
-.. code-block:: none
-
- .
- ├── main.tf
- └── variables.tf
-
-File contents
--------------
-
-main.tf
-
-.. code-block:: none
-
- ##############################################################################
- # HashiCorp Guide to Using Terraform on Azure
- # This Terraform configuration will create the following:
- # Resource group with a virtual network and subnet
- # An VyOS server without ssh key (only login+password)
- ##############################################################################
-
- # Chouse a provider
-
- provider "azurerm" {
- features {}
- }
-
- # Create a resource group. In Azure every resource belongs to a
- # resource group.
-
- resource "azurerm_resource_group" "azure_vyos" {
- name = "${var.resource_group}"
- location = "${var.location}"
- }
-
- # The next resource is a Virtual Network.
-
- resource "azurerm_virtual_network" "vnet" {
- name = "${var.virtual_network_name}"
- location = "${var.location}"
- address_space = ["${var.address_space}"]
- resource_group_name = "${var.resource_group}"
- }
-
- # Build a subnet to run our VMs in.
-
- resource "azurerm_subnet" "subnet" {
- name = "${var.prefix}subnet"
- virtual_network_name = "${azurerm_virtual_network.vnet.name}"
- resource_group_name = "${var.resource_group}"
- address_prefixes = ["${var.subnet_prefix}"]
- }
-
- ##############################################################################
- # Build an VyOS VM from the Marketplace
- # To finde nessesery image use the command:
- #
- # az vm image list --offer vyos --all
- #
- # Now that we have a network, we'll deploy an VyOS server.
- # An Azure Virtual Machine has several components. In this example we'll build
- # a security group, a network interface, a public ip address, a storage
- # account and finally the VM itself. Terraform handles all the dependencies
- # automatically, and each resource is named with user-defined variables.
- ##############################################################################
-
-
- # Security group to allow inbound access on port 22 (ssh)
-
- resource "azurerm_network_security_group" "vyos-sg" {
- name = "${var.prefix}-sg"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
-
- security_rule {
- name = "SSH"
- priority = 100
- direction = "Inbound"
- access = "Allow"
- protocol = "Tcp"
- source_port_range = "*"
- destination_port_range = "22"
- source_address_prefix = "${var.source_network}"
- destination_address_prefix = "*"
- }
- }
-
- # A network interface.
-
- resource "azurerm_network_interface" "vyos-nic" {
- name = "${var.prefix}vyos-nic"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
-
- ip_configuration {
- name = "${var.prefix}ipconfig"
- subnet_id = "${azurerm_subnet.subnet.id}"
- private_ip_address_allocation = "Dynamic"
- public_ip_address_id = "${azurerm_public_ip.vyos-pip.id}"
- }
- }
-
- # Add a public IP address.
-
- resource "azurerm_public_ip" "vyos-pip" {
- name = "${var.prefix}-ip"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
- allocation_method = "Dynamic"
- }
-
- # Build a virtual machine. This is a standard VyOS instance from Marketplace.
-
- resource "azurerm_virtual_machine" "vyos" {
- name = "${var.hostname}-vyos"
- location = "${var.location}"
- resource_group_name = "${var.resource_group}"
- vm_size = "${var.vm_size}"
-
- network_interface_ids = ["${azurerm_network_interface.vyos-nic.id}"]
- delete_os_disk_on_termination = "true"
-
- # To finde an information about the plan use the command:
- # az vm image list --offer vyos --all
-
- plan {
- publisher = "sentriumsl"
- name = "vyos-1-3"
- product = "vyos-1-2-lts-on-azure"
- }
-
- storage_image_reference {
- publisher = "${var.image_publisher}"
- offer = "${var.image_offer}"
- sku = "${var.image_sku}"
- version = "${var.image_version}"
- }
-
- storage_os_disk {
- name = "${var.hostname}-osdisk"
- managed_disk_type = "Standard_LRS"
- caching = "ReadWrite"
- create_option = "FromImage"
- }
-
- os_profile {
- computer_name = "${var.hostname}"
- admin_username = "${var.admin_username}"
- admin_password = "${var.admin_password}"
- }
-
- os_profile_linux_config {
- disable_password_authentication = false
- }
- }
-
- data "azurerm_public_ip" "example" {
- depends_on = ["azurerm_virtual_machine.vyos"]
- name = "vyos-ip"
- resource_group_name = "${var.resource_group}"
- }
- output "public_ip_address" {
- value = data.azurerm_public_ip.example.ip_address
- }
-
- # IP of AZ instance copied to a file ip.txt in local system
-
- resource "local_file" "ip" {
- content = data.azurerm_public_ip.example.ip_address
- filename = "ip.txt"
- }
-
- #Connecting to the Ansible control node using SSH connection
-
- resource "null_resource" "nullremote1" {
- depends_on = ["azurerm_virtual_machine.vyos"]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
-
- # Copying the ip.txt file to the Ansible control node from local system
-
- provisioner "file" {
- source = "ip.txt"
- destination = "/root/az/ip.txt"
- }
- }
-
- resource "null_resource" "nullremote2" {
- depends_on = ["azurerm_virtual_machine.vyos"]
- connection {
- type = "ssh"
- user = "root"
- password = var.password
- host = var.host
- }
-
- # Command to run ansible playbook on remote Linux OS
-
- provisioner "remote-exec" {
-
- inline = [
- "cd /root/az/",
- "ansible-playbook instance.yml"
- ]
- }
- }
-
-
-
-variables.tf
-
-.. code-block:: none
-
- ##############################################################################
- # Variables File
- #
- # Here is where we store the default values for all the variables used in our
- # Terraform code.
- ##############################################################################
-
- variable "resource_group" {
- description = "The name of your Azure Resource Group."
- default = "my_resource_group"
- }
-
- variable "prefix" {
- description = "This prefix will be included in the name of some resources."
- default = "vyos"
- }
-
- variable "hostname" {
- description = "Virtual machine hostname. Used for local hostname, DNS, and storage-related names."
- default = "vyos_terraform"
- }
-
- variable "location" {
- description = "The region where the virtual network is created."
- default = "centralus"
- }
-
- variable "virtual_network_name" {
- description = "The name for your virtual network."
- default = "vnet"
- }
-
- variable "address_space" {
- description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created."
- default = "10.0.0.0/16"
- }
-
- variable "subnet_prefix" {
- description = "The address prefix to use for the subnet."
- default = "10.0.10.0/24"
- }
-
- variable "storage_account_tier" {
- description = "Defines the storage tier. Valid options are Standard and Premium."
- default = "Standard"
- }
-
- variable "storage_replication_type" {
- description = "Defines the replication type to use for this storage account. Valid options include LRS, GRS etc."
- default = "LRS"
- }
-
- # The most chippers size
-
- variable "vm_size" {
- description = "Specifies the size of the virtual machine."
- default = "Standard_B1s"
- }
-
- variable "image_publisher" {
- description = "Name of the publisher of the image (az vm image list)"
- default = "sentriumsl"
- }
-
- variable "image_offer" {
- description = "Name of the offer (az vm image list)"
- default = "vyos-1-2-lts-on-azure"
- }
-
- variable "image_sku" {
- description = "Image SKU to apply (az vm image list)"
- default = "vyos-1-3"
- }
-
- variable "image_version" {
- description = "Version of the image to apply (az vm image list)"
- default = "1.3.3"
- }
-
- variable "admin_username" {
- description = "Administrator user name"
- default = "vyos"
- }
-
- variable "admin_password" {
- description = "Administrator password"
- default = "Vyos0!"
- }
-
- variable "source_network" {
- description = "Allow access from this network prefix. Defaults to '*'."
- default = "*"
- }
-
- variable "password" {
- description = "pass for Ansible"
- type = string
- sensitive = true
- }
- variable "host"{
- description = "IP of my Ansible"
- }
-
-
-Structure of files Ansible
-
-.. code-block:: none
-
- .
- ├── group_vars
- └── all
- ├── ansible.cfg
- └── instance.yml
-
-
-File contents
--------------
-
-ansible.cfg
-
-.. code-block:: none
-
- [defaults]
- inventory = /root/az/ip.txt
- host_key_checking= False
- remote_user=vyos
-
-
-instance.yml
-
-.. code-block:: none
-
- - name: integration of terraform and ansible
- hosts: all
- gather_facts: 'no'
-
- tasks:
-
- - name: "Wait 300 seconds, but only start checking after 60 seconds"
- wait_for_connection:
- delay: 60
- timeout: 300
-
- - name: "Configure general settings for the vyos hosts group"
- vyos_config:
- lines:
- - set system name-server 8.8.8.8
- save:
- true
-
-
-all
-
-.. code-block:: none
-
- ansible_connection: ansible.netcommon.network_cli
- ansible_network_os: vyos.vyos.vyos
-
- # user and password gets from terraform variables "admin_username" and "admin_password"
- ansible_user: vyos
- ansible_ssh_pass: Vyos0!
-
-
-Azure_terraform_ansible_single_vyos_instance
---------------------------------------------
-
-How to create a single instance and install your configuration using Terraform+Ansible+Azure
-Step by step:
-
-Azure
------
-
-1.1 Create an account with Azure
-
-Terraform
----------
-
-2.1 Create a UNIX or Windows instance
-
-2.2 Download and install Terraform
-
-2.3 Create the folder for example ../azvyos/
-
-2.4 Copy all files from my folder /Terraform into your Terraform project (main.tf, variables.tf)
-
-2.5 Login with Azure using the command
-
- #az login
-
-2.6 Type the commands :
-
- #cd /your folder
-
- #terraform init
-
-Ansible
--------
-
-3.1 Create a UNIX instance
-
-3.2 Download and install Ansible
-
-3.3 Create the folder for example /root/az/
-
-3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars)
-
-Start
------
-
-4.1 Type the commands on your Terrafom instance:
-
- #cd /your folder
-
- #terraform plan
-
- #terraform apply
-
- #yes
-
-
-
-Deploying vyos in the Vsphere infrastructia
--------------------------------------------
-With the help of terraforms, you can quickly deploy Vyos-based infrastructure in the vSphere.
-
-Structure of files Terrafom
-
-.. code-block:: none
-
- .
- ├── main.tf
- ├── versions.tf
- ├── variables.tf
- └── terraform.tfvars
-
-File contents
--------------
-
-main.tf
-
-.. code-block:: none
-
- provider "vsphere" {
- user = var.vsphere_user
- password = var.vsphere_password
- vsphere_server = var.vsphere_server
- allow_unverified_ssl = true
- }
-
- data "vsphere_datacenter" "datacenter" {
- name = var.datacenter
- }
-
- data "vsphere_datastore" "datastore" {
- name = var.datastore
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_compute_cluster" "cluster" {
- name = var.cluster
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_resource_pool" "default" {
- name = format("%s%s", data.vsphere_compute_cluster.cluster.name, "/Resources/terraform") # set as you need
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_host" "host" {
- name = var.host
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- data "vsphere_network" "network" {
- name = var.network_name
- datacenter_id = data.vsphere_datacenter.datacenter.id
- }
-
- ## Deployment of VM from Remote OVF
- resource "vsphere_virtual_machine" "vmFromRemoteOvf" {
- name = var.remotename
- datacenter_id = data.vsphere_datacenter.datacenter.id
- datastore_id = data.vsphere_datastore.datastore.id
- host_system_id = data.vsphere_host.host.id
- resource_pool_id = data.vsphere_resource_pool.default.id
- network_interface {
- network_id = data.vsphere_network.network.id
- }
- wait_for_guest_net_timeout = 2
- wait_for_guest_ip_timeout = 2
-
- ovf_deploy {
- allow_unverified_ssl_cert = true
- remote_ovf_url = var.url_ova
- disk_provisioning = "thin"
- ip_protocol = "IPv4"
- ip_allocation_policy = "dhcpPolicy"
- ovf_network_map = {
- "Network 1" = data.vsphere_network.network.id
- "Network 2" = data.vsphere_network.network.id
- }
- }
- vapp {
- properties = {
- "password" = "12345678",
- "local-hostname" = "terraform_vyos"
- }
- }
- }
-
- output "ip" {
- description = "default ip address of the deployed VM"
- value = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
- }
-
- # IP of AZ instance copied to a file ip.txt in local system
-
- resource "local_file" "ip" {
- content = vsphere_virtual_machine.vmFromRemoteOvf.default_ip_address
- filename = "ip.txt"
- }
-
- #Connecting to the Ansible control node using SSH connection
-
- resource "null_resource" "nullremote1" {
- depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
- connection {
- type = "ssh"
- user = "root"
- password = var.ansiblepassword
- host = var.ansiblehost
-
- }
-
- # Copying the ip.txt file to the Ansible control node from local system
-
- provisioner "file" {
- source = "ip.txt"
- destination = "/root/vsphere/ip.txt"
- }
- }
-
- resource "null_resource" "nullremote2" {
- depends_on = ["vsphere_virtual_machine.vmFromRemoteOvf"]
- connection {
- type = "ssh"
- user = "root"
- password = var.ansiblepassword
- host = var.ansiblehost
- }
-
- # Command to run ansible playbook on remote Linux OS
-
- provisioner "remote-exec" {
-
- inline = [
- "cd /root/vsphere/",
- "ansible-playbook instance.yml"
- ]
- }
- }
-
-
-versions.tf
-
-.. code-block:: none
-
- # Copyright (c) HashiCorp, Inc.
- # SPDX-License-Identifier: MPL-2.0
-
- terraform {
- required_providers {
- vsphere = {
- source = "hashicorp/vsphere"
- version = "2.4.0"
- }
- }
- }
-
-variables.tf
-
-.. code-block:: none
-
- # Copyright (c) HashiCorp, Inc.
- # SPDX-License-Identifier: MPL-2.0
-
- variable "vsphere_server" {
- description = "vSphere server"
- type = string
- }
-
- variable "vsphere_user" {
- description = "vSphere username"
- type = string
- }
-
- variable "vsphere_password" {
- description = "vSphere password"
- type = string
- sensitive = true
- }
-
- variable "datacenter" {
- description = "vSphere data center"
- type = string
- }
-
- variable "cluster" {
- description = "vSphere cluster"
- type = string
- }
-
- variable "datastore" {
- description = "vSphere datastore"
- type = string
- }
-
- variable "network_name" {
- description = "vSphere network name"
- type = string
- }
-
- variable "host" {
- description = "name if yor host"
- type = string
- }
-
- variable "remotename" {
- description = "the name of you VM"
- type = string
- }
-
- variable "url_ova" {
- description = "the URL to .OVA file or cloude store"
- type = string
- }
-
- variable "ansiblepassword" {
- description = "Ansible password"
- type = string
- }
-
- variable "ansiblehost" {
- description = "Ansible host name or IP"
- type = string
- }
-
-terraform.tfvars
-
-.. code-block:: none
-
- vsphere_user = ""
- vsphere_password = ""
- vsphere_server = ""
- datacenter = ""
- datastore = ""
- cluster = ""
- network_name = ""
- host = ""
- url_ova = ""
- ansiblepassword = ""
- ansiblehost = ""
- remotename = ""
-
-Azure_terraform_ansible_single_vyos_instance
---------------------------------------------
-
-How to create a single instance and install your configuration using Terraform+Ansible+Vsphere
-Step by step:
-
-Vsphere
--------
-
-1.1 Collect all data in to file "terraform.tfvars" and create resources fo example "terraform"
-
-Terraform
----------
-
-2.1 Create a UNIX or Windows instance
-
-2.2 Download and install Terraform
-
-2.3 Create the folder for example ../vsphere/
-
-2.4 Copy all files from my folder /Terraform into your Terraform project
-
-2.5 Type the commands :
-
- #cd /your folder
-
- #terraform init
-
-
-Ansible
--------
-
-3.1 Create a UNIX instance
-
-3.2 Download and install Ansible
-
-3.3 Create the folder for example /root/vsphere/
-
-3.4 Copy all files from my folder /Ansible into your Ansible project (ansible.cfg, instance.yml and /group_vars)
-
-Start
------
-
-4.1 Type the commands on your Terrafom instance:
-
- #cd /your folder
-
- #terraform plan
-
- #terraform apply
-
- #yes
-
diff --git a/docs/conf.py b/docs/conf.py
index 4414286d..f05832fe 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -22,7 +22,7 @@ from docutils.parsers.rst.roles import set_classes
# -- Project information -----------------------------------------------------
project = u'VyOS'
-copyright = u'2023, VyOS maintainers and contributors'
+copyright = u'2024, VyOS maintainers and contributors'
author = u'VyOS maintainers and contributors'
# The short X.Y version
@@ -192,4 +192,4 @@ texinfo_documents = [
def setup(app):
- pass
+ pass \ No newline at end of file
diff --git a/docs/configexamples/index.rst b/docs/configexamples/index.rst
index 7134e14c..d5973eb2 100644
--- a/docs/configexamples/index.rst
+++ b/docs/configexamples/index.rst
@@ -17,6 +17,7 @@ This chapter contains various configuration examples:
wan-load-balancing
pppoe-ipv6-basic
l3vpn-hub-and-spoke
+ lac-lns
inter-vrf-routing-vrf-lite
qos
segment-routing-isis
diff --git a/docs/configexamples/lac-lns.rst b/docs/configexamples/lac-lns.rst
new file mode 100644
index 00000000..b246c4d3
--- /dev/null
+++ b/docs/configexamples/lac-lns.rst
@@ -0,0 +1,169 @@
+:lastproofread: 2024-02-21
+
+.. _examples-lac-lns:
+
+###############
+PPPoE over L2TP
+###############
+
+This document is to describe a basic setup using PPPoE over L2TP.
+LAC and LNS are components of the broadband topology.
+LAC - L2TP access concentrator
+LNS - L2TP Network Server
+LAC and LNS forms L2TP tunnel. LAC receives packets from PPPoE clients and
+forward them to LNS. LNS is the termination point that comes from PPP packets
+from the remote client.
+
+In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC.
+All users with domain **vyos.io** will be tunneled to LNS via L2TP.
+
+Network Topology
+================
+
+.. image:: /_static/images/lac-lns-diagram.jpg
+ :width: 60%
+ :align: center
+ :alt: Network Topology Diagram
+
+Configurations
+==============
+
+LAC
+---
+
+.. code-block:: none
+
+ aaa new-model
+ !
+ aaa authentication ppp default local
+ !
+ vpdn enable
+ vpdn aaa attribute nas-ip-address vpdn-nas
+ !
+ vpdn-group LAC
+ request-dialin
+ protocol l2tp
+ domain vyos.io
+ initiate-to ip 192.168.139.100
+ source-ip 192.168.139.101
+ local name LAC
+ l2tp tunnel password 0 test123
+ !
+ bba-group pppoe MAIN-BBA
+ virtual-template 1
+ !
+ interface GigabitEthernet0/0
+ description To LNS
+ ip address 192.168.139.101 255.255.255.0
+ duplex auto
+ speed auto
+ media-type rj45
+ !
+ interface GigabitEthernet0/1
+ description To PPPoE clients
+ no ip address
+ duplex auto
+ speed auto
+ media-type rj45
+ pppoe enable group MAIN-BBA
+ !
+
+LNS
+---
+
+.. code-block:: none
+
+ set interfaces ethernet eth0 address '192.168.139.100/24'
+ set nat source rule 100 outbound-interface name 'eth0'
+ set nat source rule 100 source address '10.0.0.0/24'
+ set nat source rule 100 translation address 'masquerade'
+ set protocols static route 0.0.0.0/0 next-hop 192.168.139.2
+ set vpn l2tp remote-access authentication mode 'radius'
+ set vpn l2tp remote-access authentication radius server 192.168.139.110 key 'radiustest'
+ set vpn l2tp remote-access client-ip-pool TEST-POOL range '10.0.0.2-10.0.0.100'
+ set vpn l2tp remote-access default-pool 'TEST-POOL'
+ set vpn l2tp remote-access gateway-address '10.0.0.1'
+ set vpn l2tp remote-access lns host-name 'LAC'
+ set vpn l2tp remote-access lns shared-secret 'test123'
+ set vpn l2tp remote-access name-server '8.8.8.8'
+ set vpn l2tp remote-access ppp-options disable-ccp
+
+.. note:: This setup requires the Compression Control Protocol (CCP)
+ being disabled, the command ``set vpn l2tp remote-access ppp-options disable-ccp``
+ accomplishes that.
+
+Client
+------
+
+In this lab we use Windows PPPoE client.
+
+.. image:: /_static/images/lac-lns-winclient.jpg
+ :width: 100%
+ :align: center
+ :alt: Window PPPoE Client Configuration
+
+Monitoring
+----------
+
+Monitoring on LNS side
+
+.. code-block:: none
+
+ vyos@vyos:~$ show l2tp-server sessions
+ ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
+ --------+--------------+----------+-----+--------+-----------------+------------+--------+----------+-----------+----------
+ l2tp0 | test@vyos.io | 10.0.0.2 | | | 192.168.139.101 | | active | 00:00:35 | 188.4 KiB | 9.3 MiB
+
+Monitoring on LAC side
+
+.. code-block:: none
+
+ Router#show pppoe session
+ 1 session in FORWARDED (FWDED) State
+ 1 session total
+ Uniq ID PPPoE RemMAC Port VT VA State
+ SID LocMAC VA-st Type
+ 1 1 000c.290b.20a6 Gi0/1 1 N/A FWDED
+ 0c58.88ac.0001
+
+ Router#show l2tp
+ L2TP Tunnel and Session Information Total tunnels 1 sessions 1
+
+ LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
+ Count VPDN Group
+ 23238 2640 LAC est 192.168.139.100 1 LAC
+
+ LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
+ Vcid, Circuit
+ 25641 25822 23238 test@vyos.io, Gi0/1 est 00:05:36 1
+
+Monitoring on RADIUS Server side
+
+.. code-block:: none
+
+ root@Radius:~# cat /var/log/freeradius/radacct/192.168.139.100/detail-20240221
+ Wed Feb 21 13:37:17 2024
+ User-Name = "test@vyos.io"
+ NAS-Port = 0
+ NAS-Port-Id = "l2tp0"
+ NAS-Port-Type = Virtual
+ Service-Type = Framed-User
+ Framed-Protocol = PPP
+ Calling-Station-Id = "192.168.139.101"
+ Called-Station-Id = "192.168.139.100"
+ Acct-Status-Type = Start
+ Acct-Authentic = RADIUS
+ Acct-Session-Id = "45c731e169d9a4f1"
+ Acct-Session-Time = 0
+ Acct-Input-Octets = 0
+ Acct-Output-Octets = 0
+ Acct-Input-Packets = 0
+ Acct-Output-Packets = 0
+ Acct-Input-Gigawords = 0
+ Acct-Output-Gigawords = 0
+ Framed-IP-Address = 10.0.0.2
+ NAS-IP-Address = 192.168.139.100
+ Event-Timestamp = "Feb 21 2024 13:37:17 UTC"
+ Tmp-String-9 = "ai:"
+ Acct-Unique-Session-Id = "ea6a1089816f19c0d0f1819bc61c3318"
+ Timestamp = 1708522637
diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst
index 670ca29f..e63ac2c9 100644
--- a/docs/configuration/container/index.rst
+++ b/docs/configuration/container/index.rst
@@ -11,16 +11,16 @@ a deamonless container engine.
Configuration
*************
-.. cfgcmd:: set container name <name> image
-
+.. cfgcmd:: set container name <name> image
+
Sets the image name in the hub registry
.. code-block:: none
set container name mysql-server image mysql:8.0
- If a registry is not specified, Docker.io will be used as the container
- registry unless an alternative registry is specified using
+ If a registry is not specified, Docker.io will be used as the container
+ registry unless an alternative registry is specified using
**set container registry <name>** or the registry is included in the image name
.. code-block:: none
@@ -28,21 +28,21 @@ Configuration
set container name mysql-server image quay.io/mysql:8.0
.. cfgcmd:: set container name <name> allow-host-networks
-
- Allow host networking in a container. The network stack of the container is
+
+ Allow host networking in a container. The network stack of the container is
not isolated from the host and will use the host IP.
The following commands translate to "--net host" when the container
- is created
+ is created
.. note:: **allow-host-networks** cannot be used with **network**
-.. cfgcmd:: set container name <name> network <networkname>
+.. cfgcmd:: set container name <name> network <networkname>
Attaches user-defined network to a container.
Only one network must be specified and must already exist.
-.. cfgcmd:: set container name <name> network <networkname> address <address>
+.. cfgcmd:: set container name <name> network <networkname> address <address>
Optionally set a specific static IPv4 or IPv6 address for the container.
This address must be within the named network prefix.
@@ -58,7 +58,7 @@ Configuration
Add custom environment variables.
Multiple environment variables are allowed.
The following commands translate to "-e key=value" when the container
- is created.
+ is created.
.. code-block:: none
@@ -88,7 +88,7 @@ Configuration
set container name coredns volume 'corefile' source /config/coredns/Corefile
set container name coredns volume 'corefile' destination /etc/Corefile
-
+
.. cfgcmd:: set container name <name> volume <volumename> mode <ro | rw>
Volume is either mounted as rw (read-write - default) or ro (read-only)
@@ -107,9 +107,9 @@ Configuration
- **always**: Restart containers when they exit, regardless of status, retrying indefinitely
.. cfgcmd:: set container name <name> memory <MB>
-
+
Constrain the memory available to the container.
-
+
Default is 512 MB. Use 0 MB for unlimited memory.
.. cfgcmd:: set container name <name> device <devicename> source <path>
@@ -117,7 +117,7 @@ Configuration
Add a host device to the container.
-.. cfgcmd:: container name <name> cap-add <text>
+.. cfgcmd:: set container name <name> cap-add <text>
Set container capabilities or permissions.
@@ -129,18 +129,49 @@ Configuration
- **sys-time**: Permission to set system clock
.. cfgcmd:: set container name <name> disable
-
+
Disable a container.
-.. cfgcmd:: set container network <networkname>
+Container Networks
+==================
+
+.. cfgcmd:: set container network <name>
Creates a named container network
+.. cfgcmd:: set container network <name> description
+
+ A brief description what this network is all about.
+
+.. cfgcmd:: set container network <name> prefix <ipv4|ipv6>
+
+ Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and
+ one IPv6 prefix can be used per network name.
+
+.. cfgcmd:: set container network <name> vrf <nme>
+
+ Bind container network to a given VRF instance.
+
+Container Registry
+==================
+
.. cfgcmd:: set container registry <name>
Adds registry to list of unqualified-search-registries. By default, for any
- image that does not include the registry in the image name, Vyos will use
- docker.io as the container registry.
+ image that does not include the registry in the image name, VyOS will use
+ docker.io and quay.io as the container registry.
+
+.. cfgcmd:: set container registry <name> disable
+
+ Disable a given container registry
+
+.. cfgcmd:: set container registry <name> authentication username
+.. cfgcmd:: set container registry <name> authentication password
+
+ Some container registries require credentials to be used.
+
+ Credentials can be defined here and will only be used when adding a
+ container image to the system.
******************
@@ -148,7 +179,7 @@ Operation Commands
******************
.. opcmd:: add container image <containername>
-
+
Pull a new image for container
.. opcmd:: show container
@@ -156,7 +187,7 @@ Operation Commands
Show the list of all active containers.
.. opcmd:: show container image
-
+
Show the local container images.
.. opcmd:: show container log <containername>
@@ -175,7 +206,10 @@ Operation Commands
Update container image
+.. opcmd:: delete container image [image id|all]
+ Delete a particular container image based on it's image ID.
+ You can also delete all container images at once.
*********************
Example Configuration
@@ -196,7 +230,7 @@ Example Configuration
set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix'
set container name mysql-server environment 'MYSQL_USER' value 'zabbix'
set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
- set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
+ set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest
set container name zabbix-java-gateway network zabbix
diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst
index b37e95a2..65081e1c 100644
--- a/docs/configuration/interfaces/pppoe.rst
+++ b/docs/configuration/interfaces/pppoe.rst
@@ -380,9 +380,13 @@ IPv6 DHCPv6-PD Example
.. stop_vyoslinter
-The following configuration will assign a /64 prefix out of a /56 delegation
-to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64.
-If you do not know the prefix size delegated to you, start with sla-len 0.
+The following configuration will setup a PPPoE session source from eth1 and
+assign a /64 prefix out of a /56 delegation (requested from the ISP) to eth0.
+The IPv6 address assigned to eth0 will be <prefix>::1/64. If you do not know
+the prefix size delegated to you, start with sla-len 0.
+
+In addition we setup IPv6 :abbr:`RA (Router Advertisements)` to make the
+prefix known on the eth0 link.
.. start_vyoslinter
@@ -395,3 +399,5 @@ If you do not know the prefix size delegated to you, start with sla-len 0.
set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56'
set interfaces pppoe pppoe0 ipv6 address autoconf
set interfaces pppoe pppoe0 source-interface eth1
+
+ set service router-advert interface eth0 prefix ::/64
diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst
index 1fea13ac..8fd6fbe8 100644
--- a/docs/configuration/pki/index.rst
+++ b/docs/configuration/pki/index.rst
@@ -2,6 +2,8 @@
.. include:: /_include/need_improvement.txt
+.. _pki:
+
###
PKI
###
@@ -118,12 +120,12 @@ OpenVPN
.. opcmd:: generate pki openvpn shared-secret
- Genearate a new OpenVPN shared secret. The generated secred is the output to
+ Genearate a new OpenVPN shared secret. The generated secret is the output to
the console.
.. opcmd:: generate pki openvpn shared-secret install <name>
- Genearate a new OpenVPN shared secret. The generated secred is the output to
+ Genearate a new OpenVPN shared secret. The generated secret is the output to
the console.
.. include:: pki_cli_import_help.txt
@@ -248,6 +250,35 @@ certificates used by services on this router.
If CA is present, this certificate will be included in generated CRLs
+Import files to PKI format
+--------------------------
+VyOS provides this utility to import existing certificates/key files directly
+into PKI from op-mode. Previous to VyOS 1.4, certificates were stored under the
+/config folder permanently and will be retained post upgrade.
+
+.. opcmd:: import pki ca <name> file <Path to CA certificate file>
+
+ Import the public CA certificate from the defined file to VyOS CLI.
+
+.. opcmd:: import pki ca <name> key-file <Path to private key file>
+
+ Import the CAs private key portion to the CLI. This should never leave the
+ system as it is used to decrypt the data. The key is required if you use
+ VyOS as your certificate generator.
+
+.. opcmd:: import pki certificate <name> file <path to certificate>
+
+ Import the certificate from the file to VyOS CLI.
+
+.. opcmd:: import pki certificate <name> key-file <path to private key>
+
+ Import the private key of the certificate to the VyOS CLI. This should never
+ leave the system as it is used to decrypt the data.
+
+.. opcmd:: import pki openvpn shared-secret <name> file <path to OpenVPN secret key>
+
+ Import the OpenVPN shared secret stored in file to the VyOS CLI.
+
ACME
^^^^
diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst
index 468b39d9..d43f2385 100644
--- a/docs/configuration/service/conntrack-sync.rst
+++ b/docs/configuration/service/conntrack-sync.rst
@@ -98,6 +98,10 @@ Configuration
This diable the external cache and directly injects the flow-states into the
in-kernel Connection Tracking System of the backup firewall.
+.. cfgcmd:: set service conntrack-sync disable-syslog
+
+ Disable connection logging via Syslog.
+
*********
Operation
*********
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst
index e430dc73..c6deb179 100644
--- a/docs/configuration/service/dns.rst
+++ b/docs/configuration/service/dns.rst
@@ -143,33 +143,6 @@ avoid being tracked by the provider of your upstream DNS server.
168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream
DNS server(s) to be used for reverse lookups of these zones.
-.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535>
-
- Maximum number of times an expired record’s TTL is extended by 30s when
- serving stale. Extension only occurs if a record cannot be refreshed. A
- value of 0 means the Serve Stale mechanism is not used. To allow records
- becoming stale to be served for an hour, use a value of 120.
-
-.. cfgcmd:: set service dns forwarding exclude-throttle-address <ip|prefix>
-
- When an authoritative server does not answer a query or sends a reply the
- recursor does not like, it is throttled. Any servers matching the supplied
- netmasks will never be throttled.
-
-.. cfgcmd:: set service dns forwarding options ecs-add-for <address>
-
- The requestor netmask for which the requestor IP Address should be used as the
- EDNS Client Subnet for outgoing queries.
-
-.. cfgcmd:: set service dns forwarding options ecs-ipv4-bits <number>
-
- Number of bits of client IPv4 address to pass when sending EDNS Client Subnet
- address information.
-
-.. cfgcmd:: set service dns forwarding options edns-subnet-allow-list <address|domain>
-
- The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries.
-
Example
=======
@@ -231,8 +204,8 @@ this only one purpose.
ddclient_ uses two methods to update a DNS record. The first one will send
updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second
-one involves a third party service, like DynDNS.com or any other similar
-website. This method uses HTTP requests to transmit the new IP address. You
+one involves a third party service, like DynDNS.com or any other such
+service provider. This method uses HTTP requests to transmit the new IP address. You
can configure both in VyOS.
.. _dns:dynmaic_config:
@@ -243,46 +216,43 @@ Configuration
:rfc:`2136` Based
-----------------
-.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name>
+.. cfgcmd:: set service dns dynamic name <service-name> address interface <interface>
- Create new :rfc:`2136` DNS update configuration which will update the IP
+ Create new dynamic DNS update configuration which will update the IP
address assigned to `<interface>` on the service you configured under
`<service-name>`.
-.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name>
- key <keyfile>
+.. cfgcmd:: set service dns dynamic name <service-name> description <text>
+
+ Set description `<text>` for dynamic DNS service being configured.
+
+.. cfgcmd:: set service dns dynamic name <service-name> key <filename>
- File identified by `<keyfile>` containing the secret RNDC key shared with
- remote DNS server.
+ File identified by `<filename>` containing the TSIG authentication key for RFC2136
+ nsupdate on remote DNS server.
-.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name>
- server <server>
+.. cfgcmd:: set service dns dynamic name <service-name> server <server>
Configure the DNS `<server>` IP/FQDN used when updating this dynamic
assignment.
-.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name>
- zone <zone>
+.. cfgcmd:: set service dns dynamic name <service-name> zone <zone>
Configure DNS `<zone>` to be updated.
-.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name>
- record <record>
+.. cfgcmd:: set service dns dynamic name <service-name> host-name <record>
- Configure DNS `<record>` which should be updated. This can be set multiple
- times.
+ Configure DNS `<record>` which should be updated. This can be set multiple times.
-.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name>
- ttl <ttl>
+.. cfgcmd:: set service dns dynamic name <service-name> ttl <ttl>
Configure optional TTL value on the given resource record. This defaults to
600 seconds.
-.. cfgcmd:: set service dns dynamic timeout <60-3600>
+.. cfgcmd:: set service dns dynamic interval <60-3600>
- Specify timeout / update interval to check if IP address changed.
-
- This defaults to 300 seconds.
+ Specify interval in seconds to wait between Dynamic DNS updates.
+ The default is 300 seconds.
.. _dns:dynmaic_example:
@@ -295,32 +265,48 @@ Example
.. code-block:: none
+ # Configuration commands entered:
+ #
+ set service dns dynamic name 'VyOS-DNS' address interface 'eth0'
+ set service dns dynamic name 'VyOS-DNS' description 'RFC 2136 dynamic dns service'
+ set service dns dynamic name 'VyOS-DNS' key '/config/auth/my.key'
+ set service dns dynamic name 'VyOS-DNS' server 'ns1.vyos.io'
+ set service dns dynamic name 'VyOS-DNS' zone 'vyos.io'
+ set service dns dynamic name 'VyOS-DNS' host-name 'example.vyos.io'
+ set service dns dynamic name 'VyOS-DNS' protocol 'nsupdate'
+ set service dns dynamic name 'VyOS-DNS' ttl '300'
+
+ # Resulting config:
+ #
vyos@vyos# show service dns dynamic
- interface eth0.7 {
- rfc2136 VyOS-DNS {
- key /config/auth/my.key
- record example.vyos.io
- server ns1.vyos.io
- ttl 300
- zone vyos.io
+ name VyOS-DNS {
+ address {
+ interface eth0
}
+ description "RFC 2136 dynamic dns service"
+ host-name example.vyos.io
+ key /config/auth/my.key
+ protocol nsupdate
+ server ns1.vyos.io
+ ttl 300
+ zone vyos.io
}
This will render the following ddclient_ configuration entry:
.. code-block:: none
+ # ddclient configuration for interface "eth0":
#
- # ddclient configuration for interface "eth0.7":
- #
- use=if, if=eth0.7
-
- # RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io
- server=ns1.vyos.io
- protocol=nsupdate
- password=/config/auth/my.key
- ttl=300
- zone=vyos.io
+
+ # Web service dynamic DNS configuration for VyOS-DNS: [nsupdate, example.vyos.io]
+ use=if, \
+ if=eth0, \
+ protocol=nsupdate, \
+ server=ns1.vyos.io, \
+ zone=vyos.io, \
+ password='/config/auth/my.key', \
+ ttl=300 \
example.vyos.io
.. note:: You can also keep different DNS zone updated. Just create a new
@@ -335,40 +321,43 @@ VyOS is also able to use any service relying on protocols supported by ddclient.
To use such a service, one must define a login, password, one or multiple
hostnames, protocol and server.
-.. cfgcmd:: set service dns dynamic address <interface> service <service>
- host-name <hostname>
+.. cfgcmd:: set service dns dynamic name <service-name> address interface <interface>
+
+ Create new dynamic DNS update configuration which will update the IP
+ address assigned to `<interface>` on the service you configured under
+ `<service-name>`.
+
+.. cfgcmd:: set service dns dynamic name <service-name> description <text>
+
+ Set description `<text>` for dynamic DNS service being configured.
+
+.. cfgcmd:: set service dns dynamic name <service-name> host-name <hostname>
Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
- provider identified by `<service>` when the IP address on address
- `<interface>` changes.
+ provider identified by `<service-name>`.
-.. cfgcmd:: set service dns dynamic address <interface> service <service>
- username <username>
+.. cfgcmd:: set service dns dynamic name <service-name> username <username>
Configure `<username>` used when authenticating the update request for
- DynDNS service identified by `<service>`.
- For Namecheap, set the <domain> you wish to update.
+ DynDNS service identified by `<service-name>`.
-.. cfgcmd:: set service dns dynamic address <interface> service <service>
- password <password>
+.. cfgcmd:: set service dns dynamic name <service-name> password <password>
Configure `<password>` used when authenticating the update request for
- DynDNS service identified by `<service>`.
+ DynDNS service identified by `<service-name>`.
-.. cfgcmd:: set service dns dynamic address <interface> service <service>
- protocol <protocol>
+.. cfgcmd:: set service dns dynamic name <service-name> protocol <protocol>
- When a ``custom`` DynDNS provider is used the protocol used for communicating
+ When a ``custom`` DynDNS provider is used, the protocol used for communicating
to the provider must be specified under `<protocol>`. See the embedded
- completion helper for available protocols.
+ completion helper when entering above command for available protocols.
-.. cfgcmd:: set service dns dynamic address <interface> service <service>
- server <server>
+.. cfgcmd:: set service dns dynamic name <service-name> server <server>
When a ``custom`` DynDNS provider is used the `<server>` where update
requests are being sent to must be specified.
-.. cfgcmd:: set service dns dynamic address <interface> ipv6-enable
+.. cfgcmd:: set service dns dynamic name <service-name> ip-version 'ipv6'
Allow explicit IPv6 address for the interface.
@@ -376,14 +365,17 @@ hostnames, protocol and server.
Example:
^^^^^^^^
-Use DynDNS as your preferred provider:
+Use deSEC (dedyn.io) as your preferred provider:
.. code-block:: none
- set service dns dynamic address eth0 service dyndns
- set service dns dynamic address eth0 service dyndns username my-login
- set service dns dynamic address eth0 service dyndns password my-password
- set service dns dynamic address eth0 service dyndns host-name my-dyndns-hostname
+ set service dns dynamic name dedyn description 'deSEC dynamic dns service'
+ set service dns dynamic name dedyn username 'myusername'
+ set service dns dynamic name dedyn password 'mypassword'
+ set service dns dynamic name dedyn host-name 'myhostname.dedyn.io'
+ set service dns dynamic name dedyn protocol 'dyndns2'
+ set service dns dynamic name dedyn server 'update.dedyn.io'
+ set service dns dynamic name dedyn address interface 'eth0'
.. note:: Multiple services can be used per interface. Just specify as many
services per interface as you like!
@@ -393,12 +385,14 @@ Example IPv6 only:
.. code-block:: none
- set service dns dynamic address eth0 ipv6-enable
- set service dns dynamic address eth0 service dyndns6 username my-login
- set service dns dynamic address eth0 service dyndns6 password my-password
- set service dns dynamic address eth0 service dyndns6 host-name my-dyndns-hostname
- set service dns dynamic address eth0 service dyndns6 protocol dyndns2
- set service dns dynamic address eth0 service dyndns6 server dyndns-v6-server
+ set service dns dynamic name dedyn description 'deSEC ipv6 dynamic dns service'
+ set service dns dynamic name dedyn username 'myusername'
+ set service dns dynamic name dedyn password 'mypassword'
+ set service dns dynamic name dedyn host-name 'myhostname.dedyn.io'
+ set service dns dynamic name dedyn protocol 'dyndns2'
+ set service dns dynamic name dedyn ip-version 'ipv6'
+ set service dns dynamic name dedyn server 'update6.dedyn.io'
+ set service dns dynamic name dedyn address interface 'eth0'
Running Behind NAT
@@ -408,21 +402,15 @@ By default, ddclient_ will update a dynamic dns record using the IP address
directly attached to the interface. If your VyOS instance is behind NAT, your
record will be updated to point to your internal IP.
-Above, command syntax isn noted to configure dynamic dns on a specific interface.
-It is possible to overlook the additional address option, web, when completeing
-those commands. ddclient_ has another way to determine the WAN IP address, using
-a web-based url to determine the external IP. Each of the commands above will
-need to be modified to use 'web' as the 'interface' specified if this functionality
-is to be utilized.
-
-This functionality is controlled by adding the following configuration:
+ddclient_ has another way to determine the WAN IP address. This is controlled
+by:
-.. cfgcmd:: set service dns dynamic address web web-options url <url>
+.. cfgcmd:: set service dns dynamic name <service-name> address web <url>
Use configured `<url>` to determine your IP address. ddclient_ will load
`<url>` and tries to extract your IP address from the response.
-.. cfgcmd:: set service dns dynamic address web web-options skip <pattern>
+.. cfgcmd:: set service dns dynamic name <service-name> address web skip <pattern>
ddclient_ will skip any address located before the string set in `<pattern>`.
diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst
index ed4ade1a..64048552 100644
--- a/docs/configuration/service/ipoe-server.rst
+++ b/docs/configuration/service/ipoe-server.rst
@@ -1,5 +1,3 @@
-.. include:: /_include/need_improvement.txt
-
.. _ipoe_server:
###########
@@ -24,8 +22,9 @@ functionality as PPPoE, but in a less robust manner.
will restart the ppp daemon and will reset existing IPoE sessions,
in order to become effective.
-Configuration
-=============
+***********************
+Configuring IPoE Server
+***********************
IPoE can be configure on different interfaces, it will depend on each specific
situation which interface will provide IPoE to clients. The clients mac address
@@ -39,158 +38,413 @@ the configuration.
.. code-block:: none
- set service ipoe-server authentication interface eth2 mac 08:00:27:2f:d8:06
- set service ipoe-server authentication mode 'local'
- set service ipoe-server name-server '10.10.1.1'
- set service ipoe-server name-server '10.10.1.2'
- set service ipoe-server interface eth2 client-subnet '192.168.0.0/24'
+ set interfaces ethernet eth1 address '192.168.0.1/24'
+ set service ipoe-server authentication interface eth1.100 mac 00:50:79:66:68:00
+ set service ipoe-server authentication interface eth1.101 mac 00:50:79:66:68:01
+ set service ipoe-server authentication mode 'local'
+ set service ipoe-server client-ip-pool IPOE-POOL range '192.168.0.2-192.168.0.254'
+ set service ipoe-server default-pool 'IPOE-POOL'
+ set service ipoe-server gateway-address '192.168.0.1/24'
+ set service ipoe-server interface eth1 mode 'l2'
+ set service ipoe-server interface eth1 network 'vlan'
+ set service ipoe-server interface eth1 vlan '100-200'
-The first address of the parameter ``client-subnet``, will be used as the
-default gateway. Connected sessions can be checked via the ``show ipoe-server
-sessions`` command.
+.. cfgcmd:: set service ipoe-server authentication interface <interface> mac <MAC>
-.. code-block:: none
+ Creates local IPoE user with username=**<interface>** and
+ password=**<MAC>** (mac-address)
- vyos@vyos:~$ show ipoe-server sessions
+.. cfgcmd:: set service ipoe-server authentication mode <local | radius>
- ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid
- -------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
- ipoe0 | eth2 | 08:00:27:2f:d8:06 | 192.168.0.2 | | | | active | 00:45:05 | dccc870fd3134612
+ Set authentication backend. The configured authentication backend is used
+ for all queries.
+ * **radius**: All authentication queries are handled by a configured RADIUS
+ server.
+ * **local**: All authentication queries are handled locally.
+ * **noauth**: Authentication disabled
-IPv6 SLAAC and IA-PD
---------------------
+.. cfgcmd:: set service ipoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
-To configure IPv6 assignments for clients, two options need to be configured.
-A global prefix which is terminated on the clients cpe and a delegated prefix,
-the client can use for devices routed via the clients cpe.
+ Use this command to define the first IP address of a pool of
+ addresses to be given to IPoE clients. If notation ``x.x.x.x-x.x.x.x``,
+ it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
+ used there is possibility to set host/netmask.
-IPv6 DNS addresses are optional.
+.. cfgcmd:: set service ipoe-server default-pool <POOL-NAME>
-.. code-block:: none
+ Use this command to define default address pool name.
- set service ipoe-server authentication interface eth3 mac 08:00:27:2F:D8:06
- set service ipoe-server authentication mode 'local'
- set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:1::/48' delegation-prefix '56'
- set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8::/48' mask '64'
- set service ipoe-server default-ipv6-pool IPv6-POOL
- set service ipoe-server name-server '2001:db8::'
- set service ipoe-server name-server '2001:db8:aaa::'
- set service ipoe-server name-server '2001:db8:bbb::'
- set service ipoe-server interface eth3 client-subnet '192.168.1.0/24'
+.. cfgcmd:: set service ipoe-server gateway-address <x.x.x.x/x>
+
+ Specifies address to be used as server ip address if radius can assign
+ only client address. In such case if client address is matched network
+ and mask then specified address and mask will be used. You can specify
+ multiple such options.
+
+.. cfgcmd:: set service ipoe-server interface <interface> mode <l2 | l3>
+
+ Set authentication backend. The configured authentication backend is used
+ for all queries.
+
+ * **l2**: It means that clients are on same network where interface
+ is.**(default)**
+ * **local**: It means that client are behind some router.
+
+.. cfgcmd:: set service ipoe-server interface <interface> network <shared | vlan>
+
+ Specify where interface is shared by multiple users or it is vlan-per-user.
+
+ * **shared**: Multiple clients share the same network. **(default)**
+ * **vlan**: One VLAN per client.
.. code-block:: none
- vyos@ipoe-server# run sh ipoe-server sessions
- ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid
- -------+------------+-------------------+-------------+---------------------------------+-----------------+------------+--------+----------+------------------
- ipoe0 | eth3 | 08:00:27:2f:d8:06 | 192.168.1.2 | 2001:db8::a00:27ff:fe2f:d806/64 | 2001:db8:1::/56 | | active | 01:02:59 | 4626faf71b12cc25
+ vyos@vyos:~$ show ipoe-server sessions
+ ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime
+ --------+----------+-------------------+-------------+------------+------+------+--------+----------
+ ipoe0 | eth1.100 | 00:50:79:66:68:00 | 192.168.0.2 | | ipoe | | active | 00:04:55
+ ipoe1 | eth1.101 | 00:50:79:66:68:01 | 192.168.0.3 | | ipoe | | active | 00:04:44
-The clients :abbr:`CPE (Customer Premises Equipment)` can now communicate via
-IPv4 or IPv6. All devices behind ``2001:db8::a00:27ff:fe2f:d806/64`` can use
-addresses from ``2001:db8:1::/56`` and can globally communicate without the
-need of any NAT rules.
-Automatic VLAN creation
------------------------
+*********************************
+Configuring RADIUS authentication
+*********************************
-To create VLANs per user during runtime, the following settings are required on
-a per interface basis. VLAN ID and VLAN range can be present in the
-configuration at the same time.
+To enable RADIUS based authentication, the authentication mode needs to be
+changed within the configuration. Previous settings like the local users, still
+exists within the configuration, however they are not used if the mode has been
+changed from local to radius. Once changed back to local, it will use all local
+accounts again.
.. code-block:: none
- set service ipoe-server interface eth2 network vlan
- set service ipoe-server interface eth2 vlan-id 100
- set service ipoe-server interface eth2 vlan-id 200
- set service ipoe-server interface eth2 vlan-range 1000-2000
- set service ipoe-server interface eth2 vlan-range 2500-2700
+ set service ipoe-server authentication mode radius
+
+.. cfgcmd:: set service ipoe-server authentication radius server <server> key <secret>
-RADIUS Setup
-------------
+ Configure RADIUS `<server>` and its required shared `<secret>` for
+ communicating with the RADIUS server.
-To use a RADIUS server for authentication and bandwidth-shaping, the following
-example configuration can be used.
+Since the RADIUS server would be a single point of failure, multiple RADIUS
+servers can be setup and will be used subsequentially.
+For example:
.. code-block:: none
- set service ipoe-server authentication mode 'radius'
- set service ipoe-server authentication radius server 10.100.100.1 key 'password'
+ set service ipoe-server authentication radius server 10.0.0.1 key 'foo'
+ set service ipoe-server authentication radius server 10.0.0.2 key 'foo'
-Bandwidth Shaping
-=================
+.. note:: Some RADIUS severs use an access control list which allows or denies
+ queries, make sure to add your VyOS router to the allowed client list.
-Bandwidth rate limits can be set for local users within the configuration or
-via RADIUS based attributes.
+RADIUS source address
+=====================
-Bandwidth Shaping for local users
----------------------------------
+If you are using OSPF as IGP, always the closest interface connected to the
+RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests
+to a single source IP e.g. the loopback interface.
-The rate-limit is set in kbit/sec.
+.. cfgcmd:: set service ipoe-server authentication radius source-address <address>
-.. code-block:: none
+ Source IPv4 address used in all RADIUS server queires.
+
+.. note:: The ``source-address`` must be configured on one of VyOS interface.
+ Best practice would be a loopback or dummy interface.
+
+RADIUS advanced options
+=======================
+
+.. cfgcmd:: set service ipoe-server authentication radius server <server> port <port>
+
+ Configure RADIUS `<server>` and its required port for authentication requests.
+
+.. cfgcmd:: set service ipoe-server authentication radius server <server> fail-time <time>
+
+ Mark RADIUS server as offline for this given `<time>` in seconds.
+
+.. cfgcmd:: set service ipoe-server authentication radius server <server> disable
+
+ Temporary disable this RADIUS server.
+
+.. cfgcmd:: set service ipoe-server authentication radius acct-timeout <timeout>
+
+ Timeout to wait reply for Interim-Update packets. (default 3 seconds)
+
+.. cfgcmd:: set service ipoe-server authentication radius dynamic-author server <address>
+
+ Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
+
+.. cfgcmd:: set service ipoe-server authentication radius dynamic-author port <port>
+
+ Port for Dynamic Authorization Extension server (DM/CoA)
+
+.. cfgcmd:: set service ipoe-server authentication radius dynamic-author key <secret>
+
+ Secret for Dynamic Authorization Extension server (DM/CoA)
+
+.. cfgcmd:: set service ipoe-server authentication radius max-try <number>
+
+ Maximum number of tries to send Access-Request/Accounting-Request queries
+
+.. cfgcmd:: set service ipoe-server authentication radius timeout <timeout>
+
+ Timeout to wait response from server (seconds)
+
+.. cfgcmd:: set service ipoe-server authentication radius nas-identifier <identifier>
+
+ Value to send to RADIUS server in NAS-Identifier attribute and to be matched
+ in DM/CoA requests.
+
+.. cfgcmd:: set service ipoe-server authentication radius nas-ip-address <address>
+
+ Value to send to RADIUS server in NAS-IP-Address attribute and to be matched
+ in DM/CoA requests. Also DM/CoA server will bind to that address.
+
+.. cfgcmd:: set service ipoe-server authentication radius source-address <address>
+
+ Source IPv4 address used in all RADIUS server queires.
+
+.. cfgcmd:: set service ipoe-server authentication radius rate-limit attribute <attribute>
+
+ Specifies which RADIUS server attribute contains the rate limit information.
+ The default attribute is `Filter-Id`.
+
+.. note:: If you set a custom RADIUS attribute you must define it on both
+ dictionaries at RADIUS server and client.
+
+.. cfgcmd:: set service ipoe-server authentication radius rate-limit enable
+
+ Enables bandwidth shaping via RADIUS.
+
+.. cfgcmd:: set service ipoe-server authentication radius rate-limit vendor
+
+ Specifies the vendor dictionary, dictionary needs to be in
+ /usr/share/accel-ppp/radius.
+
+Received RADIUS attributes have a higher priority than parameters defined within
+the CLI configuration, refer to the explanation below.
+
+Allocation clients ip addresses by RADIUS
+=========================================
+
+If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP
+address will be allocated to the client and the option ``default-pool`` within the CLI
+config is being ignored.
+
+If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated
+from a predefined IP pool whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address
+will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6
+delegation pefix will be allocated from a predefined IPv6 pool ``delegate``
+whose name equals the attribute value.
+
+.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in
+ RFC6911. If they are not defined in your RADIUS server, add new dictionary_.
- set service ipoe-server authentication interface eth2 mac 08:00:27:2f:d8:06 rate-limit download '500'
- set service ipoe-server authentication interface eth2 mac 08:00:27:2f:d8:06 rate-limit upload '500'
- set service ipoe-server authentication mode 'local'
- set service ipoe-server name-server '10.10.1.1'
- set service ipoe-server name-server '10.10.1.2'
- set service ipoe-server interface eth2 client-subnet '192.168.0.0/24'
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change
+it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_.
+Define it in your RADIUS server.
+
+****
+IPv6
+****
+
+.. cfgcmd:: set service ipoe-server client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
+ mask <number-of-bits>
+
+ Use this comand to set the IPv6 address pool from which an IPoE client
+ will get an IPv6 prefix of your defined length (mask) to terminate the
+ IPoE endpoint at their side. The mask length can be set from 48 to 128
+ bit long, the default value is 64.
+
+.. cfgcmd:: set service ipoe-server client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
+ delegation-prefix <number-of-bits>
+
+ Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
+ IPoE. You will have to set your IPv6 pool and the length of the
+ delegation prefix. From the defined IPv6 pool you will be handing out
+ networks of the defined length (delegation-prefix). The length of the
+ delegation prefix can be set from 32 to 64 bit long.
+
+.. cfgcmd:: set service ipoe-server default-ipv6-pool <IPv6-POOL-NAME>
+
+ Use this command to define default IPv6 address pool name.
.. code-block:: none
- vyos@vyos# run show ipoe-server sessions
+ set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56'
+ set service ipoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64'
+ set service ipoe-server default-ipv6-pool IPv6-POOL
+
+*********
+Scripting
+*********
+
+.. cfgcmd:: set service ipoe-server extended-scripts on-change <path_to_script>
+
+ Script to run when session interface changed by RADIUS CoA handling
+
+.. cfgcmd:: set service ipoe-server extended-scripts on-down <path_to_script>
+
+ Script to run when session interface going to terminate
+
+.. cfgcmd:: set service ipoe-server extended-scripts on-pre-up <path_to_script>
+
+ Script to run before session interface comes up
+
+.. cfgcmd:: set service ipoe-server extended-scripts on-up <path_to_script>
+
+ Script to run when session interface is completely configured and started
+
+****************
+Advanced Options
+****************
+
+Authentication Advanced Options
+===============================
+
+.. cfgcmd:: set service ipoe-server authentication interface <interface> mac <MAC> vlan
+ <vlan-id>
+
+ VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>
+
+.. cfgcmd:: set service ipoe-server authentication interface <interface> mac <MAC> rate-limit
+ download <bandwidth>
+
+ Download bandwidth limit in kbit/s for user on interface `<interface>`.
+
+.. cfgcmd:: set service ipoe-server authentication interface <interface> mac <MAC> rate-limit
+ upload <bandwidth>
+
+ Upload bandwidth limit in kbit/s for for user on interface `<interface>`.
+
+Client IP Pool Advanced Options
+===============================
+
+.. cfgcmd:: set service ipoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
- ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid
- -------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
- ipoe0 | eth2 | 08:00:27:2f:d8:06 | 192.168.0.2 | | | 500/500 | active | 00:00:05 | dccc870fd31349fb
+ Use this command to define the next address pool name.
-Example
-=======
+Advanced Interface Options
+==============================
-* IPoE server will listen on interfaces eth1.50 and eth1.51
-* There are rate-limited and non rate-limited users (MACs)
+.. cfgcmd:: set service ipoe-server interface <interface> client-subnet <x.x.x.x/x>
-Server configuration
---------------------
+ Specify local range of ip address to give to dhcp clients. First IP in range is router IP.
+ If you need more customization use `client-ip-pool`
+
+.. cfgcmd:: set service ipoe-server interface <interface> external-dhcp dhcp-relay <x.x.x.x>
+
+ Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed.
+
+.. cfgcmd:: set service ipoe-server interface <interface> external-dhcp giaddr <x.x.x.x>
+
+ Specifies relay agent IP addre
+
+
+Global Advanced options
+=======================
+
+.. cfgcmd:: set service ipoe-server description <description>
+
+ Set description.
+
+.. cfgcmd:: set service ipoe-server limits burst <value>
+
+ Burst count
+
+.. cfgcmd:: set service ipoe-server limits connection-limit <value>
+
+ Acceptable rate of connections (e.g. 1/min, 60/sec)
+
+.. cfgcmd:: set service ipoe-server limits timeout <value>
+
+ Timeout in seconds
+
+.. cfgcmd:: set service ipoe-server max-concurrent-sessions
+
+ Maximum number of concurrent session start attempts
+
+.. cfgcmd:: set service ipoe-server name-server <address>
+
+ Connected client should use `<address>` as their DNS server. This
+ command accepts both IPv4 and IPv6 addresses. Up to two nameservers
+ can be configured for IPv4, up to three for IPv6.
+
+.. cfgcmd:: set service ipoe-server shaper fwmark <1-2147483647>
+
+ Match firewall mark value
+
+.. cfgcmd:: set service ipoe-server snmp master-agent
+
+ Enable SNMP
+
+**********
+Monitoring
+**********
+
+.. opcmd:: show ipoe-server sessions
+
+ Use this command to locally check the active sessions in the IPoE
+ server.
.. code-block:: none
- set interfaces dummy dum1000 address 100.64.0.1/32
- set interfaces dummy dum1000 address 2001:db8::1/128
+ vyos@vyos:~$ show ipoe-server sessions
+ ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime
+ ----------+----------+-------------------+-------------+------------+------+------+--------+----------
+ eth1.100 | eth1.100 | 0c:98:bd:b8:00:01 | 192.168.0.3 | | ipoe | | active | 03:03:58
- set interfaces ethernet eth1 description 'IPoE'
- set interfaces ethernet eth1 vif 50
- set interfaces ethernet eth1 vif 51
+.. code-block:: none
- set service ipoe-server authentication interface eth1.50 mac 00:0c:29:b7:49:a7
- set service ipoe-server authentication interface eth1.50 mac 00:0c:29:f0:be:4c rate-limit download '5000'
- set service ipoe-server authentication interface eth1.50 mac 00:0c:29:f0:be:4c rate-limit upload '5000'
- set service ipoe-server authentication interface eth1.51 mac 00:0c:29:b7:49:a7 rate-limit download '50000'
- set service ipoe-server authentication interface eth1.51 mac 00:0c:29:b7:49:a7 rate-limit upload '50000'
- set service ipoe-server authentication mode 'local'
-
- set service ipoe-server client-ipv6-pool IPv6-POOL delegate 2001:db8:ffff::/48 delegation-prefix '56'
- set service ipoe-server client-ipv6-pool IPv6-POOL prefix 2001:db8:fffe::/48 mask '64'
- set service ipoe-server default-ipv6-pool IPv6-POOL
- set service ipoe-server interface eth1.50 client-subnet '100.64.50.0/24'
- set service ipoe-server interface eth1.50 mode 'l2'
- set service ipoe-server interface eth1.51 client-subnet '100.64.51.0/24'
- set service ipoe-server interface eth1.51 mode 'l2'
- set service ipoe-server name-server '100.64.0.1'
- set service ipoe-server name-server '2001:db8::1'
-
-Client configuration
---------------------
+ vyos@vyos:~$ show ipoe-server statistics
+ uptime: 0.03:31:36
+ cpu: 0%
+ mem(rss/virt): 6044/101360 kB
+ core:
+ mempool_allocated: 148628
+ mempool_available: 144748
+ thread_count: 1
+ thread_active: 1
+ context_count: 10
+ context_sleeping: 0
+ context_pending: 0
+ md_handler_count: 6
+ md_handler_pending: 0
+ timer_count: 1
+ timer_pending: 0
+ sessions:
+ starting: 0
+ active: 1
+ finishing: 0
+ ipoe:
+ starting: 0
+ active: 1
+ delayed: 0
+
+**************
+Toubleshooting
+**************
.. code-block:: none
- set interfaces ethernet eth0 mac '00:0c:29:b7:49:a7'
+ vyos@vyos:~$sudo journalctl -u accel-ppp@ipoe -b 0
- set interfaces ethernet eth0 vif 50 address 'dhcp'
- set interfaces ethernet eth0 vif 50 address 'dhcpv6'
- set interfaces ethernet eth0 vif 50 dhcpv6-options pd 0 interface eth1 sla-id '1'
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:: recv [DHCPv4 Discover xid=55df9228 chaddr=0c:98:bd:b8:00:01 <Message-Type Discover> <Request-IP 192.168.0.3> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Classless-Route,Domain-Name,MTU>]
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: eth1.100: authentication succeeded
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: send [DHCPv4 Offer xid=55df9228 yiaddr=192.168.0.4 chaddr=0c:98:bd:b8:00:01 <Message-Type Offer> <Server-ID 192.168.0.1> <Lease-Time 600> <T1 300> <T2 525> <Router 192.168.0.1> <Subnet 255.255.255.0>]
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: recv [DHCPv4 Request xid=55df9228 chaddr=0c:98:bd:b8:00:01 <Message-Type Request> <Server-ID 192.168.0.1> <Request-IP 192.168.0.4> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Classless-Route,Domain-Name,MTU>]
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: ipoe: activate session
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: ipoe: no free IPv6 address
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: ipoe: session started
+ Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: send [DHCPv4 Ack xid=55df9228 yiaddr=192.168.0.4 chaddr=0c:98:bd:b8:00:01 <Message-Type Ack> <Server-ID 192.168.0.1> <Lease-Time 600> <T1 300> <T2 525> <Router 192.168.0.1> <Subnet 255.255.255.0>]
.. include:: /_include/common-references.txt
+.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911
+.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel \ No newline at end of file
diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst
index 56fcb968..99b3fbb5 100644
--- a/docs/configuration/service/pppoe-server.rst
+++ b/docs/configuration/service/pppoe-server.rst
@@ -13,13 +13,20 @@ be used with local authentication or a connected RADIUS server.
changes/commits will restart the ppp daemon and will reset existing
PPPoE connections from connected users, in order to become effective.
-Configuration
-=============
+************************
+Configuring PPPoE Server
+************************
+.. code-block:: none
-First steps
------------
-
+ set service pppoe-server access-concentrator PPPoE-Server
+ set service pppoe-server authentication mode local
+ set service pppoe-server authentication local-users username test password 'test'
+ set service pppoe-server client-ip-pool PPPOE-POOL range 192.168.255.2-192.168.255.254
+ set service pppoe-server default-pool 'PPPOE-POOL'
+ set service pppoe-server outside-address 192.0.2.2
+ set service pppoe-server gateway-address 192.168.255.1
+ set service pppoe-server interface eth0
.. cfgcmd:: set service pppoe-server access-concentrator <name>
@@ -28,14 +35,30 @@ First steps
.. cfgcmd:: set service pppoe-server authentication mode <local | radius>
- Use this command to define whether your PPPoE clients will locally
- authenticate in your VyOS system or in RADIUS server.
+ Set authentication backend. The configured authentication backend is used
+ for all queries.
+
+ * **radius**: All authentication queries are handled by a configured RADIUS
+ server.
+ * **local**: All authentication queries are handled locally.
+ * **noauth**: Authentication disabled.
.. cfgcmd:: set service pppoe-server authentication local-users username
<name> password <password>
- Use this command to configure the username and the password of a
- locally configured user.
+ Create `<user>` for local authentication on this system. The users password
+ will be set to `<pass>`.
+
+.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
+
+ Use this command to define the first IP address of a pool of
+ addresses to be given to pppoe clients. If notation ``x.x.x.x-x.x.x.x``,
+ it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
+ used there is possibility to set host/netmask.
+
+.. cfgcmd:: set service pppoe-server default-pool <POOL-NAME>
+
+ Use this command to define default address pool name.
.. cfgcmd:: set service pppoe-server interface <interface>
@@ -44,124 +67,170 @@ First steps
.. cfgcmd:: set service pppoe-server gateway-address <address>
- Use this command to configure the local gateway IP address.
+ Specifies single `<gateway>` IP address to be used as local address of PPP
+ interfaces.
-.. cfgcmd:: set service pppoe-server name-server <address>
- Use this command to set the IPv4 or IPv6 address of every Doman Name
- Server you want to configure. They will be propagated to PPPoE
- clients.
+*********************************
+Configuring RADIUS authentication
+*********************************
+To enable RADIUS based authentication, the authentication mode needs to be
+changed within the configuration. Previous settings like the local users, still
+exists within the configuration, however they are not used if the mode has been
+changed from local to radius. Once changed back to local, it will use all local
+accounts again.
-Client Address Pools
---------------------
+.. code-block:: none
-To automatically assign the client an IP address as tunnel endpoint, a
-client IP pool is needed. The source can be either RADIUS or a
-named pool. There is possibility to create multiple named pools.
-Each named pool can include only one address range. To use multiple
-address ranges configure ``next-pool`` option.
+ set service pppoe-server authentication mode radius
+.. cfgcmd:: set service pppoe-server authentication radius server <server> key <secret>
-**Client IP address via IP range definition**
+ Configure RADIUS `<server>` and its required shared `<secret>` for
+ communicating with the RADIUS server.
-.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
+Since the RADIUS server would be a single point of failure, multiple RADIUS
+servers can be setup and will be used subsequentially.
+For example:
- Use this command to define the IP address range to be given
- to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``,
- it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
- used there is possibility to set host/netmask.
+.. code-block:: none
-.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
+ set service pppoe-server authentication radius server 10.0.0.1 key 'foo'
+ set service pppoe-server authentication radius server 10.0.0.2 key 'foo'
- Use this command to define the next address pool name.
+.. note:: Some RADIUS severs use an access control list which allows or denies
+ queries, make sure to add your VyOS router to the allowed client list.
-.. cfgcmd:: set service pppoe-server default-pool <POOL-NAME>
+RADIUS source address
+=====================
- Use this command to define default address pool name.
+If you are using OSPF as IGP, always the closest interface connected to the
+RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests
+to a single source IP e.g. the loopback interface.
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server authentication radius source-address <address>
- set service pppoe-server client-ip-pool IP-POOL next-pool 'IP-POOL2'
- set service pppoe-server client-ip-pool IP-POOL range '10.0.10.5/24'
- set service pppoe-server client-ip-pool IP-POOL2 range '10.0.0.10-10.0.0.12'
- set service pppoe-server default-pool 'IP-POOL'
+ Source IPv4 address used in all RADIUS server queires.
+.. note:: The ``source-address`` must be configured on one of VyOS interface.
+ Best practice would be a loopback or dummy interface.
-**RADIUS based IP pools (Framed-IP-Address)**
+RADIUS advanced options
+=======================
-To use a radius server, you need to switch to authentication mode RADIUS
-and then configure it.
+.. cfgcmd:: set service pppoe-server authentication radius server <server> port <port>
-.. cfgcmd:: set service pppoe-server authentication radius server <address>
- key <secret>
+ Configure RADIUS `<server>` and its required port for authentication requests.
- Use this command to configure the IP address and the shared secret
- key of your RADIUS server. You can have multiple RADIUS servers
- configured if you wish to achieve redundancy.
+.. cfgcmd:: set service pppoe-server authentication radius server <server> fail-time <time>
+ Mark RADIUS server as offline for this given `<time>` in seconds.
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server authentication radius server <server> disable
- set service pppoe-server access-concentrator 'ACN'
- set service pppoe-server authentication mode 'radius'
- set service pppoe-server authentication radius server 10.1.100.1 key 'secret'
- set service pppoe-server interface 'eth1'
- set service pppoe-server gateway-address '10.1.1.2'
+ Temporary disable this RADIUS server.
-RADIUS provides the IP addresses in the example above via
-Framed-IP-Address.
+.. cfgcmd:: set service pppoe-server authentication radius acct-timeout <timeout>
-**RADIUS sessions management DM/CoA**
+ Timeout to wait reply for Interim-Update packets. (default 3 seconds)
-.. cfgcmd:: set service pppoe-server authentication radius dynamic-author
- <key | port | server>
+.. cfgcmd:: set service pppoe-server authentication radius dynamic-author server <address>
- Use this command to configure Dynamic Authorization Extensions to
- RADIUS so that you can remotely disconnect sessions and change some
- authentication parameters.
+ Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server authentication radius dynamic-author port <port>
- set service pppoe-server authentication radius dynamic-author key 'secret123'
- set service pppoe-server authentication radius dynamic-author port '3799'
- set service pppoe-server authentication radius dynamic-author server '10.1.1.2'
+ Port for Dynamic Authorization Extension server (DM/CoA)
+.. cfgcmd:: set service pppoe-server authentication radius dynamic-author key <secret>
-Example, from radius-server send command for disconnect client with
-username test
+ Secret for Dynamic Authorization Extension server (DM/CoA)
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server authentication radius max-try <number>
- root@radius-server:~# echo "User-Name=test" | radclient -x 10.1.1.2:3799
- disconnect secret123
+ Maximum number of tries to send Access-Request/Accounting-Request queries
-You can also use another attributes for identify client for disconnect,
-like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in
-log.
+.. cfgcmd:: set service pppoe-server authentication radius timeout <timeout>
-.. code-block:: none
+ Timeout to wait response from server (seconds)
- show log | match Disconnect*
+.. cfgcmd:: set service pppoe-server authentication radius nas-identifier <identifier>
-Example for changing rate-limit via RADIUS CoA.
+ Value to send to RADIUS server in NAS-Identifier attribute and to be matched
+ in DM/CoA requests.
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server authentication radius nas-ip-address <address>
+
+ Value to send to RADIUS server in NAS-IP-Address attribute and to be matched
+ in DM/CoA requests. Also DM/CoA server will bind to that address.
+
+.. cfgcmd:: set service pppoe-server authentication radius source-address <address>
+
+ Source IPv4 address used in all RADIUS server queires.
+
+.. cfgcmd:: set service pppoe-server authentication radius rate-limit attribute <attribute>
+
+ Specifies which RADIUS server attribute contains the rate limit information.
+ The default attribute is ``Filter-Id``.
- echo "User-Name=test,Filter-Id=5000/4000" | radclient 10.1.1.2:3799 coa
- secret123
+.. note:: If you set a custom RADIUS attribute you must define it on both
+ dictionaries at RADIUS server and client.
-Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit
-up-stream rate) If attribute Filter-Id redefined, replace it in RADIUS
-CoA request.
+.. cfgcmd:: set service pppoe-server authentication radius rate-limit enable
+
+ Enables bandwidth shaping via RADIUS.
+
+.. cfgcmd:: set service pppoe-server authentication radius rate-limit vendor
+
+ Specifies the vendor dictionary, dictionary needs to be in
+ /usr/share/accel-ppp/radius.
+
+Received RADIUS attributes have a higher priority than parameters defined within
+the CLI configuration, refer to the explanation below.
+
+Allocation clients ip addresses by RADIUS
+=========================================
+
+If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP
+address will be allocated to the client and the option ``default-pool`` within the CLI
+config is being ignored.
+
+If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated
+from a predefined IP pool whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address
+will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6
+delegation pefix will be allocated from a predefined IPv6 pool ``delegate``
+whose name equals the attribute value.
+.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in
+ RFC6911. If they are not defined in your RADIUS server, add new dictionary_.
+
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change
+it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_.
+Define it in your RADIUS server.
+
+Renaming clients interfaces by RADIUS
+=====================================
+
+If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be
+renamed.
+
+.. note:: The value of the attribute ``NAS-Port-Id`` must be less than 16
+ characters, otherwise the interface won't be renamed.
+
+
+***********************
Automatic VLAN Creation
------------------------
+***********************
.. cfgcmd:: set service pppoe-server interface <interface> vlan <id | range>
VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module
- named `vlan_mon`, which is monitoring incoming vlans and creates the
+ named ``vlan_mon``, which is monitoring incoming vlans and creates the
necessary VLAN if required and allowed. VyOS supports the use of either
VLAN ID's or entire ranges, both values can be defined at the same time for
an interface.
@@ -177,21 +246,26 @@ Automatic VLAN Creation
set service pppoe-server interface eth3 vlan 500-1000
set service pppoe-server interface eth3 vlan 2000-3000
-
+*****************
Bandwidth Shaping
------------------
+*****************
Bandwidth rate limits can be set for local users or RADIUS based
attributes.
For Local Users
-^^^^^^^^^^^^^^^
+===============
+
+.. cfgcmd:: set service pppoe-server authentication local-users username <user> rate-limit
+ download <bandwidth>
+
+ Download bandwidth limit in kbit/s for `<user>`.
-.. cfgcmd:: set service pppoe-server authentication local-users username <name>
- rate-limit <download | upload>
+.. cfgcmd:: set service pppoe-server authentication local-users username <user> rate-limit
+ upload <bandwidth>
+
+ Upload bandwidth limit in kbit/s for `<user>`.
- Use this command to configure a data-rate limit to PPPOoE clients for
- traffic download or upload. The rate-limit is set in kbit/sec.
.. code-block:: none
@@ -209,7 +283,7 @@ For Local Users
Once the user is connected, the user session is using the set limits and
-can be displayed via 'show pppoe-server sessions'.
+can be displayed via ``show pppoe-server sessions``.
.. code-block:: none
@@ -220,9 +294,9 @@ can be displayed via 'show pppoe-server sessions'.
For RADIUS users
-^^^^^^^^^^^^^^^^
+================
-The current attribute 'Filter-Id' is being used as default and can be
+The current attribute ``Filter-Id`` is being used as default and can be
setup within RADIUS:
Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit
@@ -238,9 +312,9 @@ setup and is working.
Other attributes can be used, but they have to be in one of the
dictionaries in */usr/share/accel-ppp/radius*.
-
+**************
Load Balancing
---------------
+**************
.. cfgcmd:: set service pppoe-server pado-delay <number-of-ms>
@@ -262,71 +336,222 @@ allows other PPPoE servers send PADO faster and clients will connect to
other servers. Last command says that this PPPoE server can serve only
3000 clients.
-
+****
IPv6
-----
+****
-IPv6 client's prefix
-^^^^^^^^^^^^^^^^^^^^
+.. cfgcmd:: set service pppoe-server ppp-options ipv6 <require | prefer | allow | deny>
-.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME>
- prefix <address> mask <number-of-bits>
+ Specifies IPv6 negotiation preference.
- Use this comand to set the IPv6 address pool from which a PPPoE
- client will get an IPv6 prefix of your defined length (mask) to
- terminate the PPPoE endpoint at their side. The mask length can be
- set from 48 to 128 bit long, the default value is 64.
+ * **require** - Require IPv6 negotiation
+ * **prefer** - Ask client for IPv6 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv6 only if client requests
+ * **deny** - Do not negotiate IPv6 (default value)
+.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
+ mask <number-of-bits>
-IPv6 Prefix Delegation
-^^^^^^^^^^^^^^^^^^^^^^
+ Use this comand to set the IPv6 address pool from which an PPPoE client
+ will get an IPv6 prefix of your defined length (mask) to terminate the
+ PPPoE endpoint at their side. The mask length can be set from 48 to 128
+ bit long, the default value is 64.
-.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME>
- delegate <address> delegation-prefix <number-of-bits>
+.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
+ delegation-prefix <number-of-bits>
- Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You
- will have to set your IPv6 pool and the length of the delegation
- prefix. From the defined IPv6 pool you will be handing out networks
- of the defined length (delegation-prefix). The length of the
- delegation prefix can be set from 32 to 64 bit long.
+ Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
+ PPPoE. You will have to set your IPv6 pool and the length of the
+ delegation prefix. From the defined IPv6 pool you will be handing out
+ networks of the defined length (delegation-prefix). The length of the
+ delegation prefix can be set from 32 to 64 bit long.
+.. cfgcmd:: set service pppoe-server default-ipv6-pool <IPv6-POOL-NAME>
-IPv6 default client's pool assignment
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ Use this command to define default IPv6 address pool name.
-.. cfgcmd:: set service pppoe-server default-ipv6-pool <POOL-NAME>
+.. code-block:: none
- Use this command to define default IPv6 address pool name.
+ set service pppoe-server ppp-options ipv6 allow
+ set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56'
+ set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64'
+ set service pppoe-server default-ipv6-pool IPv6-POOL
+IPv6 Advanced Options
+=====================
+.. cfgcmd:: set service pppoe-server ppp-options ipv6-accept-peer-interface-id
-Maintenance mode
-================
+ Accept peer interface identifier. By default is not defined.
+
+.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id <random | x:x:x:x>
+
+ Specifies fixed or random interface identifier for IPv6.
+ By default is fixed.
+
+ * **random** - Random interface identifier for IPv6
+ * **x:x:x:x** - Specify interface identifier for IPv6
+
+.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id <random | x:x:x:x>
+
+ Specifies peer interface identifier for IPv6. By default is fixed.
+
+ * **random** - Random interface identifier for IPv6
+ * **x:x:x:x** - Specify interface identifier for IPv6
+ * **ipv4-addr** - Calculate interface identifier from IPv4 address.
+ * **calling-sid** - Calculate interface identifier from calling-station-id.
+
+*********
+Scripting
+*********
-.. opcmd:: set pppoe-server maintenance-mode <enable | disable>
+.. cfgcmd:: set service pppoe-server extended-scripts on-change <path_to_script>
- For network maintenance, it's a good idea to direct users to a backup
- server so that the primary server can be safely taken out of service.
- It's possible to switch your PPPoE server to maintenance mode where
- it maintains already established connections, but refuses new
- connection attempts.
+ Script to run when session interface changed by RADIUS CoA handling
+.. cfgcmd:: set service pppoe-server extended-scripts on-down <path_to_script>
-Checking connections
+ Script to run when session interface going to terminate
+
+.. cfgcmd:: set service pppoe-server extended-scripts on-pre-up <path_to_script>
+
+ Script to run before session interface comes up
+
+.. cfgcmd:: set service pppoe-server extended-scripts on-up <path_to_script>
+
+ Script to run when session interface is completely configured and started
+
+****************
+Advanced Options
+****************
+
+Authentication Advanced Options
+===============================
+
+.. cfgcmd:: set service pppoe-server authentication local-users username <user> disable
+
+ Disable `<user>` account.
+
+.. cfgcmd:: set service pppoe-server authentication local-users username <user> static-ip
+ <address>
+
+ Assign static IP address to `<user>` account.
+
+.. cfgcmd:: set service pppoe-server authentication protocols
+ <pap | chap | mschap | mschap-v2>
+
+ Require the peer to authenticate itself using one of the following protocols:
+ pap, chap, mschap, mschap-v2.
+
+Client IP Pool Advanced Options
+===============================
+
+.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
+
+ Use this command to define the next address pool name.
+
+PPP Advanced Options
====================
-.. opcmd:: show pppoe-server sessions
+.. cfgcmd:: set service pppoe-server ppp-options disable-ccp
- Use this command to locally check the active sessions in the PPPoE
- server.
+ Disable Compression Control Protocol (CCP).
+ CCP is enabled by default.
+.. cfgcmd:: set service pppoe-server ppp-options interface-cache <number>
-.. code-block:: none
+ Specifies number of interfaces to keep in cache. It means that don’t
+ destroy interface after corresponding session is destroyed, instead
+ place it to cache and use it later for new sessions repeatedly.
+ This should reduce kernel-level interface creation/deletion rate lack.
+ Default value is **0**.
- show pppoe-server sessions
- ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
- -------+----------+------------+-------------------+-------------+--------+----------+----------+----------
- ppp0 | foo | 10.1.1.100 | 00:53:00:ba:db:15 | 20480/10240 | active | 00:00:11 | 214 B | 76 B
+.. cfgcmd:: set service pppoe-server ppp-options ipv4 <require | prefer | allow | deny>
+
+ Specifies IPv4 negotiation preference.
+
+ * **require** - Require IPv4 negotiation
+ * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv4 only if client requests (Default value)
+ * **deny** - Do not negotiate IPv4
+
+.. cfgcmd:: set service pppoe-server ppp-options lcp-echo-failure <number>
+
+ Defines the maximum `<number>` of unanswered echo requests. Upon reaching the
+ value `<number>`, the session will be reset. Default value is **3**.
+
+.. cfgcmd:: set service pppoe-server ppp-options lcp-echo-interval <interval>
+
+ If this option is specified and is greater than 0, then the PPP module will
+ send LCP pings of the echo request every `<interval>` seconds.
+ Default value is **30**.
+
+.. cfgcmd:: set service pppoe-server ppp-options lcp-echo-timeout
+
+ Specifies timeout in seconds to wait for any peer activity. If this option
+ specified it turns on adaptive lcp echo functionality and "lcp-echo-failure"
+ is not used. Default value is **0**.
+
+.. cfgcmd:: set service pppoe-server ppp-options min-mtu <number>
+
+ Defines minimum acceptable MTU. If client will try to negotiate less then
+ specified MTU then it will be NAKed or disconnected if rejects greater MTU.
+ Default value is **100**.
+
+.. cfgcmd:: set service pppoe-server ppp-options mppe <require | prefer | deny>
+
+ Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation
+ preference.
+ * **require** - ask client for mppe, if it rejects drop connection
+ * **prefer** - ask client for mppe, if it rejects don't fail. (Default value)
+ * **deny** - deny mppe
+
+ Default behavior - don't ask client for mppe, but allow it if client wants.
+ Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy
+ attribute.
+
+.. cfgcmd:: set service pppoe-server ppp-options mru <number>
+
+ Defines preferred MRU. By default is not defined.
+
+Global Advanced options
+=======================
+
+.. cfgcmd:: set service pppoe-server description <description>
+
+ Set description.
+
+.. cfgcmd:: set service pppoe-server limits burst <value>
+
+ Burst count
+
+.. cfgcmd:: set service pppoe-server limits connection-limit <value>
+
+ Acceptable rate of connections (e.g. 1/min, 60/sec)
+
+.. cfgcmd:: set service pppoe-server limits timeout <value>
+
+ Timeout in seconds
+
+.. cfgcmd:: set service pppoe-server mtu
+
+ Maximum Transmission Unit (MTU) (default: **1492**)
+
+.. cfgcmd:: set service pppoe-server max-concurrent-sessions
+
+ Maximum number of concurrent session start attempts
+
+.. cfgcmd:: set service pppoe-server name-server <address>
+
+ Connected client should use `<address>` as their DNS server. This
+ command accepts both IPv4 and IPv6 addresses. Up to two nameservers
+ can be configured for IPv4, up to three for IPv6.
+
+.. cfgcmd:: set service pppoe-server service-name <names>
+
+ Specifies Service-Name to respond. If absent any Service-Name is
+ acceptable and client’s Service-Name will be sent back. Also possible
+ set multiple service-names: `sn1,sn2,sn3`
Per default the user session is being replaced if a second
authentication request succeeds. Such session requests can be either
@@ -335,23 +560,48 @@ user in the latter case. If it is denied, the second session is being
rejected even if the authentication succeeds, the user has to terminate
its first session and can then authentication again.
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server session-control
+
+ * **disable**: Disables session control.
+ * **deny**: Deny second session authorization.
+ * **replace**: Terminate first session when second is authorized **(default)**
+
+.. cfgcmd:: set service pppoe-server shaper fwmark <1-2147483647>
- vyos@# set service pppoe-server session-control
- Possible completions:
- disable Disables session control
- deny Deny second session authorization
+ Match firewall mark value
+.. cfgcmd:: set service pppoe-server snmp master-agent
+ Enable SNMP
+.. cfgcmd:: set service pppoe-server wins-server <address>
+ Windows Internet Name Service (WINS) servers propagated to client
+
+**********
+Monitoring
+**********
+
+.. opcmd:: show pppoe-server sessions
+
+ Use this command to locally check the active sessions in the PPPoE
+ server.
+
+
+.. code-block:: none
+
+ show pppoe-server sessions
+ ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
+ -------+----------+------------+-------------------+-------------+--------+----------+----------+----------
+ ppp0 | foo | 10.1.1.100 | 00:53:00:ba:db:15 | 20480/10240 | active | 00:00:11 | 214 B | 76 B
+********
Examples
-========
+********
IPv4
-----
+====
The example below uses ACN as access-concentrator name, assigns an
address from the pool 10.1.1.100-111, terminates at the local endpoint
@@ -372,9 +622,9 @@ address from the pool 10.1.1.100-111, terminates at the local endpoint
Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation
---------------------------------------------------------
+========================================================
-The example below covers a dual-stack configuration via pppoe-server.
+The example below covers a dual-stack configuration.
.. code-block:: none
@@ -392,7 +642,7 @@ The example below covers a dual-stack configuration via pppoe-server.
set service pppoe-server gateway-address '10.100.100.1'
The client, once successfully authenticated, will receive an IPv4 and an
-IPv6 /64 address to terminate the pppoe endpoint on the client side and
+IPv6 /64 address to terminate the PPPoE endpoint on the client side and
a /56 subnet for the clients internal use.
.. code-block:: none
@@ -403,3 +653,5 @@ a /56 subnet for the clients internal use.
ppp0 | test | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 00:53:00:12:42:eb | | active | 00:00:49 | 875 B | 2.1 KiB
.. include:: /_include/common-references.txt
+.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911
+.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel \ No newline at end of file
diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst
index eb1a6844..f179153a 100644
--- a/docs/configuration/service/router-advert.rst
+++ b/docs/configuration/service/router-advert.rst
@@ -26,7 +26,7 @@ Supported interface types:
Enabling Advertisments
~~~~~~~~~~~~~~~~~~~~~~~
-.. cfgcmd:: set service router-advert interface <interface> ....
+.. cfgcmd:: set service router-advert interface <interface> ...
.. stop_vyoslinter
@@ -52,7 +52,11 @@ Enabling Advertisments
Advertising a Prefix
''''''''''''''''''''
-.. cfgcmd:: set service router-advert interface <interface> prefix 2001:DB8::/32
+.. cfgcmd:: set service router-advert interface <interface> prefix <prefix/mask>
+
+ .. note:: You can also opt for using `::/64` as prefix for your :abbr:`RAs (Router
+ Advertisements)`. This will take the IPv6 GUA prefix assigned to the interface,
+ which comes in handy when using DHCPv6-PD.
.. stop_vyoslinter
diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst
index 0f45b7ca..279630e2 100644
--- a/docs/configuration/system/ip.rst
+++ b/docs/configuration/system/ip.rst
@@ -43,6 +43,19 @@ can be used to filter which routes zebra will install in the kernel.
.. note:: If you choose any as the option that will cause all protocols that
are sending routes to zebra.
+Nexthop Tracking
+^^^^^^^^^^^^^^^^
+
+Nexthop tracking resolve nexthops via the default route by default. This is enabled
+by default for a traditional profile of FRR which we use. It and can be disabled if
+you do not wan't to e.g. allow BGP to peer across the default route.
+
+.. cfgcmd:: set system ip nht no-resolve-via-default
+
+ Do not allow IPv4 nexthop tracking to resolve via the default route. This
+ parameter is configured per-VRF, so the command is also available in the VRF
+ subnode.
+
Operational commands
--------------------
diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst
index c7308f9d..d8d3c4c9 100644
--- a/docs/configuration/system/ipv6.rst
+++ b/docs/configuration/system/ipv6.rst
@@ -39,6 +39,19 @@ can be used to filter which routes zebra will install in the kernel.
.. note:: If you choose any as the option that will cause all protocols that
are sending routes to zebra.
+Nexthop Tracking
+^^^^^^^^^^^^^^^^
+
+Nexthop tracking resolve nexthops via the default route by default. This is enabled
+by default for a traditional profile of FRR which we use. It and can be disabled if
+you do not wan't to e.g. allow BGP to peer across the default route.
+
+.. cfgcmd:: set system ipv6 nht no-resolve-via-default
+
+ Do not allow IPv6 nexthop tracking to resolve via the default route. This
+ parameter is configured per-VRF, so the command is also available in the VRF
+ subnode.
+
Operational commands
--------------------
diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst
index 98e05cdd..09e27c53 100644
--- a/docs/configuration/system/login.rst
+++ b/docs/configuration/system/login.rst
@@ -34,6 +34,10 @@ Local
Setup encrypted password for given username. This is useful for
transferring a hashed password from system to system.
+.. cfgcmd:: set system login user <name> disable
+
+ Disable (lock) account. User will not be able to log in.
+
.. _ssh_key_based_authentication:
Key Based Authentication
diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst
index 4a1c3bd3..02c889dd 100644
--- a/docs/configuration/system/option.rst
+++ b/docs/configuration/system/option.rst
@@ -22,6 +22,11 @@ General
Play an audible beep to the system speaker when system is ready.
+.. cfgcmd:: set system option root-partition-auto-resize
+
+ Enables the root partition auto-extension and resizes to the maximum
+ available space on system boot.
+
Kernel
======
@@ -30,6 +35,23 @@ Kernel
Disable all optional CPU mitigations. This improves system performance,
but it may also expose users to several CPU vulnerabilities.
+ This will add the following option to the Kernel commandline:
+
+ * ``mitigations=off``
+
+ .. note:: Setting will only become active with the next reboot!
+
+.. cfgcmd:: set system option kernel disable-power-saving
+
+ Disable CPU power saving mechanisms also known as C states.
+
+ This will add the following two options to the Kernel commandline:
+
+ * ``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle
+ * ``processor.max_cstate=1`` Limit processor to maximum C-state 1
+
+ .. note:: Setting will only become active with the next reboot!
+
***********
HTTP client
***********
diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst
index 93f69f80..3463592f 100644
--- a/docs/configuration/trafficpolicy/index.rst
+++ b/docs/configuration/trafficpolicy/index.rst
@@ -1203,6 +1203,8 @@ That is how it is possible to do the so-called "ingress shaping".
set qos interface ifb0 egress MY-INGRESS-SHAPING
set interfaces ethernet eth0 redirect ifb0
+ set interfaces input ifb0
+
.. warning::
Do not configure IFB as the first step. First create everything else
diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index fad69bc3..172b3c64 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -32,10 +32,10 @@ for the cipher and hash. Adjust this as necessary.
**************************************
IKE (Internet Key Exchange) Attributes
**************************************
-IKE performs mutual authentication between two parties and establishes
-an IKE security association (SA) that includes shared secret information
-that can be used to efficiently establish SAs for Encapsulating Security
-Payload (ESP) or Authentication Header (AH) and a set of cryptographic
+IKE performs mutual authentication between two parties and establishes
+an IKE security association (SA) that includes shared secret information
+that can be used to efficiently establish SAs for Encapsulating Security
+Payload (ESP) or Authentication Header (AH) and a set of cryptographic
algorithms to be used by the SAs to protect the traffic that they carry.
https://datatracker.ietf.org/doc/html/rfc5996
@@ -44,64 +44,64 @@ Multiple proposals can be specified in a single group.
VyOS IKE group has the next options:
-* ``close-action`` defines the action to take if the remote peer unexpectedly
+* ``close-action`` defines the action to take if the remote peer unexpectedly
closes a CHILD_SA:
* ``none`` set action to none (default);
-
+
* ``trap`` installs a trap policy for the CHILD_SA;
-
+
* ``start`` tries to immediately re-create the CHILD_SA;
-
-* ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol
- (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty
- INFORMATIONAL messages (IKEv2) are periodically sent in order to check the
+
+* ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol
+ (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty
+ INFORMATIONAL messages (IKEv2) are periodically sent in order to check the
liveliness of the IPsec peer:
-
+
* ``action`` keep-alive failure action:
-
+
* ``trap`` installs a trap policy, which will catch matching traffic
and tries to re-negotiate the tunnel on-demand;
-
+
* ``clear`` closes the CHILD_SA and does not take further action (default);
-
+
* ``restart`` immediately tries to re-negotiate the CHILD_SA
under a fresh IKE_SA;
-
+
* ``interval`` keep-alive interval in seconds <2-86400> (default 30);
-
+
* ``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only
-
-* ``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate
+
+* ``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate
the peer. In IKEv1, reauthentication is always done.
- Setting this parameter enables remote host re-authentication during an IKE
+ Setting this parameter enables remote host re-authentication during an IKE
rekey.
-
+
* ``key-exchange`` which protocol should be used to initialize the connection
- If not set both protocols are handled and connections will use IKEv2 when
+ If not set both protocols are handled and connections will use IKEv2 when
initiating, but accept any protocol version when responding:
-
+
* ``ikev1`` use IKEv1 for Key Exchange;
-
+
* ``ikev2`` use IKEv2 for Key Exchange;
-
+
* ``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);
* ``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2
and enabled by default.
-
+
* ``mode`` IKEv1 Phase 1 Mode Selection:
- * ``main`` use Main mode for Key Exchanges in the IKEv1 Protocol
+ * ``main`` use Main mode for Key Exchanges in the IKEv1 Protocol
(Recommended Default);
-
- * ``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol
+
+ * ``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol
aggressive mode is much more insecure compared to Main mode;
-
+
* ``proposal`` the list of proposals and their parameters:
* ``dh-group`` dh-group;
-
+
* ``encryption`` encryption algorithm;
* ``hash`` hash algorithm.
@@ -111,8 +111,9 @@ VyOS IKE group has the next options:
***********************************************
ESP (Encapsulating Security Payload) Attributes
***********************************************
-ESP is used to provide confidentiality, data origin authentication,
-connectionless integrity, an anti-replay service (a form of partial sequence
+
+ESP is used to provide confidentiality, data origin authentication,
+connectionless integrity, an anti-replay service (a form of partial sequence
integrity), and limited traffic flow confidentiality.
https://datatracker.ietf.org/doc/html/rfc4303
@@ -122,26 +123,26 @@ Multiple proposals can be specified in a single group.
VyOS ESP group has the next options:
* ``compression`` Enables the IPComp(IP Payload Compression) protocol which
- allows compressing the content of IP packets.
-
-* ``life-bytes`` ESP life in bytes <1024-26843545600000>.
+ allows compressing the content of IP packets.
+
+* ``life-bytes`` ESP life in bytes <1024-26843545600000>.
Number of bytes transmitted over an IPsec SA before it expires;
-
-* ``life-packets`` ESP life in packets <1000-26843545600000>.
- Number of packets transmitted over an IPsec SA before it expires;
-
-* ``lifetime`` ESP lifetime in seconds <30-86400> (default 3600).
- How long a particular instance of a connection (a set of
- encryption/authentication keys for user packets) should last,
+
+* ``life-packets`` ESP life in packets <1000-26843545600000>.
+ Number of packets transmitted over an IPsec SA before it expires;
+
+* ``lifetime`` ESP lifetime in seconds <30-86400> (default 3600).
+ How long a particular instance of a connection (a set of
+ encryption/authentication keys for user packets) should last,
from successful negotiation to expiry;
-
+
* ``mode`` the type of the connection:
-
+
* ``tunnel`` tunnel mode (default);
* ``transport`` transport mode;
-* ``pfs`` whether Perfect Forward Secrecy of keys is desired on the
+* ``pfs`` whether Perfect Forward Secrecy of keys is desired on the
connection's keying channel and defines a Diffie-Hellman group for PFS:
* ``enable`` Inherit Diffie-Hellman group from IKE group (default);
@@ -155,20 +156,21 @@ VyOS ESP group has the next options:
* ``encryption`` encryption algorithm (default 128 bit AES-CBC);
* ``hash`` hash algorithm (default sha1).
-
+
***********************************************
Options (Global IPsec settings) Attributes
-***********************************************
+***********************************************
+
* ``options``
* ``disable-route-autoinstall`` Do not automatically install routes to remote networks;
-
+
* ``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a "tunnel mode ipsec ipv4" Cisco template but should also work for GRE encapsulation;
-
+
* ``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;
-
+
* ``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy.
-
+
*************************
IPsec policy matching GRE
*************************
@@ -266,7 +268,7 @@ However, now you need to make IPsec work with dynamic address on one side. The
tricky part is that pre-shared secret authentication doesn't work with dynamic
address, so we'll have to use RSA keys.
-First, on both routers run the operational command "generate pki key-pair
+First, on both routers run the operational command "generate pki key-pair
install <key-pair name>". You may choose different length than 2048 of course.
.. code-block:: none
@@ -283,18 +285,18 @@ install <key-pair name>". You may choose different length than 2048 of course.
set pki key-pair ipsec-LEFT private key 'MIIEvgIBADAN...'
[edit]
-Configuration commands for the private and public key will be displayed on the
+Configuration commands for the private and public key will be displayed on the
screen which needs to be set on the router first.
-Note the command with the public key
-(set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...').
+Note the command with the public key
+(set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...').
Then do the same on the opposite router:
.. code-block:: none
vyos@left# run generate pki key-pair install ipsec-RIGHT
-Note the command with the public key
-(set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...').
+Note the command with the public key
+(set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...').
Now the noted public keys should be entered on the opposite routers.
@@ -363,3 +365,205 @@ On the RIGHT (dynamic address):
set vpn ipsec site-to-site peer LEFT remote-address 192.0.2.10
set vpn ipsec site-to-site peer LEFT tunnel 1 local prefix 192.168.99.2/32 # Additional loopback address on the local
set vpn ipsec site-to-site peer LEFT tunnel 1 remote prefix 192.168.99.1/32 # Additional loopback address on the remote
+
+
+*******************************************
+IKEv2 IPSec road-warriors remote-access VPN
+*******************************************
+
+Internet Key Exchange version 2, IKEv2 for short, is a request/response
+protocol developed by both Cisco and Microsoft. It is used to establish
+and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a
+road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint,
+or remote-access/road-warrior mode, secures the server-side with another layer
+by using an x509 signed server certificate.
+
+Key exchange and payload encryption is still done using IKE and ESP proposals
+as known from IKEv1 but the connections are faster to establish, more reliable,
+and also support roaming from IP to IP (called MOBIKE which makes sure your
+connection does not drop when changing networks from e.g. WIFI to LTE and back).
+
+This feature closely works together with :ref:`pki` subsystem as you required
+a x509 certificate.
+
+Example
+=======
+
+This example uses CACert as certificate authority.
+
+.. code-block::
+
+ set pki ca CAcert_Class_3_Root certificate 'MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57aiX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6CjQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgiapNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPtXapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luLoFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGprmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVABfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAChiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoGCysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5vcmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGqeSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6HhLSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QUqGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k50cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfqi5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUECokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87cSvOK6eB1kdGKLA8ymXxZp8='
+ set pki ca CAcert_Signing_Authority certificate 'MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42yfk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jcG8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4kepKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43qlaegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQQUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivUfslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8wggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTADAQH/MDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgucGhwP2lkPTEwMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TANBgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b+bNRUhbO9vGBMggczo7R0qIh1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V+ubzF7xl4C0HWltfzPTbzAHdJtjaJQw7QaBlmAYpN2CLB6Jeg8q/1Xpgdw/+IP1GRwdg7xUpReUA482l4MH1kf0W0ad94SuIfNWQHcdLApmno/SUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6cZzm1oetrkSviE2qofxvv1VFiQ+9TX3/zkECCsUB/EjPM0lxFBmu9T5Ih+Eqns9ivmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH+qb+pLf1ofv5noy5vX2a5OKebHe+0Ex/A7e+G/HuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H+EbIoga/hJCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmxXdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF/w55e0LttZDBkEsilV/vW0CJsPs3eNaQF+iMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n1FZwmLpFAvucKqgl0hr+2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVrGwc='
+
+After you obtained your server certificate you can import it from a file
+on the local filesystem, or paste it into the CLI. Please note that
+when entering the certificate manually you need to strip the
+``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate
+or key needs to be presented in a single line without line breaks (``\n``).
+
+To import it from the filesystem use:
+
+.. code-block::
+
+ import pki certificate <name> file /path/to/cert.pem
+
+In our example the certificate name is called vyos:
+
+.. code-block::
+
+ set pki certificate vyos certificate 'MIIE45s...'
+ set pki certificate vyos private key 'MIIEvgI...'
+
+After the PKI certs are all set up we can start configuring our IPSec/IKE
+proposals used for key-exchange end data encryption. The used encryption
+ciphers and integrity algorithms vary from operating system to operating
+system. The ones used in this post are validated to work on both Windows 10
+and iOS/iPadOS 14 to 17.
+
+.. code-block::
+
+ set vpn ipsec esp-group ESP-RW compression 'disable'
+ set vpn ipsec esp-group ESP-RW lifetime '3600'
+ set vpn ipsec esp-group ESP-RW pfs 'disable'
+ set vpn ipsec esp-group ESP-RW proposal 10 encryption 'aes128gcm128'
+ set vpn ipsec esp-group ESP-RW proposal 10 hash 'sha256'
+
+ set vpn ipsec ike-group IKE-RW key-exchange 'ikev2'
+ set vpn ipsec ike-group IKE-RW lifetime '7200'
+ set vpn ipsec ike-group IKE-RW mobike 'enable'
+ set vpn ipsec ike-group IKE-RW proposal 10 dh-group '14'
+ set vpn ipsec ike-group IKE-RW proposal 10 encryption 'aes128gcm128'
+ set vpn ipsec ike-group IKE-RW proposal 10 hash 'sha256'
+
+Every connection/remote-access pool we configure also needs a pool where
+we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool.
+Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix
+and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some
+DNS nameservers down to our clients used on their connection.
+
+.. code-block::
+
+ set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.1'
+ set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.0.2.128/25'
+ set vpn ipsec remote-access pool ra-rw-ipv6 name-server '2001:db8:1000::1'
+ set vpn ipsec remote-access pool ra-rw-ipv6 prefix '2001:db8:2000::/64'
+
+VyOS supports multiple IKEv2 remote-access connections. Every connection can
+have its dedicated IKE/ESP ciphers, certificates or local listen address for
+e.g. inbound load balancing.
+
+We configure a new connection named ``rw`` for road-warrior, that identifies
+itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate
+signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously
+specified IKE/ESP groups and also link the IP address pool to draw addresses
+from.
+
+.. code-block::
+
+ set vpn ipsec remote-access connection rw authentication id '192.0.2.1'
+ set vpn ipsec remote-access connection rw authentication server-mode 'x509'
+ set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root'
+ set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos'
+ set vpn ipsec remote-access connection rw esp-group 'ESP-RW'
+ set vpn ipsec remote-access connection rw ike-group 'IKE-RW'
+ set vpn ipsec remote-access connection rw local-address '192.0.2.1'
+ set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4'
+ set vpn ipsec remote-access connection rw pool 'ra-rw-ipv6'
+
+VyOS also supports (currently) two different modes of authentication, local and
+RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the
+following commands.
+
+.. code-block::
+
+ set vpn ipsec remote-access connection rw authentication client-mode 'eap-mschapv2'
+ set vpn ipsec remote-access connection rw authentication local-users username vyos password 'vyos'
+
+If you feel better forwarding all authentication requests to your enterprises
+RADIUS server, use the commands below.
+
+.. code-block::
+
+ set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius'
+ set vpn ipsec remote-access radius server 192.0.2.2 key 'secret'
+
+Client Configuration
+====================
+
+Configuring VyOS to act as your IPSec access concentrator is one thing, but
+you probably need to setup your client connecting to the server so they can
+talk to the IPSec gateway.
+
+Microsoft Windows (10+)
+-----------------------
+
+Windows 10 does not allow a user to choose the integrity and encryption ciphers
+using the GUI and it uses some older proposals by default. A user can only
+change the proposals on the client side by configuring the IPSec connection
+profile via PowerShell.
+
+We generate a connection profile used by Windows clients that will connect to
+the "rw" connection on our VyOS server on the VPN servers IP address/fqdn
+`vpn.vyos.net`.
+
+.. note:: Microsoft Windows expects the server name to be also used in the
+ server's certificate common name, so it's best to use this DNS name for
+ your VPN connection.
+
+.. code-block::
+
+ vyos@vyos:~$ generate ipsec profile windows-remote-access rw remote vpn.vyos.net
+
+ ==== <snip> ====
+ Add-VpnConnection -Name "VyOS IKEv2 VPN" -ServerAddress "vpn.vyos.net" -TunnelType "Ikev2"
+ Set-VpnConnectionIPsecConfiguration -ConnectionName "VyOS IKEv2 VPN" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod GCMAES128 -IntegrityCheckMethod SHA256128 -PfsGroup None -DHGroup "Group14" -PassThru -Force
+ ==== </snip> ====
+
+As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of
+encryption ciphers and integrity algorithms we will validate the configured
+IKE/ESP proposals and only list the compatible ones to the user — if multiple
+are defined. If there are no matching proposals found — we can not generate a
+profile for you.
+
+When first connecting to the new VPN the user is prompted to enter proper
+credentials.
+
+Apple iOS/iPadOS (14.2+)
+------------------------
+
+Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose
+all available VPN options via the device GUI.
+
+If you want, need, and should use more advanced encryption ciphers (default
+is still 3DES) you need to provision your device using a so-called "Device
+Profile". A profile is a simple text file containing XML nodes with a
+``.mobileconfig`` file extension that can be sent and opened on any device
+from an E-Mail.
+
+Profile generation happens from the operational level and is as simple as
+issuing the following command to create a profile to connect to the IKEv2
+access server at ``vpn.vyos.net`` with the configuration for the ``rw``
+remote-access connection group.
+
+.. note:: Apple iOS/iPadOS expects the server name to be also used in the
+ server's certificate common name, so it's best to use this DNS name for
+ your VPN connection.
+
+.. code-block::
+
+ vyos@vyos:~$ generate ipsec profile ios-remote-access rw remote vpn.vyos.net
+
+ ==== <snip> ====
+ <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+ <plist version="1.0">
+ ...
+ </plist>
+ ==== </snip> ====
+
+In the end, an XML structure is generated which can be saved as
+``vyos.mobileconfig`` and sent to the device by E-Mail where it later can
+be imported.
+
+During profile import, the user is asked to enter its IPSec credentials
+(username and password) which is stored on the mobile.
diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst
index ce3b6711..f0c60ec1 100644
--- a/docs/configuration/vpn/l2tp.rst
+++ b/docs/configuration/vpn/l2tp.rst
@@ -1,30 +1,80 @@
.. _l2tp:
+####
L2TP
-----
+####
VyOS utilizes accel-ppp_ to provide L2TP server functionality. It can be used
with local authentication or a connected RADIUS server.
-L2TP over IPsec
-===============
-
-Example for configuring a simple L2TP over IPsec VPN for remote access (works
-with native Windows and Mac VPN clients):
+***********************
+Configuring L2TP Server
+***********************
.. code-block:: none
- set vpn ipsec interface eth0
-
- set vpn l2tp remote-access outside-address 192.0.2.2
+ set vpn l2tp remote-access authentication mode local
+ set vpn l2tp remote-access authentication local-users username test password 'test'
set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254
set vpn l2tp remote-access default-pool 'L2TP-POOL'
+ set vpn l2tp remote-access outside-address 192.0.2.2
+ set vpn l2tp remote-access gateway-address 192.168.255.1
+
+
+.. cfgcmd:: set vpn l2tp remote-access authentication mode <local | radius>
+
+ Set authentication backend. The configured authentication backend is used
+ for all queries.
+
+ * **radius**: All authentication queries are handled by a configured RADIUS
+ server.
+ * **local**: All authentication queries are handled locally.
+
+.. cfgcmd:: set vpn l2tp remote-access authentication local-users username <user> password
+ <pass>
+
+ Create `<user>` for local authentication on this system. The users password
+ will be set to `<pass>`.
+
+.. cfgcmd:: set vpn l2tp remote-access client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
+
+ Use this command to define the first IP address of a pool of
+ addresses to be given to l2tp clients. If notation ``x.x.x.x-x.x.x.x``,
+ it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
+ used there is possibility to set host/netmask.
+
+.. cfgcmd:: set vpn l2tp remote-access default-pool <POOL-NAME>
+
+ Use this command to define default address pool name.
+
+.. cfgcmd:: set vpn l2tp remote-access gateway-address <gateway>
+
+ Specifies single `<gateway>` IP address to be used as local address of PPP
+ interfaces.
+
+*****************
+Configuring IPsec
+*****************
+
+.. code-block:: none
+
+ set vpn ipsec interface eth0
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>
- set vpn l2tp remote-access authentication mode local
- set vpn l2tp remote-access authentication local-users username test password 'test'
-In the above example, an external IP of 192.0.2.2 is assumed.
+
+.. cfgcmd:: set vpn ipsec interface <INTERFACE>
+
+ Use this command to define IPsec interface.
+
+.. cfgcmd:: set vpn l2tp remote-access ipsec-settings authentication mode <pre-shared-secret | x509>
+
+ Set mode for IPsec authentication between VyOS and L2TP clients.
+
+.. cfgcmd:: set vpn l2tp remote-access ipsec-settings authentication mode <pre-shared-secret | x509>
+
+ Set predefined shared secret phrase.
+
If a local firewall policy is in place on your external interface you will need
to allow the ports below:
@@ -64,156 +114,150 @@ To allow VPN-clients access via your external address, a NAT rule is required:
set nat source rule 110 source address '192.168.255.0/24'
set nat source rule 110 translation address masquerade
+*********************************
+Configuring RADIUS authentication
+*********************************
-VPN-clients will request configuration parameters, optionally you can DNS
-parameter to the client.
+To enable RADIUS based authentication, the authentication mode needs to be
+changed within the configuration. Previous settings like the local users, still
+exists within the configuration, however they are not used if the mode has been
+changed from local to radius. Once changed back to local, it will use all local
+accounts again.
.. code-block:: none
- set vpn l2tp remote-access name-server '198.51.100.8'
- set vpn l2tp remote-access name-server '198.51.100.4'
-
-Established sessions can be viewed using the **show l2tp-server sessions**
-operational command
+ set vpn l2tp remote-access authentication mode radius
-.. code-block:: none
+.. cfgcmd:: set vpn l2tp remote-access authentication radius server <server> key <secret>
- vyos@vyos:~$ show l2tp-server sessions
- ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
- --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+----------
- l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB
+ Configure RADIUS `<server>` and its required shared `<secret>` for
+ communicating with the RADIUS server.
+Since the RADIUS server would be a single point of failure, multiple RADIUS
+servers can be setup and will be used subsequentially.
+For example:
+.. code-block:: none
-LNS (L2TP Network Server)
-=========================
+ set vpn l2tp remote-access authentication radius server 10.0.0.1 key 'foo'
+ set vpn l2tp remote-access authentication radius server 10.0.0.2 key 'foo'
-LNS are often used to connect to a LAC (L2TP Access Concentrator).
+.. note:: Some RADIUS_ severs use an access control list which allows or denies
+ queries, make sure to add your VyOS router to the allowed client list.
-Below is an example to configure a LNS:
+RADIUS source address
+=====================
-.. code-block:: none
+If you are using OSPF as IGP, always the closest interface connected to the
+RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests
+to a single source IP e.g. the loopback interface.
- set vpn l2tp remote-access outside-address 192.0.2.2
- set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254
- set vpn l2tp remote-access default-pool 'L2TP-POOL'
- set vpn l2tp remote-access lns shared-secret 'secret'
- set vpn l2tp remote-access ppp-options disable-ccp
- set vpn l2tp remote-access authentication mode local
- set vpn l2tp remote-access authentication local-users username test password 'test'
+.. cfgcmd:: set vpn l2tp remote-access authentication radius source-address <address>
-The example above uses 192.0.2.2 as external IP address. A LAC normally requires
-an authentication password, which is set in the example configuration to
-``lns shared-secret 'secret'``. This setup requires the Compression Control
-Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access
-ccp-disable`` accomplishes that.
+ Source IPv4 address used in all RADIUS server queires.
+.. note:: The ``source-address`` must be configured on one of VyOS interface.
+ Best practice would be a loopback or dummy interface.
-Bandwidth Shaping
-=================
+RADIUS advanced options
+=======================
-Bandwidth rate limits can be set for local users or via RADIUS based attributes.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius server <server> port <port>
-Bandwidth Shaping for local users
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ Configure RADIUS `<server>` and its required port for authentication requests.
-The rate-limit is set in kbit/sec.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius server <server> fail-time <time>
-.. code-block:: none
+ Mark RADIUS server as offline for this given `<time>` in seconds.
- set vpn l2tp remote-access outside-address 192.0.2.2
- set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254
- set vpn l2tp remote-access default-pool 'L2TP-POOL'
- set vpn l2tp remote-access authentication mode local
- set vpn l2tp remote-access authentication local-users username test password test
- set vpn l2tp remote-access authentication local-users username test rate-limit download 20480
- set vpn l2tp remote-access authentication local-users username test rate-limit upload 10240
+.. cfgcmd:: set vpn l2tp remote-access authentication radius server <server> disable
- vyos@vyos:~$ show l2tp-server sessions
- ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
- --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+----------
- l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB
+ Temporary disable this RADIUS server.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius acct-timeout <timeout>
-RADIUS authentication
-======================
+ Timeout to wait reply for Interim-Update packets. (default 3 seconds)
-To enable RADIUS based authentication, the authentication mode needs to be
-changed within the configuration. Previous settings like the local users, still
-exists within the configuration, however they are not used if the mode has been
-changed from local to radius. Once changed back to local, it will use all local
-accounts again.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius dynamic-author server <address>
-.. code-block:: none
+ Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
- set vpn l2tp remote-access authentication mode <local|radius>
+.. cfgcmd:: set vpn l2tp remote-access authentication radius dynamic-author port <port>
-Since the RADIUS server would be a single point of failure, multiple RADIUS
-servers can be setup and will be used subsequentially.
+ Port for Dynamic Authorization Extension server (DM/CoA)
-.. code-block:: none
+.. cfgcmd:: set vpn l2tp remote-access authentication radius dynamic-author key <secret>
- set vpn l2tp remote-access authentication radius server 10.0.0.1 key 'foo'
- set vpn l2tp remote-access authentication radius server 10.0.0.2 key 'foo'
+ Secret for Dynamic Authorization Extension server (DM/CoA)
-.. note:: Some RADIUS_ severs use an access control list which allows or denies
- queries, make sure to add your VyOS router to the allowed client list.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius max-try <number>
-RADIUS source address
-^^^^^^^^^^^^^^^^^^^^^
+ Maximum number of tries to send Access-Request/Accounting-Request queries
-If you are using OSPF as IGP, always the closest interface connected to the
-RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests
-to a single source IP e.g. the loopback interface.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius timeout <timeout>
-.. code-block:: none
+ Timeout to wait response from server (seconds)
- set vpn l2tp remote-access authentication radius source-address 10.0.0.3
+.. cfgcmd:: set vpn l2tp remote-access authentication radius nas-identifier <identifier>
-Above command will use `10.0.0.3` as source IPv4 address for all RADIUS queries
-on this NAS.
+ Value to send to RADIUS server in NAS-Identifier attribute and to be matched
+ in DM/CoA requests.
-.. note:: The ``source-address`` must be configured on one of VyOS interface.
- Best practice would be a loopback or dummy interface.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius nas-ip-address <address>
-RADIUS bandwidth shaping attribute
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ Value to send to RADIUS server in NAS-IP-Address attribute and to be matched
+ in DM/CoA requests. Also DM/CoA server will bind to that address.
-To enable bandwidth shaping via RADIUS, the option rate-limit needs to be
-enabled.
+.. cfgcmd:: set vpn l2tp remote-access authentication radius source-address <address>
-.. code-block:: none
+ Source IPv4 address used in all RADIUS server queires.
- set vpn l2tp remote-access authentication radius rate-limit enable
+.. cfgcmd:: set vpn l2tp remote-access authentication radius rate-limit attribute <attribute>
-The default RADIUS attribute for rate limiting is ``Filter-Id``, but you may
-also redefine it.
+ Specifies which RADIUS server attribute contains the rate limit information.
+ The default attribute is `Filter-Id`.
-.. code-block:: none
+.. note:: If you set a custom RADIUS attribute you must define it on both
+ dictionaries at RADIUS server and client.
- set vpn l2tp remote-access authentication radius rate-limit attribute Download-Speed
+.. cfgcmd:: set vpn l2tp remote-access authentication radius rate-limit enable
-.. note:: If you set a custom RADIUS attribute you must define it on both
- dictionaries at RADIUS server and client, which is the vyos router in our
- example.
+ Enables bandwidth shaping via RADIUS.
-The RADIUS dictionaries in VyOS are located at ``/usr/share/accel-ppp/radius/``
+.. cfgcmd:: set vpn l2tp remote-access authentication radius rate-limit vendor
-RADIUS advanced features
-^^^^^^^^^^^^^^^^^^^^^^^^
+ Specifies the vendor dictionary, dictionary needs to be in
+ /usr/share/accel-ppp/radius.
Received RADIUS attributes have a higher priority than parameters defined within
the CLI configuration, refer to the explanation below.
Allocation clients ip addresses by RADIUS
-*****************************************
+=========================================
If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP
-address will be allocated to the client and the option ip-pool within the CLI
+address will be allocated to the client and the option ``default-pool`` within the CLI
config is being ignored.
+If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated
+from a predefined IP pool whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address
+will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6
+delegation pefix will be allocated from a predefined IPv6 pool ``delegate``
+whose name equals the attribute value.
+
+.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in
+ RFC6911. If they are not defined in your RADIUS server, add new dictionary_.
+
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change
+it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_.
+Define it in your RADIUS server.
+
Renaming clients interfaces by RADIUS
-*************************************
+=====================================
If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be
renamed.
@@ -221,6 +265,301 @@ renamed.
.. note:: The value of the attribute ``NAS-Port-Id`` must be less than 16
characters, otherwise the interface won't be renamed.
+*************************************
+Configuring LNS (L2TP Network Server)
+*************************************
+
+LNS are often used to connect to a LAC (L2TP Access Concentrator).
+
+.. cfgcmd:: set vpn l2tp remote-access lns host-name <hostname>
+
+ Sent to the client (LAC) in the Host-Name attribute
+
+.. cfgcmd:: set vpn l2tp remote-access lns shared-secret <secret>
+
+ Tunnel password used to authenticate the client (LAC)
+
+To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`.
+
+****
+IPv6
+****
+.. cfgcmd:: set vpn l2tp remote-access ppp-options ipv6 <require | prefer | allow | deny>
+
+ Specifies IPv6 negotiation preference.
+
+ * **require** - Require IPv6 negotiation
+ * **prefer** - Ask client for IPv6 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv6 only if client requests
+ * **deny** - Do not negotiate IPv6 (default value)
+
+.. cfgcmd:: set vpn l2tp remote-access client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
+ mask <number-of-bits>
+
+ Use this comand to set the IPv6 address pool from which an l2tp client
+ will get an IPv6 prefix of your defined length (mask) to terminate the
+ l2tp endpoint at their side. The mask length can be set from 48 to 128
+ bit long, the default value is 64.
+
+.. cfgcmd:: set vpn l2tp remote-access client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
+ delegation-prefix <number-of-bits>
+
+ Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
+ l2tp. You will have to set your IPv6 pool and the length of the
+ delegation prefix. From the defined IPv6 pool you will be handing out
+ networks of the defined length (delegation-prefix). The length of the
+ delegation prefix can be set from 32 to 64 bit long.
+
+.. cfgcmd:: set vpn l2tp remote-access default-ipv6-pool <IPv6-POOL-NAME>
+
+ Use this command to define default IPv6 address pool name.
+
+.. code-block:: none
+
+ set vpn l2tp remote-access ppp-options ipv6 allow
+ set vpn l2tp remote-access client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56'
+ set vpn l2tp remote-access client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64'
+ set vpn l2tp remote-access default-ipv6-pool IPv6-POOL
+
+IPv6 Advanced Options
+=====================
+.. cfgcmd:: set vpn l2tp remote-access ppp-options ipv6-accept-peer-interface-id
+
+ Accept peer interface identifier. By default is not defined.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options ipv6-interface-id <random | x:x:x:x>
+
+ Specifies fixed or random interface identifier for IPv6.
+ By default is fixed.
+
+ * **random** - Random interface identifier for IPv6
+ * **x:x:x:x** - Specify interface identifier for IPv6
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options ipv6-interface-id <random | x:x:x:x>
+
+ Specifies peer interface identifier for IPv6. By default is fixed.
+
+ * **random** - Random interface identifier for IPv6
+ * **x:x:x:x** - Specify interface identifier for IPv6
+ * **ipv4-addr** - Calculate interface identifier from IPv4 address.
+ * **calling-sid** - Calculate interface identifier from calling-station-id.
+
+*********
+Scripting
+*********
+
+.. cfgcmd:: set vpn l2tp remote-access extended-scripts on-change <path_to_script>
+
+ Script to run when session interface changed by RADIUS CoA handling
+
+.. cfgcmd:: set vpn l2tp remote-access extended-scripts on-down <path_to_script>
+
+ Script to run when session interface going to terminate
+
+.. cfgcmd:: set vpn l2tp remote-access extended-scripts on-pre-up <path_to_script>
+
+ Script to run before session interface comes up
+
+.. cfgcmd:: set vpn l2tp remote-access extended-scripts on-up <path_to_script>
+
+ Script to run when session interface is completely configured and started
+
+****************
+Advanced Options
+****************
+
+Authentication Advanced Options
+===============================
+
+.. cfgcmd:: set vpn l2tp remote-access authentication local-users username <user> disable
+
+ Disable `<user>` account.
+
+.. cfgcmd:: set vpn l2tp remote-access authentication local-users username <user> static-ip
+ <address>
+
+ Assign static IP address to `<user>` account.
+
+.. cfgcmd:: set vpn l2tp remote-access authentication local-users username <user> rate-limit
+ download <bandwidth>
+
+ Download bandwidth limit in kbit/s for `<user>`.
+
+.. cfgcmd:: set vpn l2tp remote-access authentication local-users username <user> rate-limit
+ upload <bandwidth>
+
+ Upload bandwidth limit in kbit/s for `<user>`.
+
+.. cfgcmd:: set vpn l2tp remote-access authentication protocols
+ <pap | chap | mschap | mschap-v2>
+
+ Require the peer to authenticate itself using one of the following protocols:
+ pap, chap, mschap, mschap-v2.
+
+Client IP Pool Advanced Options
+===============================
+
+.. cfgcmd:: set vpn l2tp remote-access client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
+
+ Use this command to define the next address pool name.
+
+PPP Advanced Options
+====================
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options disable-ccp
+
+ Disable Compression Control Protocol (CCP).
+ CCP is enabled by default.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options interface-cache <number>
+
+ Specifies number of interfaces to keep in cache. It means that don’t
+ destroy interface after corresponding session is destroyed, instead
+ place it to cache and use it later for new sessions repeatedly.
+ This should reduce kernel-level interface creation/deletion rate lack.
+ Default value is **0**.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options ipv4 <require | prefer | allow | deny>
+
+ Specifies IPv4 negotiation preference.
+
+ * **require** - Require IPv4 negotiation
+ * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv4 only if client requests (Default value)
+ * **deny** - Do not negotiate IPv4
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options lcp-echo-failure <number>
+
+ Defines the maximum `<number>` of unanswered echo requests. Upon reaching the
+ value `<number>`, the session will be reset. Default value is **3**.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options lcp-echo-interval <interval>
+
+ If this option is specified and is greater than 0, then the PPP module will
+ send LCP pings of the echo request every `<interval>` seconds.
+ Default value is **30**.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options lcp-echo-timeout
+
+ Specifies timeout in seconds to wait for any peer activity. If this option
+ specified it turns on adaptive lcp echo functionality and "lcp-echo-failure"
+ is not used. Default value is **0**.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options min-mtu <number>
+
+ Defines minimum acceptable MTU. If client will try to negotiate less then
+ specified MTU then it will be NAKed or disconnected if rejects greater MTU.
+ Default value is **100**.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options mppe <require | prefer | deny>
+
+ Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation
+ preference.
+
+ * **require** - ask client for mppe, if it rejects drop connection
+ * **prefer** - ask client for mppe, if it rejects don't fail. (Default value)
+ * **deny** - deny mppe
+
+ Default behavior - don't ask client for mppe, but allow it if client wants.
+ Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy
+ attribute.
+
+.. cfgcmd:: set vpn l2tp remote-access ppp-options mru <number>
+
+ Defines preferred MRU. By default is not defined.
+
+Global Advanced options
+=======================
+
+.. cfgcmd:: set vpn l2tp remote-access description <description>
+
+ Set description.
+
+.. cfgcmd:: set vpn l2tp remote-access limits burst <value>
+
+ Burst count
+
+.. cfgcmd:: set vpn l2tp remote-access limits connection-limit <value>
+
+ Acceptable rate of connections (e.g. 1/min, 60/sec)
+
+.. cfgcmd:: set vpn l2tp remote-access limits timeout <value>
+
+ Timeout in seconds
+
+.. cfgcmd:: set vpn l2tp remote-access mtu
+
+ Maximum Transmission Unit (MTU) (default: **1436**)
+
+.. cfgcmd:: set vpn l2tp remote-access max-concurrent-sessions
+
+ Maximum number of concurrent session start attempts
+
+.. cfgcmd:: set vpn l2tp remote-access name-server <address>
+
+ Connected client should use `<address>` as their DNS server. This
+ command accepts both IPv4 and IPv6 addresses. Up to two nameservers
+ can be configured for IPv4, up to three for IPv6.
+
+.. cfgcmd:: set vpn l2tp remote-access shaper fwmark <1-2147483647>
+
+ Match firewall mark value
+
+.. cfgcmd:: set vpn l2tp remote-access snmp master-agent
+
+ Enable SNMP
+
+.. cfgcmd:: set vpn l2tp remote-access wins-server <address>
+
+ Windows Internet Name Service (WINS) servers propagated to client
+
+**********
+Monitoring
+**********
+
+.. code-block:: none
+
+ vyos@vyos:~$ show l2tp-server sessions
+ ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
+ --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+----------
+ l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB
+
+.. code-block:: none
+
+ vyos@vyos:~$ show l2tp-server statistics
+ uptime: 0.02:49:49
+ cpu: 0%
+ mem(rss/virt): 5920/100892 kB
+ core:
+ mempool_allocated: 133202
+ mempool_available: 131770
+ thread_count: 1
+ thread_active: 1
+ context_count: 5
+ context_sleeping: 0
+ context_pending: 0
+ md_handler_count: 3
+ md_handler_pending: 0
+ timer_count: 0
+ timer_pending: 0
+ sessions:
+ starting: 0
+ active: 0
+ finishing: 0
+ l2tp:
+ tunnels:
+ starting: 0
+ active: 0
+ finishing: 0
+ sessions (control channels):
+ starting: 0
+ active: 0
+ finishing: 0
+ sessions (data channels):
+ starting: 0
+ active: 0
+ finishing: 0
+
.. _`Google Public DNS`: https://developers.google.com/speed/public-dns
.. _Quad9: https://quad9.net
@@ -230,3 +569,5 @@ renamed.
.. _FreeRADIUS: https://freeradius.org
.. _`Network Policy Server`: https://en.wikipedia.org/wiki/Network_Policy_Server
.. _accel-ppp: https://accel-ppp.org/
+.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911
+.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
diff --git a/docs/configuration/vpn/pptp.rst b/docs/configuration/vpn/pptp.rst
index fe536eec..2a5e7731 100644
--- a/docs/configuration/vpn/pptp.rst
+++ b/docs/configuration/vpn/pptp.rst
@@ -1,52 +1,552 @@
.. _pptp:
+###########
PPTP-Server
------------
+###########
The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in VyOS only
for backwards compatibility. PPTP has many well known security issues and you
should use one of the many other new VPN implementations.
-As per default and if not otherwise defined, mschap-v2 is being used for
-authentication and mppe 128-bit (stateless) for encryption. If no
-gateway-address is set within the configuration, the lowest IP out of the /24
-client-ip-pool is being used. For instance, in the example below it would be
-192.168.0.1.
-
-server example
-^^^^^^^^^^^^^^
+***********************
+Configuring PPTP Server
+***********************
.. code-block:: none
+ set vpn pptp remote-access authentication mode local
set vpn pptp remote-access authentication local-users username test password 'test'
- set vpn pptp remote-access authentication mode 'local'
- set vpn pptp remote-access client-ip-pool PPTP-POOL range 192.168.0.10-192.168.0.15
+ set vpn pptp remote-access client-ip-pool PPTP-POOL range 192.168.255.2-192.168.255.254
set vpn pptp remote-access default-pool 'PPTP-POOL'
- set vpn pptp remote-access gateway-address '10.100.100.1'
- set vpn pptp remote-access outside-address '10.1.1.120'
+ set vpn pptp remote-access outside-address 192.0.2.2
+ set vpn pptp remote-access gateway-address 192.168.255.1
+
+
+.. cfgcmd:: set vpn pptp remote-access authentication mode <local | radius>
+
+ Set authentication backend. The configured authentication backend is used
+ for all queries.
+
+ * **radius**: All authentication queries are handled by a configured RADIUS
+ server.
+ * **local**: All authentication queries are handled locally.
+ * **noauth**: Authentication disabled.
+
+.. cfgcmd:: set vpn pptp remote-access authentication local-users username <user> password
+ <pass>
+
+ Create `<user>` for local authentication on this system. The users password
+ will be set to `<pass>`.
+
+.. cfgcmd:: set vpn pptp remote-access client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
+
+ Use this command to define the first IP address of a pool of
+ addresses to be given to PPTP clients. If notation ``x.x.x.x-x.x.x.x``,
+ it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
+ used there is possibility to set host/netmask.
+
+.. cfgcmd:: set vpn pptp remote-access default-pool <POOL-NAME>
+
+ Use this command to define default address pool name.
+
+.. cfgcmd:: set vpn pptp remote-access gateway-address <gateway>
+
+ Specifies single `<gateway>` IP address to be used as local address of PPP
+ interfaces.
+
+*********************************
+Configuring RADIUS authentication
+*********************************
+
+To enable RADIUS based authentication, the authentication mode needs to be
+changed within the configuration. Previous settings like the local users, still
+exists within the configuration, however they are not used if the mode has been
+changed from local to radius. Once changed back to local, it will use all local
+accounts again.
+
+.. code-block:: none
+
+ set vpn pptp remote-access authentication mode radius
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius server <server> key <secret>
+
+ Configure RADIUS `<server>` and its required shared `<secret>` for
+ communicating with the RADIUS server.
+
+Since the RADIUS server would be a single point of failure, multiple RADIUS
+servers can be setup and will be used subsequentially.
+For example:
+
+.. code-block:: none
+
+ set vpn pptp remote-access authentication radius server 10.0.0.1 key 'foo'
+ set vpn pptp remote-access authentication radius server 10.0.0.2 key 'foo'
+
+.. note:: Some RADIUS severs use an access control list which allows or denies
+ queries, make sure to add your VyOS router to the allowed client list.
+
+RADIUS source address
+=====================
+
+If you are using OSPF as IGP, always the closest interface connected to the
+RADIUS server is used. You can bind all outgoing RADIUS requests
+to a single source IP e.g. the loopback interface.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius source-address <address>
+
+ Source IPv4 address used in all RADIUS server queires.
+
+.. note:: The ``source-address`` must be configured on one of VyOS interface.
+ Best practice would be a loopback or dummy interface.
+
+RADIUS advanced options
+=======================
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius server <server> port <port>
+
+ Configure RADIUS `<server>` and its required port for authentication requests.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius server <server> fail-time <time>
+
+ Mark RADIUS server as offline for this given `<time>` in seconds.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius server <server> disable
+
+ Temporary disable this RADIUS server.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius acct-timeout <timeout>
+
+ Timeout to wait reply for Interim-Update packets. (default 3 seconds)
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius dynamic-author server <address>
+
+ Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius dynamic-author port <port>
+
+ Port for Dynamic Authorization Extension server (DM/CoA)
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius dynamic-author key <secret>
+
+ Secret for Dynamic Authorization Extension server (DM/CoA)
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius max-try <number>
+
+ Maximum number of tries to send Access-Request/Accounting-Request queries
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius timeout <timeout>
+
+ Timeout to wait response from server (seconds)
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius nas-identifier <identifier>
+
+ Value to send to RADIUS server in NAS-Identifier attribute and to be matched
+ in DM/CoA requests.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius nas-ip-address <address>
+
+ Value to send to RADIUS server in NAS-IP-Address attribute and to be matched
+ in DM/CoA requests. Also DM/CoA server will bind to that address.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius source-address <address>
+
+ Source IPv4 address used in all RADIUS server queires.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius rate-limit attribute <attribute>
+
+ Specifies which RADIUS server attribute contains the rate limit information.
+ The default attribute is `Filter-Id`.
+
+.. note:: If you set a custom RADIUS attribute you must define it on both
+ dictionaries at RADIUS server and client.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius rate-limit enable
+
+ Enables bandwidth shaping via RADIUS.
+
+.. cfgcmd:: set vpn pptp remote-access authentication radius rate-limit vendor
+
+ Specifies the vendor dictionary, dictionary needs to be in
+ /usr/share/accel-ppp/radius.
+
+Received RADIUS attributes have a higher priority than parameters defined within
+the CLI configuration, refer to the explanation below.
+
+Allocation clients ip addresses by RADIUS
+=========================================
+
+If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP
+address will be allocated to the client and the option ``default-pool`` within the CLI
+config is being ignored.
+
+If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated
+from a predefined IP pool whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address
+will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6
+delegation pefix will be allocated from a predefined IPv6 pool ``delegate``
+whose name equals the attribute value.
+
+.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in
+ RFC6911. If they are not defined in your RADIUS server, add new dictionary_.
+
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change
+it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_.
+Define it in your RADIUS server.
+
+Renaming clients interfaces by RADIUS
+=====================================
+
+If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be
+renamed.
+
+.. note:: The value of the attribute ``NAS-Port-Id`` must be less than 16
+ characters, otherwise the interface won't be renamed.
+
+****
+IPv6
+****
+.. cfgcmd:: set vpn pptp remote-access ppp-options ipv6 <require | prefer | allow | deny>
+
+ Specifies IPv6 negotiation preference.
+
+ * **require** - Require IPv6 negotiation
+ * **prefer** - Ask client for IPv6 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv6 only if client requests
+ * **deny** - Do not negotiate IPv6 (default value)
+
+.. cfgcmd:: set vpn pptp remote-access client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
+ mask <number-of-bits>
+
+ Use this comand to set the IPv6 address pool from which an PPTP client
+ will get an IPv6 prefix of your defined length (mask) to terminate the
+ PPTP endpoint at their side. The mask length can be set from 48 to 128
+ bit long, the default value is 64.
+
+.. cfgcmd:: set vpn pptp remote-access client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
+ delegation-prefix <number-of-bits>
+
+ Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
+ PPTP. You will have to set your IPv6 pool and the length of the
+ delegation prefix. From the defined IPv6 pool you will be handing out
+ networks of the defined length (delegation-prefix). The length of the
+ delegation prefix can be set from 32 to 64 bit long.
+
+.. cfgcmd:: set vpn pptp remote-access default-ipv6-pool <IPv6-POOL-NAME>
+ Use this command to define default IPv6 address pool name.
-client example (debian 9)
-^^^^^^^^^^^^^^^^^^^^^^^^^
+.. code-block:: none
+
+ set vpn pptp remote-access ppp-options ipv6 allow
+ set vpn pptp remote-access client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56'
+ set vpn pptp remote-access client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64'
+ set vpn pptp remote-access default-ipv6-pool IPv6-POOL
+
+IPv6 Advanced Options
+=====================
+.. cfgcmd:: set vpn pptp remote-access ppp-options ipv6-accept-peer-interface-id
+
+ Accept peer interface identifier. By default is not defined.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options ipv6-interface-id <random | x:x:x:x>
+
+ Specifies fixed or random interface identifier for IPv6.
+ By default is fixed.
+
+ * **random** - Random interface identifier for IPv6
+ * **x:x:x:x** - Specify interface identifier for IPv6
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options ipv6-interface-id <random | x:x:x:x>
+
+ Specifies peer interface identifier for IPv6. By default is fixed.
+
+ * **random** - Random interface identifier for IPv6
+ * **x:x:x:x** - Specify interface identifier for IPv6
+ * **ipv4-addr** - Calculate interface identifier from IPv4 address.
+ * **calling-sid** - Calculate interface identifier from calling-station-id.
+
+*********
+Scripting
+*********
+
+.. cfgcmd:: set vpn pptp remote-access extended-scripts on-change <path_to_script>
+
+ Script to run when session interface changed by RADIUS CoA handling
+
+.. cfgcmd:: set vpn pptp remote-access extended-scripts on-down <path_to_script>
+
+ Script to run when session interface going to terminate
+
+.. cfgcmd:: set vpn pptp remote-access extended-scripts on-pre-up <path_to_script>
+
+ Script to run before session interface comes up
+
+.. cfgcmd:: set vpn pptp remote-access extended-scripts on-up <path_to_script>
+
+ Script to run when session interface is completely configured and started
+
+****************
+Advanced Options
+****************
+
+Authentication Advanced Options
+===============================
+
+.. cfgcmd:: set vpn pptp remote-access authentication local-users username <user> disable
+
+ Disable `<user>` account.
+
+.. cfgcmd:: set vpn pptp remote-access authentication local-users username <user> static-ip
+ <address>
+
+ Assign static IP address to `<user>` account.
+
+.. cfgcmd:: set vpn pptp remote-access authentication local-users username <user> rate-limit
+ download <bandwidth>
+
+ Download bandwidth limit in kbit/s for `<user>`.
+
+.. cfgcmd:: set vpn pptp remote-access authentication local-users username <user> rate-limit
+ upload <bandwidth>
+
+ Upload bandwidth limit in kbit/s for `<user>`.
+
+.. cfgcmd:: set vpn pptp remote-access authentication protocols
+ <pap | chap | mschap | mschap-v2>
+
+ Require the peer to authenticate itself using one of the following protocols:
+ pap, chap, mschap, mschap-v2.
+
+Client IP Pool Advanced Options
+===============================
+
+.. cfgcmd:: set vpn pptp remote-access client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
+
+ Use this command to define the next address pool name.
+
+PPP Advanced Options
+====================
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options disable-ccp
+
+ Disable Compression Control Protocol (CCP).
+ CCP is enabled by default.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options interface-cache <number>
+
+ Specifies number of interfaces to keep in cache. It means that don’t
+ destroy interface after corresponding session is destroyed, instead
+ place it to cache and use it later for new sessions repeatedly.
+ This should reduce kernel-level interface creation/deletion rate lack.
+ Default value is **0**.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options ipv4 <require | prefer | allow | deny>
+
+ Specifies IPv4 negotiation preference.
-Install the client software via apt and execute pptpsetup to generate the
-configuration.
+ * **require** - Require IPv4 negotiation
+ * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv4 only if client requests (Default value)
+ * **deny** - Do not negotiate IPv4
+.. cfgcmd:: set vpn pptp remote-access ppp-options lcp-echo-failure <number>
+
+ Defines the maximum `<number>` of unanswered echo requests. Upon reaching the
+ value `<number>`, the session will be reset. Default value is **3**.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options lcp-echo-interval <interval>
+
+ If this option is specified and is greater than 0, then the PPP module will
+ send LCP pings of the echo request every `<interval>` seconds.
+ Default value is **30**.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options lcp-echo-timeout
+
+ Specifies timeout in seconds to wait for any peer activity. If this option
+ specified it turns on adaptive lcp echo functionality and "lcp-echo-failure"
+ is not used. Default value is **0**.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options min-mtu <number>
+
+ Defines minimum acceptable MTU. If client will try to negotiate less then
+ specified MTU then it will be NAKed or disconnected if rejects greater MTU.
+ Default value is **100**.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options mppe <require | prefer | deny>
+
+ Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation
+ preference.
+
+ * **require** - ask client for mppe, if it rejects drop connection
+ * **prefer** - ask client for mppe, if it rejects don't fail. (Default value)
+ * **deny** - deny mppe
+
+ Default behavior - don't ask client for mppe, but allow it if client wants.
+ Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy
+ attribute.
+
+.. cfgcmd:: set vpn pptp remote-access ppp-options mru <number>
+
+ Defines preferred MRU. By default is not defined.
+
+Global Advanced options
+=======================
+
+.. cfgcmd:: set vpn pptp remote-access description <description>
+
+ Set description.
+
+.. cfgcmd:: set vpn pptp remote-access limits burst <value>
+
+ Burst count
+
+.. cfgcmd:: set vpn pptp remote-access limits connection-limit <value>
+
+ Acceptable rate of connections (e.g. 1/min, 60/sec)
+
+.. cfgcmd:: set vpn pptp remote-access limits timeout <value>
+
+ Timeout in seconds
+
+.. cfgcmd:: set vpn pptp remote-access mtu
+
+ Maximum Transmission Unit (MTU) (default: **1436**)
+
+.. cfgcmd:: set vpn pptp remote-access max-concurrent-sessions
+
+ Maximum number of concurrent session start attempts
+
+.. cfgcmd:: set vpn pptp remote-access name-server <address>
+
+ Connected client should use `<address>` as their DNS server. This
+ command accepts both IPv4 and IPv6 addresses. Up to two nameservers
+ can be configured for IPv4, up to three for IPv6.
+
+.. cfgcmd:: set vpn pptp remote-access shaper fwmark <1-2147483647>
+
+ Match firewall mark value
+
+.. cfgcmd:: set vpn pptp remote-access snmp master-agent
+
+ Enable SNMP
+
+.. cfgcmd:: set vpn pptp remote-access wins-server <address>
+
+ Windows Internet Name Service (WINS) servers propagated to client
+
+**********
+Monitoring
+**********
+
+.. opcmd:: show pptp-server sessions
+
+ Use this command to locally check the active sessions in the PPTP
+ server.
.. code-block:: none
- apt-get install pptp-linux
- pptpsetup --create TESTTUNNEL --server 10.1.1.120 --username test --password test --encrypt
- pon TESTTUNNEL
+ vyos@vyos:~$ show pptp-server sessions
+ ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
+ --------+----------+----------+-----+--------+----------------+------------+--------+----------+----------+----------
+ pptp0 | test | 10.0.0.2 | | | 192.168.10.100 | | active | 00:01:26 | 6.9 KiB | 220 B
-The command pon TESTUNNEL establishes the PPTP tunnel to the remote system.
+.. code-block:: none
+ vyos@vyos:~$ show pptp-server statistics
+ uptime: 0.00:04:52
+ cpu: 0%
+ mem(rss/virt): 5504/100176 kB
+ core:
+ mempool_allocated: 152007
+ mempool_available: 149007
+ thread_count: 1
+ thread_active: 1
+ context_count: 6
+ context_sleeping: 0
+ context_pending: 0
+ md_handler_count: 6
+ md_handler_pending: 0
+ timer_count: 2
+ timer_pending: 0
+ sessions:
+ starting: 0
+ active: 1
+ finishing: 0
+ pptp:
+ starting: 0
+ active: 1
-All tunnel sessions can be checked via:
+***************
+Troubleshooting
+***************
.. code-block:: none
- run sh pptp-server sessions
- ifname | username | calling-sid | ip | type | comp | state | uptime
- --------+----------+-------------+--------------+------+------+--------+----------
- ppp0 | test | 10.1.1.99 | 192.168.0.10 | pptp | mppe | active | 00:00:58
+ vyos@vyos:~$sudo journalctl -u accel-ppp@pptp -b 0
+
+ Feb 29 14:58:57 vyos accel-pptp[4629]: pptp: new connection from 192.168.10.100
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: recv [PPTP Start-Ctrl-Conn-Request <Version 1> <Framing 1> <Bearer 1> <Max-Chan 0>]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: send [PPTP Start-Ctrl-Conn-Reply <Version 1> <Result 1> <Error 0> <Framing 3> <Bearer 3> <Max-Chan 1>]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: recv [PPTP Outgoing-Call-Request <Call-ID 2961> <Call-Serial 2> <Min-BPS 300> <Max-BPS 100000000> <Bearer 3> <Framing 3> <Window-Size 64> <Delay 0>]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: send [PPTP Outgoing-Call-Reply <Call-ID 2> <Peer-Call-ID 2961> <Result 1> <Error 0> <Cause 0> <Speed 100000000> <Window-Size 64> <Delay 0> <Channel 0>]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: lcp_layer_init
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: auth_layer_init
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: ccp_layer_init
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: ipcp_layer_init
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: ipv6cp_layer_init
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: ppp establishing
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: lcp_layer_start
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: send [LCP ConfReq id=75 <auth PAP> <mru 1436> <magic 483920bd>]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: recv [PPTP Set-Link-Info]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: recv [LCP ConfReq id=0 <mru 1400> <magic 0142785a> <pcomp> <accomp> < d 3 6 >]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: send [LCP ConfRej id=0 <pcomp> <accomp> < d 3 6 >]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: recv [LCP ConfReq id=1 <mru 1400> <magic 0142785a>]
+ Feb 29 14:58:57 vyos accel-pptp[4629]: :: send [LCP ConfAck id=1]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: fsm timeout 9
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: send [LCP ConfReq id=75 <auth PAP> <mru 1436> <magic 483920bd>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [LCP ConfNak id=75 <auth MSCHAP-v2>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: send [LCP ConfReq id=76 <auth CHAP-md5> <mru 1436> <magic 483920bd>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [LCP ConfNak id=76 <auth MSCHAP-v2>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: send [LCP ConfReq id=77 <auth MSCHAP-v1> <mru 1436> <magic 483920bd>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [LCP ConfNak id=77 <auth MSCHAP-v2>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: send [LCP ConfReq id=78 <auth MSCHAP-v2> <mru 1436> <magic 483920bd>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [LCP ConfAck id=78 <auth MSCHAP-v2> <mru 1436> <magic 483920bd>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: lcp_layer_started
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: auth_layer_start
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: send [MSCHAP-v2 Challenge id=1 <8aa758781676e6a8e85c11963ee010>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [LCP Ident id=2 <MSRASV5.20>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [LCP Ident id=3 <MSRAS-0-MSEDGEWIN10>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: [43B blob data]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [PPTP Set-Link-Info]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: :: recv [MSCHAP-v2 Response id=1 <90c21af1091f745e8bf22388b058>, <e695ae5aae274c88a3fa1ee3dc9057aece4d53c87b9fea>, F=0, name="test"]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: connect: ppp0 <--> pptp(192.168.10.100)
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: ppp connected
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [MSCHAP-v2 Success id=1 "S=347F417CF04BEBBC7F75CFA7F43474C36FB218F9 M=Authentication succeeded"]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: test: authentication succeeded
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: auth_layer_started
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: ccp_layer_start
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [CCP ConfReq id=b9 <mppe +H -M +S -L -D -C>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: ipcp_layer_start
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: ipv6cp_layer_start
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: IPV6CP: discarding packet
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [LCP ProtoRej id=122 <8057>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: recv [IPCP ConfReq id=6 <addr 0.0.0.0> <dns1 0.0.0.0> <wins1 0.0.0.0> <dns2 0.0.0.0> <wins2 0.0.0.0>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [IPCP ConfReq id=3b <addr 10.0.0.1>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [IPCP ConfRej id=6 <dns1 0.0.0.0> <wins1 0.0.0.0> <dns2 0.0.0.0> <wins2 0.0.0.0>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: recv [LCP ProtoRej id=7 <80fd>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: ccp_layer_finished
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: recv [IPCP ConfAck id=3b <addr 10.0.0.1>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: recv [IPCP ConfReq id=8 <addr 0.0.0.0>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [IPCP ConfNak id=8 <addr 10.0.0.2>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: recv [IPCP ConfReq id=9 <addr 10.0.0.2>]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: send [IPCP ConfAck id=9]
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: ipcp_layer_started
+ Feb 29 14:59:00 vyos accel-pptp[4629]: ppp0:test: rename interface to 'pptp0'
+ Feb 29 14:59:00 vyos accel-pptp[4629]: pptp0:test: pptp: ppp started
+
+.. _accel-ppp: https://accel-ppp.org/
+.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911
+.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst
index 78cadfb5..ab0f623f 100644
--- a/docs/configuration/vpn/site2site_ipsec.rst
+++ b/docs/configuration/vpn/site2site_ipsec.rst
@@ -16,7 +16,8 @@ special characters. It is purely informational.
Each site-to-site peer has the next options:
* ``authentication`` - configure authentication between VyOS and a remote peer.
- Suboptions:
+ If pre-shared-secret mode is used, the secret key must be defined in
+ ``set vpn ipsec authentication`` and suboptions:
* ``psk`` - Preshared secret key name:
@@ -36,8 +37,7 @@ Each site-to-site peer has the next options:
* ``pre-shared-secret`` - use predefined shared secret phrase;
- * ``rsa`` - use simple shared RSA key. The key must be defined in the
- ``set vpn rsa-keys`` section;
+ * ``rsa`` - use simple shared RSA key.
* ``x509`` - use certificates infrastructure for authentication.
@@ -45,29 +45,26 @@ Each site-to-site peer has the next options:
address. Useful in case if the remote peer is behind NAT or if ``mode x509``
is used;
- * ``rsa-key-name`` - shared RSA key for authentication. The key must be defined
- in the ``set vpn rsa-keys`` section;
+ * ``rsa`` - options for RSA authentication mode:
- * ``use-x509-id`` - use local ID from x509 certificate. Cannot be used when
- ``id`` is defined;
+ * ``local-key`` - name of PKI key-pair with local private key
- * ``x509`` - options for x509 authentication mode:
+ * ``remote-key`` - name of PKI key-pair with remote public key
- * ``ca-cert-file`` - CA certificate file. Using for authenticating
- remote peer;
+ * ``passphrase`` - local private key passphrase
- * ``cert-file`` - certificate file, which will be used for authenticating
- local router on remote peer;
+ * ``use-x509-id`` - use local ID from x509 certificate. Cannot be used when
+ ``id`` is defined;
- * ``crl-file`` - file with the Certificate Revocation List. Using to check if
- a certificate for the remote peer is valid or revoked;
+ * ``x509`` - options for x509 authentication mode:
- * ``key`` - a private key, which will be used for authenticating local router
- on remote peer:
+ * ``ca-certificate`` - CA certificate in PKI configuration. Using for
+ authenticating remote peer;
- * ``file`` - path to the key file;
+ * ``certificate`` - certificate file in PKI configuration, which will be used
+ for authenticating local router on remote peer;
- * ``password`` - passphrase private key, if needed.
+ * ``passphrase`` - private key passphrase, if needed.
* ``connection-type`` - how to handle this connection process. Possible
variants:
@@ -113,6 +110,9 @@ Each site-to-site peer has the next options:
Hostname is a DNS name which could be used when a peer has a public IP
address and DNS name, but an IP address could be changed from time to time.
+* ``replay-window`` - IPsec replay window to configure for this CHILD_SA
+ (default: 32), a value of 0 disables IPsec replay protection
+
* ``tunnel`` - define criteria for traffic to be matched for encrypting and send
it to a peer:
@@ -127,6 +127,9 @@ Each site-to-site peer has the next options:
* ``prefix`` - IP network at local side.
+ * ``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value
+ more preferable)
+
* ``protocol`` - define the protocol for match traffic, which should be
encrypted and send to this peer;
diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst
index a9def827..3749eb7b 100644
--- a/docs/configuration/vpn/sstp.rst
+++ b/docs/configuration/vpn/sstp.rst
@@ -19,50 +19,43 @@ local and RADIUS authentication.
As SSTP provides PPP via a SSL/TLS channel the use of either publically signed
certificates as well as a private PKI is required.
-.. note:: All certificates should be stored on VyOS under ``/config/auth``. If
- certificates are not stored in the ``/config`` directory they will not be
- migrated during a software update.
+***********************
+Configuring SSTP Server
+***********************
Certificates
============
-Self Signed CA
---------------
-
-To generate the CA, the server private key and certificates the following
-commands can be used.
+Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate
.. code-block:: none
- vyos@vyos:~$ mkdir -p /config/user-data/sstp
- vyos@vyos:~$ openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 -keyout /config/user-data/sstp/server.key -out /config/user-data/sstp/server.crt
-
- Generating a 4096 bit RSA private key
- .........................++
- ...............................................................++
- writing new private key to 'server.key'
- [...]
- Country Name (2 letter code) [AU]:
- State or Province Name (full name) [Some-State]:
- Locality Name (eg, city) []:
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:
- Organizational Unit Name (eg, section) []:
- Common Name (e.g. server FQDN or YOUR name) []:
- Email Address []:
-
- vyos@vyos:~$ openssl req -new -x509 -key /config/user-data/sstp/server.key -out /config/user-data/sstp/ca.crt
- [...]
- Country Name (2 letter code) [AU]:
- State or Province Name (full name) [Some-State]:
- Locality Name (eg, city) []:
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:
- Organizational Unit Name (eg, section) []:
- Common Name (e.g. server FQDN or YOUR name) []:
- Email Address []:
+ vyos@vyos:~$ generate pki ca install CA
+
+.. code-block:: none
+ vyos@vyos:~$ generate pki certificate sign CA install Server
Configuration
=============
+.. code-block:: none
+
+ set vpn sstp authentication local-users username test password 'test'
+ set vpn sstp authentication mode 'local'
+ set vpn sstp client-ip-pool SSTP-POOL range '10.0.0.2-10.0.0.100'
+ set vpn sstp default-pool 'SSTP-POOL'
+ set vpn sstp gateway-address '10.0.0.1'
+ set vpn sstp ssl ca-certificate 'CA1'
+ set vpn sstp ssl certificate 'Server'
+
+.. cfgcmd:: set vpn sstp authentication mode <local | radius>
+
+ Set authentication backend. The configured authentication backend is used
+ for all queries.
+
+ * **radius**: All authentication queries are handled by a configured RADIUS
+ server.
+ * **local**: All authentication queries are handled locally.
.. cfgcmd:: set vpn sstp authentication local-users username <user> password
<pass>
@@ -70,137 +63,185 @@ Configuration
Create `<user>` for local authentication on this system. The users password
will be set to `<pass>`.
-.. cfgcmd:: set vpn sstp authentication local-users username <user> disable
+.. cfgcmd:: set vpn sstp client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
- Disable `<user>` account.
+ Use this command to define the first IP address of a pool of
+ addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``,
+ it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
+ used there is possibility to set host/netmask.
-.. cfgcmd:: set vpn sstp authentication local-users username <user> static-ip
- <address>
+.. cfgcmd:: set vpn sstp default-pool <POOL-NAME>
- Assign static IP address to `<user>` account.
+ Use this command to define default address pool name.
-.. cfgcmd:: set vpn sstp authentication local-users username <user> rate-limit
- download <bandwidth>
+.. cfgcmd:: set vpn sstp gateway-address <gateway>
- Download bandwidth limit in kbit/s for `<user>`.
+ Specifies single `<gateway>` IP address to be used as local address of PPP
+ interfaces.
-.. cfgcmd:: set vpn sstp authentication local-users username <user> rate-limit
- upload <bandwidth>
+.. cfgcmd:: set vpn sstp ssl ca-certificate <file>
- Upload bandwidth limit in kbit/s for `<user>`.
+ Name of installed certificate authority certificate.
-.. cfgcmd:: set vpn sstp authentication protocols
- <pap | chap | mschap | mschap-v2>
+.. cfgcmd:: set vpn sstp ssl certificate <file>
- Require the peer to authenticate itself using one of the following protocols:
- pap, chap, mschap, mschap-v2.
+ Name of installed server certificate.
-.. cfgcmd:: set vpn sstp authentication mode <local | radius>
+*********************************
+Configuring RADIUS authentication
+*********************************
- Set authentication backend. The configured authentication backend is used
- for all queries.
+To enable RADIUS based authentication, the authentication mode needs to be
+changed within the configuration. Previous settings like the local users, still
+exists within the configuration, however they are not used if the mode has been
+changed from local to radius. Once changed back to local, it will use all local
+accounts again.
- * **radius**: All authentication queries are handled by a configured RADIUS
- server.
- * **local**: All authentication queries are handled locally.
+.. code-block:: none
+ set vpn sstp authentication mode radius
-.. cfgcmd:: set vpn sstp gateway-address <gateway>
+.. cfgcmd:: set vpn sstp authentication radius server <server> key <secret>
- Specifies single `<gateway>` IP address to be used as local address of PPP
- interfaces.
+ Configure RADIUS `<server>` and its required shared `<secret>` for
+ communicating with the RADIUS server.
+Since the RADIUS server would be a single point of failure, multiple RADIUS
+servers can be setup and will be used subsequentially.
+For example:
-.. cfgcmd:: set vpn sstp port <port>
+.. code-block:: none
- Specifies the port `<port>` that the SSTP port will listen on (default 443).
+ set vpn sstp authentication radius server 10.0.0.1 key 'foo'
+ set vpn sstp authentication radius server 10.0.0.2 key 'foo'
+.. note:: Some RADIUS severs use an access control list which allows or denies
+ queries, make sure to add your VyOS router to the allowed client list.
-.. cfgcmd:: set vpn sstp client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
+RADIUS source address
+=====================
- Use this command to define the first IP address of a pool of
- addresses to be given to SSTP clients. If notation ``x.x.x.x-x.x.x.x``,
- it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
- used there is possibility to set host/netmask.
+If you are using OSPF as IGP, always the closest interface connected to the
+RADIUS server is used. You can bind all outgoing RADIUS requests
+to a single source IP e.g. the loopback interface.
-.. cfgcmd:: set vpn sstp client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
+.. cfgcmd:: set vpn sstp authentication radius source-address <address>
- Use this command to define the next address pool name.
+ Source IPv4 address used in all RADIUS server queires.
-.. cfgcmd:: set vpn sstp default-pool <POOL-NAME>
+.. note:: The ``source-address`` must be configured on one of VyOS interface.
+ Best practice would be a loopback or dummy interface.
- Use this command to define default address pool name.
+RADIUS advanced options
+=======================
+.. cfgcmd:: set vpn sstp authentication radius server <server> port <port>
-.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
- mask <number-of-bits>
+ Configure RADIUS `<server>` and its required port for authentication requests.
- Use this comand to set the IPv6 address pool from which an SSTP client
- will get an IPv6 prefix of your defined length (mask) to terminate the
- SSTP endpoint at their side. The mask length can be set from 48 to 128
- bit long, the default value is 64.
+.. cfgcmd:: set vpn sstp authentication radius server <server> fail-time <time>
+ Mark RADIUS server as offline for this given `<time>` in seconds.
-.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
- delegation-prefix <number-of-bits>
+.. cfgcmd:: set vpn sstp authentication radius server <server> disable
- Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
- SSTP. You will have to set your IPv6 pool and the length of the
- delegation prefix. From the defined IPv6 pool you will be handing out
- networks of the defined length (delegation-prefix). The length of the
- delegation prefix can be set from 32 to 64 bit long.
+ Temporary disable this RADIUS server.
+.. cfgcmd:: set vpn sstp authentication radius acct-timeout <timeout>
-.. cfgcmd:: set vpn sstp default-ipv6-pool <IPv6-POOL-NAME>
+ Timeout to wait reply for Interim-Update packets. (default 3 seconds)
- Use this command to define default IPv6 address pool name.
+.. cfgcmd:: set vpn sstp authentication radius dynamic-author server <address>
+ Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
-.. cfgcmd:: set vpn sstp name-server <address>
+.. cfgcmd:: set vpn sstp authentication radius dynamic-author port <port>
- Connected client should use `<address>` as their DNS server. This
- command accepts both IPv4 and IPv6 addresses. Up to two nameservers
- can be configured for IPv4, up to three for IPv6.
+ Port for Dynamic Authorization Extension server (DM/CoA)
-Maximum number of IPv4 nameservers
+.. cfgcmd:: set vpn sstp authentication radius dynamic-author key <secret>
-SSL Certificates
-----------------
+ Secret for Dynamic Authorization Extension server (DM/CoA)
-.. cfgcmd:: set vpn sstp ssl ca-cert-file <file>
+.. cfgcmd:: set vpn sstp authentication radius max-try <number>
- Path to `<file>` pointing to the certificate authority certificate.
+ Maximum number of tries to send Access-Request/Accounting-Request queries
-.. cfgcmd:: set vpn sstp ssl cert-file <file>
+.. cfgcmd:: set vpn sstp authentication radius timeout <timeout>
- Path to `<file>` pointing to the servers certificate (public portion).
+ Timeout to wait response from server (seconds)
+.. cfgcmd:: set vpn sstp authentication radius nas-identifier <identifier>
-PPP Settings
-------------
+ Value to send to RADIUS server in NAS-Identifier attribute and to be matched
+ in DM/CoA requests.
-.. cfgcmd:: set vpn sstp ppp-options disable-ccp
+.. cfgcmd:: set vpn sstp authentication radius nas-ip-address <address>
- Disable Compression Control Protocol (CCP).
- CCP is enabled by default.
+ Value to send to RADIUS server in NAS-IP-Address attribute and to be matched
+ in DM/CoA requests. Also DM/CoA server will bind to that address.
-.. cfgcmd:: set vpn sstp ppp-options interface-cache <number>
+.. cfgcmd:: set vpn sstp authentication radius source-address <address>
- Specifies number of interfaces to keep in cache. It means that don’t
- destroy interface after corresponding session is destroyed, instead
- place it to cache and use it later for new sessions repeatedly.
- This should reduce kernel-level interface creation/deletion rate lack.
- Default value is **0**.
+ Source IPv4 address used in all RADIUS server queires.
-.. cfgcmd:: set vpn sstp ppp-options ipv4 <require | prefer | allow | deny>
+.. cfgcmd:: set vpn sstp authentication radius rate-limit attribute <attribute>
- Specifies IPv4 negotiation preference.
+ Specifies which RADIUS server attribute contains the rate limit information.
+ The default attribute is `Filter-Id`.
- * **require** - Require IPv4 negotiation
- * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects
- * **allow** - Negotiate IPv4 only if client requests (Default value)
- * **deny** - Do not negotiate IPv4
+.. note:: If you set a custom RADIUS attribute you must define it on both
+ dictionaries at RADIUS server and client.
+
+.. cfgcmd:: set vpn sstp authentication radius rate-limit enable
+
+ Enables bandwidth shaping via RADIUS.
+
+.. cfgcmd:: set vpn sstp authentication radius rate-limit vendor
+
+ Specifies the vendor dictionary, dictionary needs to be in
+ /usr/share/accel-ppp/radius.
+Received RADIUS attributes have a higher priority than parameters defined within
+the CLI configuration, refer to the explanation below.
+
+Allocation clients ip addresses by RADIUS
+=========================================
+
+If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP
+address will be allocated to the client and the option ``default-pool`` within the CLI
+config is being ignored.
+
+If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated
+from a predefined IP pool whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address
+will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value.
+
+If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6
+delegation pefix will be allocated from a predefined IPv6 pool ``delegate``
+whose name equals the attribute value.
+
+.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in
+ RFC6911. If they are not defined in your RADIUS server, add new dictionary_.
+
+User interface can be put to VRF context via RADIUS Access-Accept packet, or change
+it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_.
+Define it in your RADIUS server.
+
+Renaming clients interfaces by RADIUS
+=====================================
+
+If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be
+renamed.
+
+.. note:: The value of the attribute ``NAS-Port-Id`` must be less than 16
+ characters, otherwise the interface won't be renamed.
+
+
+****
+IPv6
+****
.. cfgcmd:: set vpn sstp ppp-options ipv6 <require | prefer | allow | deny>
Specifies IPv6 negotiation preference.
@@ -210,6 +251,36 @@ PPP Settings
* **allow** - Negotiate IPv6 only if client requests
* **deny** - Do not negotiate IPv6 (default value)
+.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
+ mask <number-of-bits>
+
+ Use this comand to set the IPv6 address pool from which an SSTP client
+ will get an IPv6 prefix of your defined length (mask) to terminate the
+ SSTP endpoint at their side. The mask length can be set from 48 to 128
+ bit long, the default value is 64.
+
+.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
+ delegation-prefix <number-of-bits>
+
+ Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
+ SSTP. You will have to set your IPv6 pool and the length of the
+ delegation prefix. From the defined IPv6 pool you will be handing out
+ networks of the defined length (delegation-prefix). The length of the
+ delegation prefix can be set from 32 to 64 bit long.
+
+.. cfgcmd:: set vpn sstp default-ipv6-pool <IPv6-POOL-NAME>
+
+ Use this command to define default IPv6 address pool name.
+
+.. code-block:: none
+
+ set vpn sstp ppp-options ipv6 allow
+ set vpn sstp client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56'
+ set vpn sstp client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64'
+ set vpn sstp default-ipv6-pool IPv6-POOL
+
+IPv6 Advanced Options
+=====================
.. cfgcmd:: set vpn sstp ppp-options ipv6-accept-peer-interface-id
Accept peer interface identifier. By default is not defined.
@@ -231,6 +302,90 @@ PPP Settings
* **ipv4-addr** - Calculate interface identifier from IPv4 address.
* **calling-sid** - Calculate interface identifier from calling-station-id.
+*********
+Scripting
+*********
+
+.. cfgcmd:: set vpn sstp extended-scripts on-change <path_to_script>
+
+ Script to run when session interface changed by RADIUS CoA handling
+
+.. cfgcmd:: set vpn sstp extended-scripts on-down <path_to_script>
+
+ Script to run when session interface going to terminate
+
+.. cfgcmd:: set vpn sstp extended-scripts on-pre-up <path_to_script>
+
+ Script to run before session interface comes up
+
+.. cfgcmd:: set vpn sstp extended-scripts on-up <path_to_script>
+
+ Script to run when session interface is completely configured and started
+
+****************
+Advanced Options
+****************
+
+Authentication Advanced Options
+===============================
+
+.. cfgcmd:: set vpn sstp authentication local-users username <user> disable
+
+ Disable `<user>` account.
+
+.. cfgcmd:: set vpn sstp authentication local-users username <user> static-ip
+ <address>
+
+ Assign static IP address to `<user>` account.
+
+.. cfgcmd:: set vpn sstp authentication local-users username <user> rate-limit
+ download <bandwidth>
+
+ Download bandwidth limit in kbit/s for `<user>`.
+
+.. cfgcmd:: set vpn sstp authentication local-users username <user> rate-limit
+ upload <bandwidth>
+
+ Upload bandwidth limit in kbit/s for `<user>`.
+
+.. cfgcmd:: set vpn sstp authentication protocols
+ <pap | chap | mschap | mschap-v2>
+
+ Require the peer to authenticate itself using one of the following protocols:
+ pap, chap, mschap, mschap-v2.
+
+Client IP Pool Advanced Options
+===============================
+
+.. cfgcmd:: set vpn sstp client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
+
+ Use this command to define the next address pool name.
+
+PPP Advanced Options
+====================
+
+.. cfgcmd:: set vpn sstp ppp-options disable-ccp
+
+ Disable Compression Control Protocol (CCP).
+ CCP is enabled by default.
+
+.. cfgcmd:: set vpn sstp ppp-options interface-cache <number>
+
+ Specifies number of interfaces to keep in cache. It means that don’t
+ destroy interface after corresponding session is destroyed, instead
+ place it to cache and use it later for new sessions repeatedly.
+ This should reduce kernel-level interface creation/deletion rate lack.
+ Default value is **0**.
+
+.. cfgcmd:: set vpn sstp ppp-options ipv4 <require | prefer | allow | deny>
+
+ Specifies IPv4 negotiation preference.
+
+ * **require** - Require IPv4 negotiation
+ * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects
+ * **allow** - Negotiate IPv4 only if client requests (Default value)
+ * **deny** - Do not negotiate IPv4
+
.. cfgcmd:: set vpn sstp ppp-options lcp-echo-failure <number>
Defines the maximum `<number>` of unanswered echo requests. Upon reaching the
@@ -271,112 +426,61 @@ PPP Settings
Defines preferred MRU. By default is not defined.
+Global Advanced options
+=======================
-RADIUS
-------
-
-Server
-^^^^^^
-
-.. cfgcmd:: set vpn sstp authentication radius server <server> port <port>
+.. cfgcmd:: set vpn sstp description <description>
- Configure RADIUS `<server>` and its required port for authentication requests.
+ Set description.
-.. cfgcmd:: set vpn sstp authentication radius server <server> key <secret>
-
- Configure RADIUS `<server>` and its required shared `<secret>` for
- communicating with the RADIUS server.
+.. cfgcmd:: set vpn sstp limits burst <value>
-.. cfgcmd:: set vpn sstp authentication radius server <server> fail-time <time>
+ Burst count
- Mark RADIUS server as offline for this given `<time>` in seconds.
+.. cfgcmd:: set vpn sstp limits connection-limit <value>
-.. cfgcmd:: set vpn sstp authentication radius server <server> disable
+ Acceptable rate of connections (e.g. 1/min, 60/sec)
- Temporary disable this RADIUS server.
+.. cfgcmd:: set vpn sstp limits timeout <value>
-Options
-^^^^^^^
+ Timeout in seconds
-.. cfgcmd:: set vpn sstp authentication radius acct-timeout <timeout>
+.. cfgcmd:: set vpn sstp mtu
- Timeout to wait reply for Interim-Update packets. (default 3 seconds)
+ Maximum Transmission Unit (MTU) (default: **1500**)
-.. cfgcmd:: set vpn sstp authentication radius dynamic-author server <address>
+.. cfgcmd:: set vpn sstp max-concurrent-sessions
- Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
+ Maximum number of concurrent session start attempts
-.. cfgcmd:: set vpn sstp authentication radius dynamic-author port <port>
-
- Port for Dynamic Authorization Extension server (DM/CoA)
-
-.. cfgcmd:: set vpn sstp authentication radius dynamic-author key <secret>
-
- Secret for Dynamic Authorization Extension server (DM/CoA)
-
-.. cfgcmd:: set vpn sstp authentication radius max-try <number>
-
- Maximum number of tries to send Access-Request/Accounting-Request queries
-
-.. cfgcmd:: set vpn sstp authentication radius timeout <timeout>
-
- Timeout to wait response from server (seconds)
-
-.. cfgcmd:: set vpn sstp authentication radius nas-identifier <identifier>
-
- Value to send to RADIUS server in NAS-Identifier attribute and to be matched
- in DM/CoA requests.
-
-.. cfgcmd:: set vpn sstp authentication radius nas-ip-address <address>
-
- Value to send to RADIUS server in NAS-IP-Address attribute and to be matched
- in DM/CoA requests. Also DM/CoA server will bind to that address.
-
-.. cfgcmd:: set vpn sstp authentication radius source-address <address>
-
- Source IPv4 address used in all RADIUS server queires.
-
-.. cfgcmd:: set vpn sstp authentication radius rate-limit attribute <attribute>
-
- Specifies which RADIUS server attribute contains the rate limit information.
- The default attribute is `Filter-Id`.
-
-.. cfgcmd:: set vpn sstp authentication radius rate-limit enable
+.. cfgcmd:: set vpn sstp name-server <address>
- Enables bandwidth shaping via RADIUS.
+ Connected client should use `<address>` as their DNS server. This
+ command accepts both IPv4 and IPv6 addresses. Up to two nameservers
+ can be configured for IPv4, up to three for IPv6.
-.. cfgcmd:: set vpn sstp authentication radius rate-limit vendor
+.. cfgcmd:: set vpn sstp shaper fwmark <1-2147483647>
- Specifies the vendor dictionary, dictionary needs to be in
- /usr/share/accel-ppp/radius.
+ Match firewall mark value
+.. cfgcmd:: set vpn sstp snmp master-agent
-Example
-=======
+ Enable SNMP
-* Use local user `foo` with password `bar`
-* Client IP addresses will be provided from pool `192.0.2.0/25`
+.. cfgcmd:: set vpn sstp wins-server <address>
-.. code-block:: none
+ Windows Internet Name Service (WINS) servers propagated to client
- set vpn sstp authentication local-users username vyos password vyos
- set vpn sstp authentication mode local
- set vpn sstp gateway-address 192.0.2.254
- set vpn sstp client-ip-pool SSTP-POOL range 192.0.2.0/25
- set vpn sstp default-pool 'SSTP-POOL'
- set vpn sstp name-server 10.0.0.1
- set vpn sstp name-server 10.0.0.2
- set vpn sstp ssl ca-cert-file /config/auth/ca.crt
- set vpn sstp ssl cert-file /config/auth/server.crt
- set vpn sstp ssl key-file /config/auth/server.key
-
-Testing SSTP
-============
+***********************
+Configuring SSTP client
+***********************
Once you have setup your SSTP server there comes the time to do some basic
testing. The Linux client used for testing is called sstpc_. sstpc_ requires a
PPP configuration/peer file.
+If you use a self-signed certificate, do not forget to install CA on the client side.
+
The following PPP configuration tests MSCHAP-v2:
.. code-block:: none
@@ -429,8 +533,115 @@ A connection attempt will be shown as:
inet 100.64.2.2 peer 100.64.1.1/32 scope global ppp0
valid_lft forever preferred_lft forever
+**********
+Monitoring
+**********
+.. opcmd:: show sstp-server sessions
-.. _sstpc: https://github.com/reliablehosting/sstp-client
+ Use this command to locally check the active sessions in the SSTP
+ server.
+.. code-block:: none
+
+ vyos@vyos:~$ show sstp-server sessions
+ ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
+ --------+----------+----------+-----+--------+----------------+------------+--------+----------+----------+----------
+ sstp0 | test | 10.0.0.2 | | | 192.168.10.100 | | active | 00:15:46 | 16.3 KiB | 210 B
+
+.. code-block:: none
+
+ vyos@vyos:~$ show sstp-server statistics
+ uptime: 0.01:21:54
+ cpu: 0%
+ mem(rss/virt): 6688/100464 kB
+ core:
+ mempool_allocated: 149420
+ mempool_available: 146092
+ thread_count: 1
+ thread_active: 1
+ context_count: 6
+ context_sleeping: 0
+ context_pending: 0
+ md_handler_count: 7
+ md_handler_pending: 0
+ timer_count: 2
+ timer_pending: 0
+ sessions:
+ starting: 0
+ active: 1
+ finishing: 0
+ sstp:
+ starting: 0
+ active: 1
+
+***************
+Troubleshooting
+***************
+
+.. code-block:: none
+
+ vyos@vyos:~$sudo journalctl -u accel-ppp@sstp -b 0
+
+ Feb 28 17:03:04 vyos accel-sstp[2492]: sstp: new connection from 192.168.10.100:49852
+ Feb 28 17:03:04 vyos accel-sstp[2492]: sstp: starting
+ Feb 28 17:03:04 vyos accel-sstp[2492]: sstp: started
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [HTTP <SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [HTTP <SSTPCORRELATIONID: {48B82435-099A-4158-A987-052E7570CFAA}>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [HTTP <Content-Length: 18446744073709551615>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [HTTP <Host: vyos.io>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [HTTP <HTTP/1.1 200 OK>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [HTTP <Date: Wed, 28 Feb 2024 17:03:04 GMT>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [HTTP <Content-Length: 18446744073709551615>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [SSTP SSTP_MSG_CALL_CONNECT_REQUEST]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [SSTP SSTP_MSG_CALL_CONNECT_ACK]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: lcp_layer_init
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: auth_layer_init
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: ccp_layer_init
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: ipcp_layer_init
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: ipv6cp_layer_init
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: ppp establishing
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: lcp_layer_start
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [LCP ConfReq id=56 <auth PAP> <mru 1452> <magic 1cd9ad05>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [LCP ConfReq id=0 <mru 4091> <magic 345f64ca> <pcomp> <accomp> < d 3 6 >]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [LCP ConfRej id=0 <pcomp> <accomp> < d 3 6 >]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [LCP ConfReq id=1 <mru 4091> <magic 345f64ca>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [LCP ConfNak id=1 <mru 1452>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: recv [LCP ConfReq id=2 <mru 1452> <magic 345f64ca>]
+ Feb 28 17:03:04 vyos accel-sstp[2492]: :: send [LCP ConfAck id=2]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: fsm timeout 9
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: send [LCP ConfReq id=56 <auth PAP> <mru 1452> <magic 1cd9ad05>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: recv [LCP ConfAck id=56 <auth PAP> <mru 1452> <magic 1cd9ad05>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: lcp_layer_started
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: auth_layer_start
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: recv [LCP Ident id=3 <MSRASV5.20>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: recv [LCP Ident id=4 <MSRAS-0-MSEDGEWIN10>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: [50B blob data]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: :: recv [PAP AuthReq id=3]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: connect: ppp0 <--> sstp(192.168.10.100:49852)
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: ppp connected
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: send [PAP AuthAck id=3 "Authentication succeeded"]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: test: authentication succeeded
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: auth_layer_started
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: ccp_layer_start
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: ipcp_layer_start
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: ipv6cp_layer_start
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: recv [SSTP SSTP_MSG_CALL_CONNECTED]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: IPV6CP: discarding packet
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: send [LCP ProtoRej id=88 <8057>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: recv [IPCP ConfReq id=7 <addr 0.0.0.0> <dns1 0.0.0.0> <wins1 0.0.0.0> <dns2 0.0.0.0> <wins2 0.0.0.0>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: send [IPCP ConfReq id=25 <addr 10.0.0.1>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: send [IPCP ConfRej id=7 <dns1 0.0.0.0> <wins1 0.0.0.0> <dns2 0.0.0.0> <wins2 0.0.0.0>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: recv [IPCP ConfAck id=25 <addr 10.0.0.1>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: recv [IPCP ConfReq id=8 <addr 0.0.0.0>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: send [IPCP ConfNak id=8 <addr 10.0.0.5>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: recv [IPCP ConfReq id=9 <addr 10.0.0.5>]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: send [IPCP ConfAck id=9]
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: ipcp_layer_started
+ Feb 28 17:03:07 vyos accel-sstp[2492]: ppp0:test: rename interface to 'sstp0'
+ Feb 28 17:03:07 vyos accel-sstp[2492]: sstp0:test: sstp: ppp: started
+
+.. _sstpc: https://github.com/reliablehosting/sstp-client
+.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911
+.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
.. include:: /_include/common-references.txt
diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst
index bd482cd9..67eba886 100644
--- a/docs/configuration/vrf/index.rst
+++ b/docs/configuration/vrf/index.rst
@@ -67,6 +67,25 @@ can be used to filter which routes zebra will install in the kernel.
.. note:: If you choose any as the option that will cause all protocols that
are sending routes to zebra.
+Nexthop Tracking
+----------------
+
+Nexthop tracking resolve nexthops via the default route by default. This is enabled
+by default for a traditional profile of FRR which we use. It and can be disabled if
+you do not wan't to e.g. allow BGP to peer across the default route.
+
+.. cfgcmd:: set vrf name <name> ip nht no-resolve-via-default
+
+ Do not allow IPv4 nexthop tracking to resolve via the default route. This
+ parameter is configured per-VRF, so the command is also available in the VRF
+ subnode.
+
+.. cfgcmd:: set vrf name <name> ipv6 nht no-resolve-via-default
+
+ Do not allow IPv4 nexthop tracking to resolve via the default route. This
+ parameter is configured per-VRF, so the command is also available in the VRF
+ subnode.
+
Interfaces
----------
diff --git a/docs/copyright.md b/docs/copyright.md
index 2a06d761..97cc30ca 100644
--- a/docs/copyright.md
+++ b/docs/copyright.md
@@ -1,6 +1,6 @@
# Copyright Notice
-Copyright (C) 2018-2023 VyOS maintainers and contributors
+Copyright (C) 2018-2024 VyOS maintainers and contributors
Permission is granted to make and distribute verbatim copies of this manual
provided the copyright notice and this permission notice are preserved on all
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 49f5aeb6..3acbed25 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -56,7 +56,7 @@ commands:
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'OUTSIDE'
set interfaces ethernet eth1 address '192.168.0.1/24'
- set interfaces ethernet eth1 description 'INSIDE'
+ set interfaces ethernet eth1 description 'LAN'
SSH Management