From 6e1189cead232b8d720a39882469fd2c368c8dcc Mon Sep 17 00:00:00 2001
From: systeembeheerder <19684880+systeembeheerder@users.noreply.github.com>
Date: Mon, 24 Apr 2023 13:36:14 +0200
Subject: Update index.rst

add example of negated address group. Per https://forum.vyos.io/t/best-way-to-negate-a-address-group-match/9019/3
---
 docs/configuration/firewall/index.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index c2e584a3..ef41f198 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -357,7 +357,11 @@ There are a lot of matching criteria against which the package can be tested.
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination group
    address-group <name>
 
-   Use a specific address-group
+   Use a specific address-group. Thes can also be "negated" using '!'. For Example
+   
+   .. code-block:: none
+   
+       set firewall name WAN-IN-v4 rule 20 source group address-group '!TRUSTED-HOSTS'
 
 .. cfgcmd:: set firewall name <name> rule <1-999999> source group
    network-group <name>
-- 
cgit v1.2.3