From 5a6d1fd06294f84799a4103df0aa4b69c026533b Mon Sep 17 00:00:00 2001
From: "Ginko (Giggum)" <152240782+Giggum@users.noreply.github.com>
Date: Thu, 7 Mar 2024 11:56:17 -0500
Subject: Added conntrack-helper rules from T5614 to ipv4 rules documentation

---
 docs/configuration/firewall/ipv4.rst | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index 9a683d22..ff739418 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -324,6 +324,29 @@ There are a lot of matching criteria against which the packet can be tested.
 
    Match criteria based on connection mark.
 
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   conntrack-helper <module>
+.. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
+   conntrack-helper <module>
+.. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
+   conntrack-helper <module>
+.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
+   conntrack-helper <module>
+
+   Match based on connection tracking protocol helper module to secure use of 
+   that helper module. See below for possible completions `<module>`. 
+
+   .. code-block:: none
+
+      Possible completions:
+      ftp                  Related traffic from FTP helper
+      h323                 Related traffic from H.323 helper
+      pptp                 Related traffic from PPTP helper
+      nfs                  Related traffic from NFS helper
+      sip                  Related traffic from SIP helper
+      tftp                 Related traffic from TFTP helper
+      sqlnet               Related traffic from SQLNet helper
+
 .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
    source address [address | addressrange | CIDR]
 .. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
-- 
cgit v1.2.3