From 54196d2ca6179685b511b1c5de139bb7d778bf1d Mon Sep 17 00:00:00 2001 From: Remi van Dijk | Link-it Date: Wed, 6 Jul 2022 11:43:33 +0200 Subject: Firewall: T4299: Add inverse-match to geoip --- docs/configuration/firewall/index.rst | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'docs/configuration/firewall/index.rst') diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 5081ce2f..a83ea2ae 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -325,15 +325,25 @@ There are a lot of matching criteria against which the package can be tested. .. cfgcmd:: set firewall name rule <1-999999> source geoip country-code +.. cfgcmd:: set firewall name rule <1-999999> source geoip inverse-match .. cfgcmd:: set firewall ipv6-name rule <1-999999> source geoip country-code +.. cfgcmd:: set firewall ipv6-name rule <1-999999> source geoip + inverse-match .. cfgcmd:: set firewall name rule <1-999999> destination geoip country-code +.. cfgcmd:: set firewall name rule <1-999999> destination geoip + inverse-match .. cfgcmd:: set firewall ipv6-name rule <1-999999> destination geoip country-code +.. cfgcmd:: set firewall ipv6-name rule <1-999999> destination geoip + inverse-match + +Match IP addresses based on its geolocation. +More info: `geoip matching +`_. -Match IP addresses based on its geolocation. More info: `geoip matching -`_ +Use inverse-match to match anything except the given country-codes. Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB @@ -531,10 +541,10 @@ Applying a Rule-Set to a Zone Before you are able to apply a rule-set to a zone you have to create the zones first. -It helps to think of the syntax as: (see below). The 'rule-set' should be +It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone* -.. cfgcmd:: set zone-policy zone from +.. cfgcmd:: set zone-policy zone from firewall name .. cfgcmd:: set zone-policy zone from firewall name @@ -829,4 +839,4 @@ Update geoip database .. opcmd:: update geoip - Command used to update GeoIP database and firewall sets. \ No newline at end of file + Command used to update GeoIP database and firewall sets. -- cgit v1.2.3