From fe416b56cfa30494172a0310c16fd2787330c7bb Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Fri, 14 Jun 2024 11:14:53 -0300 Subject: Configuration Blueprints: add new example for firewall+vrf. Also, add note about usage of inbound and outbound interface when interface is attached to a non-default vrf. --- docs/configuration/firewall/ipv4.rst | 8 ++++++++ docs/configuration/firewall/ipv6.rst | 8 ++++++++ 2 files changed, 16 insertions(+) (limited to 'docs/configuration') diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index e53f2480..39370c86 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -732,6 +732,10 @@ geoip) to keep database and rules updated. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using + **inbound-interface**, vrf name must be used. For example ``set firewall + ipv4 forward filter rule 10 inbound-interface name MGMT`` + .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> inbound-interface group .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> @@ -753,6 +757,10 @@ geoip) to keep database and rules updated. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using + **outbound-interface**, real interface name must be used. For example + ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0`` + .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> outbound-interface group .. cfgcmd:: set firewall ipv4 output filter rule <1-999999> diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 423f3e09..511fd51f 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -723,6 +723,10 @@ geoip) to keep database and rules updated. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using + **inbound-interface**, vrf name must be used. For example ``set firewall + ipv6 forward filter rule 10 inbound-interface name MGMT`` + .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> inbound-interface group .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> @@ -744,6 +748,10 @@ geoip) to keep database and rules updated. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2`` +.. note:: If an interface is attached to a non-default vrf, when using + **outbound-interface**, real interface name must be used. For example + ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0`` + .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> outbound-interface group .. cfgcmd:: set firewall ipv6 output filter rule <1-999999> -- cgit v1.2.3