From 7e36b163bd0799ed70a13ac01978c53d6553b950 Mon Sep 17 00:00:00 2001 From: Nick Anderegg Date: Tue, 12 Sep 2023 20:52:35 -0400 Subject: quick-start: adding missing rule to allow echo requests --- docs/quick-start.rst | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'docs') diff --git a/docs/quick-start.rst b/docs/quick-start.rst index 3a149c78..03bf4e47 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -300,25 +300,29 @@ group to 4 per minute: Allow Access to Services ------------------------ -We can now configure access to the services running on this router, allowing -all connections coming from localhost: +Here we're allowing the router to respond to pings. Then, we can allow access to +the DNS recursor we configured earlier, accepting traffic bound for port 53 from +all hosts on the ``NET-INSIDE-v4`` network: .. code-block:: none - set firewall ipv4 input filter rule 30 action 'accept' - set firewall ipv4 input filter rule 30 source address 127.0.0.0/8 - -Finally, we can allow access to the DNS recursor we configured earlier, -accepting traffic bound for port 53 from all hosts on the ``NET-INSIDE-v4`` -network: - -.. code-block:: none + set firewall ipv4 input filter rule 30 icmp type-name 'echo-request' + set firewall ipv4 input filter rule 30 protocol 'icmp' + set firewall ipv4 input filter rule 30 state new 'enable' set firewall ipv4 input filter rule 40 action 'accept' set firewall ipv4 input filter rule 40 destination port '53' set firewall ipv4 input filter rule 40 protocol 'tcp_udp' set firewall ipv4 input filter rule 40 source group network-group NET-INSIDE-v4 +Finally, we can now configure access to the services running on this router, allowing +all connections coming from localhost: + +.. code-block:: none + + set firewall ipv4 input filter rule 50 action 'accept' + set firewall ipv4 input filter rule 50 source address 127.0.0.0/8 + Commit changes, save the configuration, and exit configuration mode: .. code-block:: none -- cgit v1.2.3