From 8e5d2c529e87e5311868f77583578c8a9601801a Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 29 Oct 2024 13:22:21 +0100 Subject: manuell update translation from localazy --- docs/_locale/de/LC_MESSAGES/automation.mo | Bin 67434 -> 73082 bytes docs/_locale/de/LC_MESSAGES/cli.mo | Bin 32712 -> 41580 bytes docs/_locale/de/LC_MESSAGES/configexamples.mo | Bin 131703 -> 147579 bytes docs/_locale/de/LC_MESSAGES/configuration.mo | Bin 1245649 -> 1443889 bytes docs/_locale/de/LC_MESSAGES/contributing.mo | Bin 125898 -> 126326 bytes docs/_locale/de/LC_MESSAGES/index.mo | Bin 3852 -> 4424 bytes docs/_locale/de/LC_MESSAGES/installation.mo | Bin 103424 -> 116386 bytes docs/_locale/de/automation.pot | 97 +- docs/_locale/de/cli.pot | 340 +- docs/_locale/de/configexamples.pot | 511 +- docs/_locale/de/configuration.pot | 6795 +++++++++++++++++-------- docs/_locale/de/contributing.pot | 191 +- docs/_locale/de/index.pot | 32 +- docs/_locale/de/installation.pot | 623 ++- docs/_locale/en/LC_MESSAGES/automation.mo | Bin 67434 -> 73082 bytes docs/_locale/en/LC_MESSAGES/cli.mo | Bin 32712 -> 41580 bytes docs/_locale/en/LC_MESSAGES/configexamples.mo | Bin 131692 -> 147568 bytes docs/_locale/en/LC_MESSAGES/configuration.mo | Bin 1245610 -> 1443850 bytes docs/_locale/en/LC_MESSAGES/contributing.mo | Bin 123560 -> 123988 bytes docs/_locale/en/LC_MESSAGES/index.mo | Bin 3852 -> 4424 bytes docs/_locale/en/LC_MESSAGES/installation.mo | Bin 103424 -> 116386 bytes docs/_locale/es/LC_MESSAGES/automation.mo | Bin 70291 -> 75939 bytes docs/_locale/es/LC_MESSAGES/cli.mo | Bin 34630 -> 43498 bytes docs/_locale/es/LC_MESSAGES/configexamples.mo | Bin 139508 -> 155384 bytes docs/_locale/es/LC_MESSAGES/configuration.mo | Bin 1325980 -> 1524220 bytes docs/_locale/es/LC_MESSAGES/contributing.mo | Bin 131289 -> 131717 bytes docs/_locale/es/LC_MESSAGES/index.mo | Bin 3958 -> 4530 bytes docs/_locale/es/LC_MESSAGES/installation.mo | Bin 110960 -> 123922 bytes docs/_locale/es/automation.pot | 99 +- docs/_locale/es/cli.pot | 340 +- docs/_locale/es/configexamples.pot | 511 +- docs/_locale/es/configuration.pot | 6795 +++++++++++++++++-------- docs/_locale/es/contributing.pot | 191 +- docs/_locale/es/index.pot | 32 +- docs/_locale/es/installation.pot | 623 ++- docs/_locale/ja/LC_MESSAGES/automation.mo | Bin 67421 -> 73069 bytes docs/_locale/ja/LC_MESSAGES/cli.mo | Bin 32699 -> 41567 bytes docs/_locale/ja/LC_MESSAGES/configexamples.mo | Bin 131679 -> 147555 bytes docs/_locale/ja/LC_MESSAGES/configuration.mo | Bin 1245597 -> 1443837 bytes docs/_locale/ja/LC_MESSAGES/contributing.mo | Bin 123547 -> 123975 bytes docs/_locale/ja/LC_MESSAGES/index.mo | Bin 3839 -> 4411 bytes docs/_locale/ja/LC_MESSAGES/installation.mo | Bin 103411 -> 116373 bytes docs/_locale/ja/automation.pot | 99 +- docs/_locale/ja/cli.pot | 340 +- docs/_locale/ja/configexamples.pot | 511 +- docs/_locale/ja/configuration.pot | 6795 +++++++++++++++++-------- docs/_locale/ja/contributing.pot | 191 +- docs/_locale/ja/index.pot | 32 +- docs/_locale/ja/installation.pot | 623 ++- docs/_locale/pt/LC_MESSAGES/automation.mo | Bin 67442 -> 73090 bytes docs/_locale/pt/LC_MESSAGES/cli.mo | Bin 32720 -> 41588 bytes docs/_locale/pt/LC_MESSAGES/configexamples.mo | Bin 131700 -> 147576 bytes docs/_locale/pt/LC_MESSAGES/configuration.mo | Bin 1245618 -> 1443858 bytes docs/_locale/pt/LC_MESSAGES/contributing.mo | Bin 123568 -> 123996 bytes docs/_locale/pt/LC_MESSAGES/index.mo | Bin 3860 -> 4432 bytes docs/_locale/pt/LC_MESSAGES/installation.mo | Bin 103432 -> 116394 bytes docs/_locale/pt/automation.pot | 97 +- docs/_locale/pt/cli.pot | 340 +- docs/_locale/pt/configexamples.pot | 511 +- docs/_locale/pt/configuration.pot | 6795 +++++++++++++++++-------- docs/_locale/pt/contributing.pot | 191 +- docs/_locale/pt/index.pot | 32 +- docs/_locale/pt/installation.pot | 623 ++- docs/_locale/uk/LC_MESSAGES/automation.mo | Bin 80225 -> 85873 bytes docs/_locale/uk/LC_MESSAGES/cli.mo | Bin 43355 -> 52223 bytes docs/_locale/uk/LC_MESSAGES/configexamples.mo | Bin 175229 -> 191105 bytes docs/_locale/uk/LC_MESSAGES/configuration.mo | Bin 1643254 -> 1841494 bytes docs/_locale/uk/LC_MESSAGES/contributing.mo | Bin 160754 -> 161182 bytes docs/_locale/uk/LC_MESSAGES/index.mo | Bin 4783 -> 5355 bytes docs/_locale/uk/LC_MESSAGES/installation.mo | Bin 140114 -> 153076 bytes docs/_locale/uk/automation.pot | 99 +- docs/_locale/uk/cli.pot | 340 +- docs/_locale/uk/configexamples.pot | 511 +- docs/_locale/uk/configuration.pot | 6795 +++++++++++++++++-------- docs/_locale/uk/contributing.pot | 191 +- docs/_locale/uk/index.pot | 32 +- docs/_locale/uk/installation.pot | 623 ++- 77 files changed, 30693 insertions(+), 12258 deletions(-) (limited to 'docs') diff --git a/docs/_locale/de/LC_MESSAGES/automation.mo b/docs/_locale/de/LC_MESSAGES/automation.mo index d215e597..2ab299af 100644 Binary files a/docs/_locale/de/LC_MESSAGES/automation.mo and b/docs/_locale/de/LC_MESSAGES/automation.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/cli.mo b/docs/_locale/de/LC_MESSAGES/cli.mo index 02f6fdee..03785a55 100644 Binary files a/docs/_locale/de/LC_MESSAGES/cli.mo and b/docs/_locale/de/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/configexamples.mo b/docs/_locale/de/LC_MESSAGES/configexamples.mo index a4fde59a..f0c1dacb 100644 Binary files a/docs/_locale/de/LC_MESSAGES/configexamples.mo and b/docs/_locale/de/LC_MESSAGES/configexamples.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo index 7318a633..380562db 100644 Binary files a/docs/_locale/de/LC_MESSAGES/configuration.mo and b/docs/_locale/de/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/contributing.mo b/docs/_locale/de/LC_MESSAGES/contributing.mo index 13fb0c19..83871aff 100644 Binary files a/docs/_locale/de/LC_MESSAGES/contributing.mo and b/docs/_locale/de/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/index.mo b/docs/_locale/de/LC_MESSAGES/index.mo index fdea0b20..0a4b8fa4 100644 Binary files a/docs/_locale/de/LC_MESSAGES/index.mo and b/docs/_locale/de/LC_MESSAGES/index.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/installation.mo b/docs/_locale/de/LC_MESSAGES/installation.mo index 427f08fd..3252db21 100644 Binary files a/docs/_locale/de/LC_MESSAGES/installation.mo and b/docs/_locale/de/LC_MESSAGES/installation.mo differ diff --git a/docs/_locale/de/automation.pot b/docs/_locale/de/automation.pot index 480bfa35..e456b1ff 100644 --- a/docs/_locale/de/automation.pot +++ b/docs/_locale/de/automation.pot @@ -149,6 +149,10 @@ msgstr "1. Ansible doesn't connect via SSH to your AWS instance: you have to che msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." +#: ../../automation/terraform/terraformAWS.rst:266 +msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformvSphere.rst:23 msgid "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" msgstr "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" @@ -175,6 +179,10 @@ msgstr "1 Create an account with AWS and get your \"access_key\", \"secret key\" msgid "1 Create an account with Azure" msgstr "1 Create an account with Azure" +#: ../../automation/terraform/terraformGoogle.rst:22 +msgid "1 Create an account with Google Cloud and a new project" +msgstr "1 Create an account with Google Cloud and a new project" + #: ../../automation/terraform/terraformGoogle.rst:22 msgid "1 Create an account with google cloud and a new project" msgstr "1 Create an account with google cloud and a new project" @@ -183,6 +191,10 @@ msgstr "1 Create an account with google cloud and a new project" msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." +#: ../../automation/terraform/terraformGoogle.rst:344 +msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformAWS.rst:86 msgid "2.1 Create a0 UNIX or Windows instance" msgstr "2.1 Create a0 UNIX or Windows instance" @@ -245,6 +257,10 @@ msgstr "2.6 Type the commands :" msgid "2 Create a key pair_ and download your .pem key" msgstr "2 Create a key pair_ and download your .pem key" +#: ../../automation/terraform/terraformGoogle.rst:29 +msgid "2 Create a service aacount and download your key (.JSON)" +msgstr "2 Create a service aacount and download your key (.JSON)" + #: ../../automation/terraform/terraformAWS.rst:79 #: ../../automation/terraform/terraformAZ.rst:56 #: ../../automation/terraform/terraformGoogle.rst:78 @@ -306,6 +322,10 @@ msgstr "3.4 Copy all files from my folder /Ansible into your Ansible project (an msgid "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" msgstr "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" +#: ../../automation/terraform/terraformAWS.rst:38 +msgid "3 Create a security group_ for the new VyOS instance and open all traffic" +msgstr "3 Create a security group_ for the new VyOS instance and open all traffic" + #: ../../automation/terraform/terraformAWS.rst:81 msgid "3 Create the folder for example /root/aws/" msgstr "3 Create the folder for example /root/aws/" @@ -350,6 +370,10 @@ msgstr "4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, msgid "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" msgstr "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" +#: ../../automation/terraform/terraformGoogle.rst:82 +msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" +msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" + #: ../../automation/terraform/terraformGoogle.rst:82 msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" @@ -358,6 +382,14 @@ msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cf msgid "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" msgstr "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" +#: ../../automation/terraform/terraformGoogle.rst:62 +msgid "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" +msgstr "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:64 +msgid "5 Type the commands :" +msgstr "5 Type the commands :" + #: ../../automation/vyos-api.rst:41 msgid "API Endpoints" msgstr "API Endpoints" @@ -394,6 +426,10 @@ msgstr "A single-quote symbol is not allowed inside command or value." msgid "Accept minion key" msgstr "Accept minion key" +#: ../../automation/terraform/terraformGoogle.rst:333 +msgid "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" +msgstr "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" + #: ../../automation/terraform/terraformAWS.rst:255 msgid "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" msgstr "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" @@ -600,6 +636,10 @@ msgstr "Deploying VyOS in the AWS cloud" msgid "Deploying VyOS in the Azure cloud" msgstr "Deploying VyOS in the Azure cloud" +#: ../../automation/terraform/terraformGoogle.rst:6 +msgid "Deploying VyOS in the Google Cloud" +msgstr "Deploying VyOS in the Google Cloud" + #: ../../automation/terraform/terraformGoogle.rst:6 msgid "Deploying VyOS in the google cloud" msgstr "Deploying VyOS in the google cloud" @@ -660,6 +700,10 @@ msgstr "File contents of Ansible for AWS" msgid "File contents of Ansible for Azure" msgstr "File contents of Ansible for Azure" +#: ../../automation/terraform/terraformGoogle.rst:651 +msgid "File contents of Ansible for Google Cloud" +msgstr "File contents of Ansible for Google Cloud" + #: ../../automation/terraform/terraformGoogle.rst:651 msgid "File contents of Ansible for google cloud" msgstr "File contents of Ansible for google cloud" @@ -676,6 +720,10 @@ msgstr "File contents of Terrafom for AWS" msgid "File contents of Terrafom for Azure" msgstr "File contents of Terrafom for Azure" +#: ../../automation/terraform/terraformGoogle.rst:375 +msgid "File contents of Terrafom for Google Cloud" +msgstr "File contents of Terrafom for Google Cloud" + #: ../../automation/terraform/terraformGoogle.rst:375 msgid "File contents of Terrafom for google cloud" msgstr "File contents of Terrafom for google cloud" @@ -744,6 +792,10 @@ msgstr "Generate qcow image" msgid "Getting Started" msgstr "Getting Started" +#: ../../automation/terraform/terraformGoogle.rst:19 +msgid "Google Cloud" +msgstr "Google Cloud" + #: ../../automation/command-scripting.rst:82 msgid "Here is a simple example:" msgstr "Here is a simple example:" @@ -760,6 +812,10 @@ msgstr "How to create a single instance and install your configuration using Ter msgid "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" +#: ../../automation/terraform/terraformGoogle.rst:16 +msgid "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" +msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" + #: ../../automation/vyos-terraform.rst:987 msgid "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" @@ -780,6 +836,10 @@ msgstr "ISO files storage: ``local`` volume is used for ``.iso`` file storage. I msgid "If command ends in a value, it must be inside single quotes." msgstr "If command ends in a value, it must be inside single quotes." +#: ../../automation/cloud-init.rst:253 +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." + #: ../../automation/cloud-init.rst:253 msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." @@ -808,6 +868,10 @@ msgstr "In Proxmox server three files are going to be used for this setup:" msgid "In VyOS, by default, enables only two modules:" msgstr "In VyOS, by default, enables only two modules:" +#: ../../automation/terraform/terraformGoogle.rst:11 +msgid "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." +msgstr "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." + #: ../../automation/terraform/terraformAWS.rst:17 msgid "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." msgstr "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." @@ -984,6 +1048,10 @@ msgstr "Preparation steps for deploying VyOS on AWS" msgid "Preparation steps for deploying VyOS on Azure" msgstr "Preparation steps for deploying VyOS on Azure" +#: ../../automation/terraform/terraformGoogle.rst:14 +msgid "Preparation steps for deploying VyOS on Google" +msgstr "Preparation steps for deploying VyOS on Google" + #: ../../automation/terraform/terraformGoogle.rst:14 msgid "Preparation steps for deploying VyOS on google" msgstr "Preparation steps for deploying VyOS on google" @@ -1092,6 +1160,10 @@ msgstr "Sourse files for AWS from GIT" msgid "Sourse files for Azure from GIT" msgstr "Sourse files for Azure from GIT" +#: ../../automation/terraform/terraformGoogle.rst:703 +msgid "Sourse files for Google Cloud from GIT" +msgstr "Sourse files for Google Cloud from GIT" + #: ../../automation/terraform/terraformGoogle.rst:703 msgid "Sourse files for google cloud from GIT" msgstr "Sourse files for google cloud from GIT" @@ -1107,6 +1179,10 @@ msgstr "Sourse files for vSphere from GIT" msgid "Start" msgstr "Start" +#: ../../automation/terraform/terraformGoogle.rst:101 +msgid "Start creating a Google Cloud instance and check the result." +msgstr "Start creating a Google Cloud instance and check the result." + #: ../../automation/terraform/terraformGoogle.rst:101 msgid "Start creating a google cloud instance and check the result" msgstr "Start creating a google cloud instance and check the result" @@ -1140,6 +1216,10 @@ msgstr "Structure of files Ansible for AWS" msgid "Structure of files Ansible for Azure" msgstr "Structure of files Ansible for Azure" +#: ../../automation/terraform/terraformGoogle.rst:639 +msgid "Structure of files Ansible for Google Cloud" +msgstr "Structure of files Ansible for Google Cloud" + #: ../../automation/terraform/terraformGoogle.rst:639 msgid "Structure of files Ansible for google cloud" msgstr "Structure of files Ansible for google cloud" @@ -1162,6 +1242,10 @@ msgstr "Structure of files Terrafom for AWS" msgid "Structure of files Terrafom for Azure" msgstr "Structure of files Terrafom for Azure" +#: ../../automation/terraform/terraformGoogle.rst:362 +msgid "Structure of files Terrafom for Google Cloud" +msgstr "Structure of files Terrafom for Google Cloud" + #: ../../automation/terraform/terraformGoogle.rst:362 msgid "Structure of files Terrafom for google cloud" msgstr "Structure of files Terrafom for google cloud" @@ -1326,11 +1410,14 @@ msgstr "Troubleshooting" #: ../../automation/terraform/terraformAWS.rst:91 #: ../../automation/terraform/terraformAZ.rst:66 -#: ../../automation/terraform/terraformGoogle.rst:90 #: ../../automation/terraform/terraformvSphere.rst:65 msgid "Type the commands on your Terrafom instance:" msgstr "Type the commands on your Terrafom instance:" +#: ../../automation/terraform/terraformGoogle.rst:90 +msgid "Type the commands on your Terraform instance:" +msgstr "Type the commands on your Terraform instance:" + #: ../../automation/command-scripting.rst:39 msgid "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." msgstr "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." @@ -1467,6 +1554,10 @@ msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastruc msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +#: ../../automation/terraform/terraformGoogle.rst:8 +msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." + #: ../../automation/terraform/terraformGoogle.rst:8 msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." @@ -1614,6 +1705,10 @@ msgstr "main.tf" msgid "main.yml" msgstr "main.yml" +#: ../../automation/terraform/terraformGoogle.rst:84 +msgid "mykey.json you have to get using step 2 of the Google Cloud" +msgstr "mykey.json you have to get using step 2 of the Google Cloud" + #: ../../automation/terraform/terraformGoogle.rst:84 msgid "mykey.json you have to get using step 2 of the google cloud" msgstr "mykey.json you have to get using step 2 of the google cloud" diff --git a/docs/_locale/de/cli.pot b/docs/_locale/de/cli.pot index 70bb4156..b6203b8a 100644 --- a/docs/_locale/de/cli.pot +++ b/docs/_locale/de/cli.pot @@ -8,27 +8,55 @@ msgstr "" "Language: de\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../cli.rst:115 +#: ../../cli.rst:90 +msgid "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." +msgstr "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." + +#: ../../cli.rst:151 +msgid "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." +msgstr "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." + +#: ../../cli.rst:137 +msgid "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." +msgstr "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." + +#: ../../cli.rst:174 +msgid "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." +msgstr "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." + +#: ../../cli.rst:106 +msgid "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." +msgstr "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." + +#: ../../cli.rst:123 +msgid "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." +msgstr "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." + +#: ../../cli.rst:162 +msgid "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." +msgstr "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." + +#: ../../cli.rst:224 msgid "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." msgstr "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." -#: ../../cli.rst:382 +#: ../../cli.rst:491 msgid "**Example:**" msgstr "**Example:**" -#: ../../cli.rst:126 +#: ../../cli.rst:235 msgid "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." msgstr "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." -#: ../../cli.rst:120 +#: ../../cli.rst:229 msgid "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." msgstr "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." -#: ../../cli.rst:113 +#: ../../cli.rst:222 msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:579 +#: ../../cli.rst:688 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." @@ -36,35 +64,39 @@ msgstr "A reboot because you did not enter ``confirm`` will not take you necessa msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:700 +#: ../../cli.rst:810 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:654 +#: ../../cli.rst:769 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:542 +#: ../../cli.rst:651 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." -#: ../../cli.rst:355 +#: ../../cli.rst:464 msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:679 +#: ../../cli.rst:794 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." -#: ../../cli.rst:493 +#: ../../cli.rst:602 msgid "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." msgstr "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." -#: ../../cli.rst:221 +#: ../../cli.rst:330 msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." -#: ../../cli.rst:193 +#: ../../cli.rst:330 +msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." +msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." + +#: ../../cli.rst:302 msgid "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." msgstr "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." @@ -72,7 +104,7 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:704 +#: ../../cli.rst:814 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." @@ -80,23 +112,23 @@ msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also wo msgid "Compare configurations" msgstr "Compare configurations" -#: ../../cli.rst:75 +#: ../../cli.rst:184 msgid "Configuration Mode" msgstr "Configuration Mode" -#: ../../cli.rst:102 +#: ../../cli.rst:211 msgid "Configuration Overview" msgstr "Configuration Overview" -#: ../../cli.rst:457 +#: ../../cli.rst:566 msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:538 +#: ../../cli.rst:647 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:586 +#: ../../cli.rst:701 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +136,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:665 +#: ../../cli.rst:780 msgid "Example:" msgstr "Example:" @@ -112,7 +144,15 @@ msgstr "Example:" msgid "Example showing possible show commands:" msgstr "Example showing possible show commands:" -#: ../../cli.rst:433 +#: ../../cli.rst:96 +#: ../../cli.rst:140 +#: ../../cli.rst:154 +#: ../../cli.rst:166 +#: ../../cli.rst:178 +msgid "Examples:" +msgstr "Examples:" + +#: ../../cli.rst:542 msgid "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." @@ -120,19 +160,19 @@ msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` comma msgid "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." -#: ../../cli.rst:201 +#: ../../cli.rst:310 msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:936 +#: ../../cli.rst:1052 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:922 +#: ../../cli.rst:1038 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" -#: ../../cli.rst:413 +#: ../../cli.rst:522 msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" @@ -148,10 +188,26 @@ msgstr "Local Archive" msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:630 +#: ../../cli.rst:77 +msgid "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." +msgstr "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." + +#: ../../cli.rst:93 +msgid "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." +msgstr "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." + +#: ../../cli.rst:679 +msgid "Note that 'reload' loads the most recent completed configuration and does not require a reboot." +msgstr "Note that 'reload' loads the most recent completed configuration and does not require a reboot." + +#: ../../cli.rst:745 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." +#: ../../cli.rst:82 +msgid "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." +msgstr "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." + #: ../../cli.rst:11 msgid "Operational Mode" msgstr "Operational Mode" @@ -160,7 +216,11 @@ msgstr "Operational Mode" msgid "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." msgstr "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." -#: ../../cli.rst:85 +#: ../../cli.rst:75 +msgid "Operational mode command families" +msgstr "Operational mode command families" + +#: ../../cli.rst:194 msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." @@ -168,15 +228,15 @@ msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``e msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:619 +#: ../../cli.rst:734 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:920 +#: ../../cli.rst:926 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:728 +#: ../../cli.rst:838 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." @@ -184,15 +244,15 @@ msgstr "Revisions are stored on disk. You can view, compare and rollback them to msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:838 +#: ../../cli.rst:948 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:887 +#: ../../cli.rst:893 msgid "Saving and loading manually" msgstr "Saving and loading manually" -#: ../../cli.rst:94 +#: ../../cli.rst:203 msgid "See the configuration section of this document for more information on configuration mode." msgstr "See the configuration section of this document for more information on configuration mode." @@ -200,15 +260,19 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:813 +#: ../../cli.rst:923 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:864 +#: ../../cli.rst:985 +msgid "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." +msgstr "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." + +#: ../../cli.rst:974 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" -#: ../../cli.rst:111 +#: ../../cli.rst:220 msgid "Terminology" msgstr "Terminology" @@ -220,7 +284,7 @@ msgstr "The CLI provides a built-in help system. In the CLI the ``?`` key may be msgid "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." msgstr "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." -#: ../../cli.rst:378 +#: ../../cli.rst:487 msgid "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." msgstr "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." @@ -228,15 +292,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:656 +#: ../../cli.rst:771 msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:787 +#: ../../cli.rst:897 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:816 +#: ../../cli.rst:926 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -244,87 +308,103 @@ msgstr "The command above also lets you see the difference between two commits. msgid "The config mode" msgstr "The config mode" -#: ../../cli.rst:449 +#: ../../cli.rst:558 msgid "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." -#: ../../cli.rst:359 +#: ../../cli.rst:468 msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:875 +#: ../../cli.rst:669 +msgid "The definition of 'revert' and 'a previous configuration' depends on the setting:" +msgstr "The definition of 'revert' and 'a previous configuration' depends on the setting:" + +#: ../../cli.rst:988 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:933 +#: ../../cli.rst:1049 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." -#: ../../cli.rst:422 +#: ../../cli.rst:531 msgid "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." msgstr "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." -#: ../../cli.rst:475 +#: ../../cli.rst:584 msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:827 +#: ../../cli.rst:110 +msgid "They should be used with caution since they may have a significant impact on a particular users in the network." +msgstr "They should be used with caution since they may have a significant impact on a particular users in the network." + +#: ../../cli.rst:127 +msgid "They should be used with extreme caution." +msgstr "They should be used with extreme caution." + +#: ../../cli.rst:937 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." -#: ../../cli.rst:480 +#: ../../cli.rst:589 msgid "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." -#: ../../cli.rst:77 +#: ../../cli.rst:186 msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:661 +#: ../../cli.rst:776 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." -#: ../../cli.rst:225 +#: ../../cli.rst:334 msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:898 +#: ../../cli.rst:1014 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:511 +#: ../../cli.rst:620 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." -#: ../../cli.rst:454 +#: ../../cli.rst:563 msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:763 +#: ../../cli.rst:873 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:555 +#: ../../cli.rst:664 +msgid "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." +msgstr "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." + +#: ../../cli.rst:664 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:733 +#: ../../cli.rst:843 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." -#: ../../cli.rst:137 +#: ../../cli.rst:246 msgid "View the current active configuration, also known as the running configuration, from the operational mode." msgstr "View the current active configuration, also known as the running configuration, from the operational mode." -#: ../../cli.rst:233 +#: ../../cli.rst:342 msgid "View the current active configuration in JSON format." msgstr "View the current active configuration in JSON format." -#: ../../cli.rst:241 +#: ../../cli.rst:350 msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:855 +#: ../../cli.rst:965 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,15 +412,15 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:719 +#: ../../cli.rst:829 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:759 +#: ../../cli.rst:869 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." -#: ../../cli.rst:104 +#: ../../cli.rst:213 msgid "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." msgstr "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." @@ -348,19 +428,19 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:561 +#: ../../cli.rst:682 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:340 +#: ../../cli.rst:449 msgid "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." msgstr "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." -#: ../../cli.rst:351 +#: ../../cli.rst:460 msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:695 +#: ../../cli.rst:805 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +448,11 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:892 +#: ../../cli.rst:990 +msgid "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." +msgstr "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." + +#: ../../cli.rst:1008 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -380,19 +464,19 @@ msgstr "When viewing in page mode the following commands are available:" msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:370 +#: ../../cli.rst:479 msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:621 +#: ../../cli.rst:736 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:588 +#: ../../cli.rst:703 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:833 +#: ../../cli.rst:943 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,23 +484,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:504 +#: ../../cli.rst:613 msgid "You can specify a commit message with :cfgcmd:`commit comment `." msgstr "You can specify a commit message with :cfgcmd:`commit comment `." -#: ../../cli.rst:750 +#: ../../cli.rst:860 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:889 +#: ../../cli.rst:1005 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:877 +#: ../../cli.rst:993 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:930 +#: ../../cli.rst:1046 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -424,19 +508,43 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:869 +#: ../../cli.rst:98 +msgid "``clear console`` — clears the screen." +msgstr "``clear console`` — clears the screen." + +#: ../../cli.rst:99 +msgid "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." +msgstr "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." + +#: ../../cli.rst:101 +msgid "``clear log`` — deletes all system log entries." +msgstr "``clear log`` — deletes all system log entries." + +#: ../../cli.rst:156 +msgid "``execute wake-on-lan interface host `` — send a Wake-On-LAN packet to a host." +msgstr "``execute wake-on-lan interface host `` — send a Wake-On-LAN packet to a host." + +#: ../../cli.rst:142 +msgid "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." +msgstr "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." + +#: ../../cli.rst:144 +msgid "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." +msgstr "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." + +#: ../../cli.rst:979 msgid "``ftp://:@/``" msgstr "``ftp://:@/``" -#: ../../cli.rst:873 +#: ../../cli.rst:983 msgid "``git+https://:@/``" msgstr "``git+https://:@/``" -#: ../../cli.rst:867 +#: ../../cli.rst:977 msgid "``http://:@:/``" msgstr "``http://:@:/``" -#: ../../cli.rst:868 +#: ../../cli.rst:978 msgid "``https://:@:/``" msgstr "``https://:@:/``" @@ -444,30 +552,90 @@ msgstr "``https://:@:/``" msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." +#: ../../cli.rst:180 +msgid "``monitor log`` — continuously outputs latest system logs." +msgstr "``monitor log`` — continuously outputs latest system logs." + #: ../../cli.rst:65 msgid "``q`` key can be used to cancel output" msgstr "``q`` key can be used to cancel output" +#: ../../cli.rst:115 +msgid "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." +msgstr "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." + +#: ../../cli.rst:113 +msgid "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." +msgstr "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." + +#: ../../cli.rst:117 +msgid "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." +msgstr "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." + +#: ../../cli.rst:129 +msgid "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." +msgstr "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." + +#: ../../cli.rst:131 +msgid "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." +msgstr "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." + #: ../../cli.rst:68 msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:871 +#: ../../cli.rst:981 msgid "``scp://:@:/``" msgstr "``scp://:@:/``" -#: ../../cli.rst:870 +#: ../../cli.rst:980 msgid "``sftp://:@/``" msgstr "``sftp://:@/``" +#: ../../cli.rst:169 +msgid "``show ip route`` — displays the IPv4 routing table." +msgstr "``show ip route`` — displays the IPv4 routing table." + +#: ../../cli.rst:168 +msgid "``show system login`` — displays current system users." +msgstr "``show system login`` — displays current system users." + #: ../../cli.rst:66 msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:872 +#: ../../cli.rst:982 msgid "``tftp:///``" msgstr "``tftp:///``" #: ../../cli.rst:69 msgid "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" msgstr "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" + +#: ../../cli.rst:88 +msgid "clear" +msgstr "clear" + +#: ../../cli.rst:149 +msgid "execute" +msgstr "execute" + +#: ../../cli.rst:135 +msgid "force" +msgstr "force" + +#: ../../cli.rst:172 +msgid "monitor" +msgstr "monitor" + +#: ../../cli.rst:104 +msgid "reset" +msgstr "reset" + +#: ../../cli.rst:121 +msgid "restart" +msgstr "restart" + +#: ../../cli.rst:160 +msgid "show" +msgstr "show" diff --git a/docs/_locale/de/configexamples.pot b/docs/_locale/de/configexamples.pot index 94068912..c617e522 100644 --- a/docs/_locale/de/configexamples.pot +++ b/docs/_locale/de/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: de\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" @@ -36,7 +36,7 @@ msgstr "**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317) – T msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 by default" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." @@ -306,6 +306,35 @@ msgstr "A rule order for prioritizing traffic is useful in scenarios where the s msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Account at https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Allow all icmpv6 packets for router and LAN" msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "An L3VPN consists of multiple access links, multiple VPN routing and for msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "And ping the Branch PC from your central router to check the response." @@ -450,10 +535,23 @@ msgstr "And ping the Branch PC from your central router to check the response." msgid "And show all DHCP Leases" msgstr "And show all DHCP Leases" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Appendix-A" msgid "Appendix-B" msgstr "Appendix-B" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation `, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation `, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." @@ -503,7 +613,7 @@ msgstr "As we see shaper is working and the traffic will not work over 5 Mbit/s. msgid "Assign external IP addresses" msgstr "Assign external IP addresses" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Assuming the pings are successful, you need to add some DNS servers. Some options:" @@ -523,7 +633,7 @@ msgstr "At this point, you should be able to SSH into both of them, and will no msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." @@ -617,7 +727,35 @@ msgstr "Both LANs have to be able to route between each other, both will have ma msgid "Branch" msgstr "Branch" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." @@ -704,6 +842,8 @@ msgstr "Conclusions" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Configurations" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configure Wireguard" @@ -882,14 +1030,22 @@ msgstr "DHCP Relay trough GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "DHCPv6-PD Setup" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ cannot access LAN resources." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Design" @@ -902,6 +1058,27 @@ msgstr "Device-A" msgid "Device-B" msgstr "Device-B" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Duplicate configuration" @@ -914,7 +1091,7 @@ msgstr "During address configuration, in addition to assigning an address to the msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." @@ -939,10 +1116,14 @@ msgstr "Enable SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Enable SSH so you can now SSH into the routers, rather than using the console." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." @@ -992,7 +1173,11 @@ msgstr "Example Network" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Fill ``password`` and ``user`` with the credential provided by your ISP." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." @@ -1000,7 +1185,7 @@ msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, excep msgid "Finally, let’s check the reachability between CEs:" msgstr "Finally, let’s check the reachability between CEs:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "Firewall" @@ -1008,6 +1193,10 @@ msgstr "Firewall" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." @@ -1016,6 +1205,14 @@ msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgid "First, we configure the transport network and the Tunnel interface." msgstr "First, we configure the transport network and the Tunnel interface." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here ` for more information." msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here ` for more information." @@ -1024,14 +1221,30 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." @@ -1096,7 +1309,7 @@ msgstr "Hardware" msgid "Hardware Router - Port 8 of each switch" msgstr "Hardware Router - Port 8 of each switch" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Here is an example of an IPv6 DMZ-WAN ruleset." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "IP Schema" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "IPv4 Network" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "IPv6 Network" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "IPv6 Tunnel" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "I named the customers blue, red and green which is common practice in VR msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "If the client is connect successfully you can check the output with" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" @@ -1197,7 +1426,7 @@ msgstr "If we need to retrieve information about a specific host/network inside msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." @@ -1205,7 +1434,7 @@ msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." @@ -1213,23 +1442,23 @@ msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, y msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Image name: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone `` to ``firewall zone ``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone `` to ``firewall zone ``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "In the end, we will configure the traffic shaper using QoS mechanisms on msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS systems." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." @@ -1265,7 +1494,7 @@ msgstr "In this case, the hardware router has a different IP, so it would be" msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS `_ first." msgstr "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS `_ first." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." @@ -1289,7 +1518,7 @@ msgstr "In this example OpenVPN will be setup with a client certificate and user msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Inbound WAN connect to DMZ host." @@ -1350,22 +1583,26 @@ msgstr "Internal Network" msgid "Internet" msgstr "Internet" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." @@ -1374,11 +1611,11 @@ msgstr "It's important to note that all your existing configurations will be mig msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "It will look something like this:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN for Hub-and-Spoke connectivity with VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local and TUN (tunnel)" @@ -1438,15 +1675,15 @@ msgstr "LAN 1" msgid "LAN 2" msgstr "LAN 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "LAN Configuration" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "LAN can access DMZ resources." @@ -1501,7 +1738,7 @@ msgstr "Many other Hypervisors do this, and I'm hoping that this document will b msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Monitoring" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Multiple LAN/DMZ Setup" @@ -1530,7 +1767,7 @@ msgstr "NAT and conntrack-sync" msgid "NMP example" msgstr "NMP example" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "Native IPv4 and IPv6" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "Network Topology" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Network Topology Diagram" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2” router." msgstr "Next, we will replace only all CS4 labels on the “VyOS2” router." @@ -1587,10 +1829,14 @@ msgstr "Note that router1 is a VM that runs on one of the compute nodes." msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Notice, none go to WAN since WAN wouldn't have a v6 address on it." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Now, let’s check routing information on out Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Now enable replication between nodes. Replace eth0.201 with bond0.201 on msgid "Now generate all required certificates on the ovpn-server:" msgstr "Now generate all required certificates on the ovpn-server:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Now the Client is able to ping a public IPv6 address" @@ -1619,7 +1865,7 @@ msgstr "Now we perform some end-to-end testing" msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Now you should be able to ping a public IPv6 Address" @@ -1648,7 +1894,7 @@ msgstr "Once all routers can be safely remotely managed and the core network is msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Once you have all of your rulesets built, then you need to create your zone-policy." @@ -1676,6 +1922,10 @@ msgstr "One cable/logical connection between LAN2 and Internet" msgid "One cable/logical connection between LAN2 and Management" msgstr "One cable/logical connection between LAN2 and Management" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN with LDAP" @@ -1755,8 +2005,8 @@ msgstr "Ping the Client from the DHCP Server." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." @@ -1853,11 +2103,11 @@ msgstr "Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" msgid "Route-Filtering" msgstr "Route-Filtering" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." @@ -1883,10 +2133,15 @@ msgstr "Router B:" msgid "Router id's must be unique." msgstr "Router id's must be unique." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "Ruleset are created per zone-pair-direction." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Segment-routing IS-IS example" @@ -1919,7 +2174,7 @@ msgstr "Set the local subnet on eth2 and the public ip address eth1 on each site msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2”." msgstr "Set up bandwidth limits on the eth2 interface of the router “VyOS2”." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Sets your LAN interface's IP address" @@ -1931,6 +2186,10 @@ msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Setup the ipv6 default route to the tunnel interface" @@ -1943,23 +2202,31 @@ msgstr "Show routes for all VRFs" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Since we have 4 zones, we need to setup the following rulesets." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Single LAN Setup" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" @@ -1967,11 +2234,15 @@ msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Something like:" @@ -1980,7 +2251,7 @@ msgstr "Something like:" msgid "Spoke" msgstr "Spoke" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Start by setting the interface and default action for each zone." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Step-1: Configuring IGP and enabling MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "Testing" msgid "Testing and debugging" msgstr "Testing and debugging" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." @@ -2086,7 +2361,7 @@ msgstr "The Lab asume a full running Active Directory on the Windows Server. Her msgid "The Topology are consists of:" msgstr "The Topology are consists of:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "The ``commit`` command is implied after every section. If you make an er msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." @@ -2110,11 +2389,11 @@ msgstr "The configuration steps are the same as in the previous example, except msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." @@ -2126,7 +2405,7 @@ msgstr "The following software was used in the creation of this document:" msgid "The following template configuration can be used in each remote router based in our topology." msgstr "The following template configuration can be used in each remote router based in our topology." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "The format of these addresses:" @@ -2134,6 +2413,10 @@ msgstr "The format of these addresses:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "They want us to establish a BGP session to their routers on 192.0.2.11 a msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "This accomplishes a few things:" @@ -2214,6 +2501,10 @@ msgstr "This accomplishes a few things:" msgid "This chapter contains various configuration examples:" msgstr "This chapter contains various configuration examples:" +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "This document walks you through a complete HA setup of two VyOS machines msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "This example uses the failover mode." @@ -2282,7 +2581,7 @@ msgstr "This has a floating IP address of 10.200.201.1/24, using virtual router msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "This is an example of the three base rules." @@ -2306,6 +2605,10 @@ msgstr "This is ignoring the extra Out-of-band management networking, which shou msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." @@ -2330,6 +2633,10 @@ msgstr "This simple structure shows how to configure a DHCP Relay over a GRE Bri msgid "This will be visible in 'show ip route'." msgstr "This will be visible in 'show ip route'." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Thus you can easily match it to one of the devices/networks below." @@ -2338,7 +2645,7 @@ msgstr "Thus you can easily match it to one of the devices/networks below." msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "To add logging to the default rule, do:" @@ -2367,7 +2674,11 @@ msgstr "To reach the network, a route must be set on each VyOS host. In this str msgid "Topology" msgstr "Topology" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." @@ -2421,10 +2732,34 @@ msgstr "VMware: You must DISABLE SECURITY on this Port group. Make sure that ``P msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "VRRP Configuration" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." @@ -2608,6 +2943,10 @@ msgstr "Walkthrough suggestion" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." @@ -2632,7 +2971,7 @@ msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are lab msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "We have three networks." @@ -2688,6 +3027,10 @@ msgstr "When you have both routers up, you should be able to establish a connect msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "Wireguard" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "With Tunnelbroker.net, you have two options:" @@ -2716,6 +3059,10 @@ msgstr "With this command we are able to check the transport and customer label msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "You managed to come this far, now we want to see the network and routing msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "You should be able to ping to and from all the IPs you have allocated." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "You should now be able to ping something by IPv6 DNS name:" @@ -2736,11 +3083,11 @@ msgstr "You should now be able to ping something by IPv6 DNS name:" msgid "You should now be able to see the advertised network on the other host." msgstr "You should now be able to see the advertised network on the other host." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." @@ -2748,31 +3095,31 @@ msgstr "You would have to add a couple of rules on your wan-local ruleset to all msgid "Zone-Policy example" msgstr "Zone-Policy example" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Zones Basics" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Another subnet" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." @@ -2898,7 +3245,7 @@ msgstr "switch1 (Nexus 10gb Switch)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Nexus 10gb Switch)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "v6 pairs would be:" diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index dc70be5a..fd3396c0 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. Confirm the link type has been set to GRE:**" msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Confirm IP connectivity across the tunnel:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** - Most common version, but restricted to IPv4 flows only" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow version 9 (default)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Already-selected external check**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**Applies to:** Outbound Traffic." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -117,10 +121,14 @@ msgstr "**Apply the traffic policy to an interface ingress or egress**." msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" @@ -141,6 +149,14 @@ msgstr "**Cluster-List length check**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (protocol, destination address or source address)**" #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Example:**" @@ -189,19 +213,31 @@ msgstr "**Example:**" msgid "**External check**" msgstr "**External check**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**IGP cost check**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** * msgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues ` **as FQ-CoDel**." msgstr "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues ` **as FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vor 1.4-Rolling-YYYYMMDDHHMM gültig" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks `_" @@ -272,10 +334,14 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" @@ -345,6 +411,7 @@ msgstr "**Node 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Node 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Origin check**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,10 +526,26 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" +#: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + #: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Primary**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**Queueing discipline** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**Queueing discipline:** Hierarchical Token Bucket." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**Queueing discipline:** Ingress policer." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**Queueing discipline:** PFIFO (Packet First In First Out)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**Queueing discipline:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**Queueing discipline:** Tocken Bucket Filter." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Routes learned after routing policy applied:**" msgid "**Routes learned before routing policy applied:**" msgstr "**Routes learned before routing policy applied:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Secondary**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**Setting up IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**Status**" msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Two gateways and different metrics:**" @@ -585,7 +745,7 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** cannot be used with **network**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" @@ -644,10 +804,10 @@ msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" @@ -704,7 +864,7 @@ msgstr "**dhcp** interface address is received by DHCP from a DHCP server on thi msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It co msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** - Level-2 only adjacencies are formed" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: Network operations (interface, firewall, routing tables)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: Permission to create raw network sockets" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**no**: Do not restart containers on exit" @@ -843,7 +1007,7 @@ msgstr "**no**: Do not restart containers on exit" msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" @@ -868,17 +1032,17 @@ msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It config msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: All authentication queries are handled by a configured RADIUS server." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires ``." msgid "**remote side - commands**" msgstr "**remote side - commands**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**replace:** Relay information already present in a packet is stripped a msgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -985,11 +1149,11 @@ msgstr "**right**" msgid "**service** Service type. Requires ``." msgstr "**service** Service type. Requires ``." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**source** - specifies which packets the NAT translation rule applies to msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: Permission to set system clock" @@ -1017,7 +1185,7 @@ msgstr "**upstream:** The upstream network interface is the outgoing interface w msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** - Use new style of TLVs to carry wider metric." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0 if not defined, which means no refreshing." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0 if not defined." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "1-to-1 NAT" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 GBit/s" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 MBit/s" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 to 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 MBit/s" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "16" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1 if not defined." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2.5 GBit/s" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 GBit/s" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 GBit/s" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5 if not defined." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1428,10 +1640,10 @@ msgstr "6in4 (SIT)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "-: IPv6 range to match." msgid ": IPv6 address to match." msgstr ": IPv6 address to match." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "" msgstr "" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid " must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr " must be from 34 - 173. For 80 MHz channels it should be channel + 6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid " must be one of:" +msgstr " must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid " must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr " must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid " – area identifier through which a virtual link goes. – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr " – area identifier through which a virtual link goes. – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1544,6 +1765,10 @@ msgstr "A **port group** represents only port numbers, not the protocol. Port gr msgid "A *bit* is written as **bit**," msgstr "A *bit* is written as **bit**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "A bridge named `br100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "A class can have multiple match filters:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" @@ -1621,7 +1846,7 @@ msgstr "A complete LDAP auth OpenVPN configuration could look like the following msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1633,6 +1858,10 @@ msgstr "A default route is automatically installed once the interface is up. To msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." @@ -1645,7 +1874,7 @@ msgstr "A domain name is the label (name) assigned to a computer network and is msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." @@ -1669,6 +1898,10 @@ msgstr "A human readable description what this CA is about." msgid "A human readable description what this certificate is about." msgstr "A human readable description what this certificate is about." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." @@ -1685,6 +1918,10 @@ msgstr "A managed device is a network node that implements an SNMP interface tha msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "A match filter can contain multiple criteria and will match traffic if all those criteria are true." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." @@ -1693,7 +1930,7 @@ msgstr "A monitored static route conditions the installation to the RIB on the B msgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." @@ -1701,7 +1938,7 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "A query for which there is authoritatively no answer is cached to quickl msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." @@ -1755,15 +1997,19 @@ msgstr "A segment ID that contains an IP address prefix calculated by an IGP in msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." @@ -1771,11 +2017,11 @@ msgstr "A simple Random Early Detection (RED) policy would start randomly droppi msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "A simple example of Shaper using priorities." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." @@ -1783,7 +2029,7 @@ msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "A user friendly alias for this connection. Can be used instead of the de msgid "A user friendly description identifying the connected peripheral." msgstr "A user friendly description identifying the connected peripheral." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "A value of 0 disables ARP monitoring. The default value is 0." @@ -1823,11 +2069,11 @@ msgstr "A value of 0 disables ARP monitoring. The default value is 0." msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." @@ -1851,18 +2097,19 @@ msgstr "Accept SSH connections for the given `` on TCP port ``. Af msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "Access List Policy" msgid "Access Lists" msgstr "Access Lists" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." @@ -1882,18 +2129,18 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Active Directory" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Active health check backend server" @@ -1901,7 +2148,7 @@ msgstr "Active health check backend server" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Add Power Constraint element to Beacon and Probe Response frames." @@ -1909,15 +2156,15 @@ msgstr "Add Power Constraint element to Beacon and Probe Response frames." msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Add a forwarding rule matching UDP port on your internet router." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Add a host device to the container." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." @@ -1925,6 +2172,18 @@ msgstr "Add custom environment variables. Multiple environment variables are all msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Add default routes for routing ``table 10`` and ``table 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Add multiple source IP in one rule with same priority" @@ -1953,6 +2212,10 @@ msgstr "Add policy route matching VLAN source addresses" msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Add public key portion for the certificate named `name` to the VyOS CLI." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." @@ -1973,7 +2236,11 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -1985,6 +2252,10 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -2009,11 +2280,16 @@ msgstr "Address Families" msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Address pools" @@ -2021,7 +2297,7 @@ msgstr "Address pools" msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Advantages of OpenVPN are:" @@ -2057,6 +2341,10 @@ msgstr "Advantages of OpenVPN are:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Advertise DNS server per https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Agent - software which runs on managed devices" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "Alert" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Algorithm" @@ -2105,6 +2401,10 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/ msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "All facilities" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." @@ -2157,11 +2465,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -2169,15 +2477,15 @@ msgstr "All traffic to and from an interface within a zone is permitted." msgid "All tunnel sessions can be checked via:" msgstr "All tunnel sessions can be checked via:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Allocation clients ip addresses by RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Allow ``ssh`` dynamic-protection." @@ -2189,7 +2497,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from ``." msgstr "Allow cross-origin requests from ``." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from ``." msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." @@ -2213,17 +2521,17 @@ msgstr "Allow this BFD peer to not be directly connected" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "Allows to define URL path matching rules for a specific service." @@ -2235,16 +2543,19 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `` will be the next-hop interface where traffic is routed for the given ``." msgstr "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `` will be the next-hop interface where traffic is routed for the given ``." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" @@ -2253,10 +2564,22 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Alternate Routing Tables" @@ -2269,11 +2592,15 @@ msgstr "Alternate routing tables are used with policy based routing by utilizing msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." @@ -2289,7 +2620,7 @@ msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of msgid "An SNMP-managed network consists of three key components:" msgstr "An SNMP-managed network consists of three key components:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "An `` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." @@ -2301,10 +2632,18 @@ msgstr "An additional layer of symmetric-key crypto can be used on top of the as msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." +#: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + #: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." @@ -2317,7 +2656,7 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses `_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`." msgstr "An basic introduction to zone-based firewalls can be found `here `_, and an example at :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "An basic introduction to zone-based firewalls can be found `here ` interface to bridge ``. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Assign `` interface to bridge ``. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Assign a specific backend to a rule" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `` account." +msgstr "Assign a static IP address to `` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `` to VRF named ``." msgstr "Assign interface identified by `` to VRF named ``." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Assign member interfaces to PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `` account." msgstr "Assign static IP address to `` account." @@ -2624,55 +3027,55 @@ msgstr "Associates the previously generated private key to a specific WireGuard msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "Assured Forwarding(AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "Assured Forwarding(AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "Assured Forwarding(AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "Assured Forwarding(AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "Assured Forwarding(AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "Assured Forwarding(AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "Assured Forwarding(AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "Assured Forwarding(AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "Assured Forwarding(AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "Assured Forwarding(AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "Assured Forwarding(AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "Assured Forwarding(AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." @@ -2684,11 +3087,11 @@ msgstr "At the moment it not possible to look at the whole firewall log with VyO msgid "At the time of this writing the following displays are supported:" msgstr "At the time of this writing the following displays are supported:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Attaches user-defined network to a container. Only one network must be specified and must already exist." @@ -2696,15 +3099,15 @@ msgstr "Attaches user-defined network to a container. Only one network must be s msgid "Authentication" msgstr "Authentication" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Authentication application client-secret." msgid "Authentication application tenant-id" msgstr "Authentication application tenant-id" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" @@ -2764,6 +3167,10 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds." msgid "Autonomous Systems" msgstr "Autonomous Systems" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Avoiding \"leaky\" NAT" @@ -2844,10 +3251,18 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Babel" @@ -2860,15 +3275,15 @@ msgstr "Babel a dual stack protocol. A single Babel instance is able to perform msgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Balance algorithms:" @@ -2876,15 +3291,15 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2893,7 +3308,7 @@ msgstr "Bandwidth Shaping" msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2905,11 +3320,19 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Basic setup" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "Beamforming capabilities:" @@ -2953,11 +3381,19 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." @@ -2973,7 +3409,7 @@ msgstr "Below flow-chart could be a quick reference for the close-action combina msgid "Below is an example to configure a LNS:" msgstr "Below is an example to configure a LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "Best effort traffic, default" @@ -2985,11 +3421,11 @@ msgstr "Between computers, the most common configuration used was \"8N1\": eight msgid "Bidirectional NAT" msgstr "Bidirectional NAT" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "Binary value" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Binds eth1.241 and vxlan241 to each other by making them both member int msgid "Blackhole" msgstr "Blackhole" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Block source IP when their cumulative attack score exceeds threshold. The default is 30." @@ -3049,7 +3485,7 @@ msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Au msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "Branch 1's router might have the following lines:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Bridge Options" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgid "Bridge maximum aging `