Delete docs/configuration/firewall/index.rst~

1 files changed, 0 insertions, 179 deletions

diff --git a/docs/configuration/firewall/index.rst~ b/docs/configuration/firewall/index.rst~
deleted file mode 100644
index bdfc2069..00000000
--- a/docs/configuration/firewall/index.rst~
+++ /dev/null
@@ -1,179 +0,0 @@
-:lastproofread: 2023-11-23
-
-########
-Firewall
-########
-
-With VyOS being based on top of Linux and its kernel, the Netfilter project
-created iptables and its successor nftables for the Linux kernel to
-work directly on the data flows. This now extends the concept of zone-based
-security to allow for manipulating the data at multiple stages once accepted
-by the network interface and the driver before being handed off to the
-destination (e.g., a web server OR another device).
-
-A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in
-order to have a full view and understanding of how packets are processed, and
-what possible paths traffic can take.
-
-.. figure:: /_static/images/firewall-gral-packet-flow.png
-
-Main points regarding this packet flow and terminology used in VyOS firewall are below:
-
-   * **Bridge Port?**: choose appropriate path based on whether interface where the
-     packet was received is part of a bridge, or not.
-
-If interface where the packet was received isn't part of a bridge, then packet
-is processed at the **IP Layer**:
-
-   * **Prerouting**: several actions can be done in this stage, and currently
-     these actions are defined in different parts in VyOS configuration. Order
-     is important, and all these actions are performed before any actions
-     defined under ``firewall`` section. Relevant configuration that acts in
-     this stage are:
-
-      * **Conntrack Ignore**: rules defined under ``set system conntrack ignore
-        [ipv4 | ipv6] ...``.
-
-      * **Policy Route**: rules defined under ``set policy [route | route6]
-        ...``.
-
-      * **Destination NAT**: rules defined under ``set [nat | nat66]
-        destination...``.
-
-   * **Destination is the router?**: choose appropriate path based on
-     destination IP address. Transit forward continues to **forward**,
-     while traffic that destination IP address is configured on the router
-     continues to **input**.
-
-   * **Input**: stage where traffic destined for the router itself can be
-     filtered and controlled. This is where all rules for securing the router
-     should take place. This includes ipv4 and ipv6 filtering rules, defined
-     in:
-
-     * ``set firewall ipv4 input filter ...``.
-
-     * ``set firewall ipv6 input filter ...``.
-
-   * **Forward**: stage where transit traffic can be filtered and controlled.
-     This includes ipv4 and ipv6 filtering rules, defined in:
-
-     * ``set firewall ipv4 forward filter ...``.
-
-     * ``set firewall ipv6 forward filter ...``.
-
-   * **Output**: stage where traffic that originates from the router itself
-     can be filtered and controlled. Bear in mind that this traffic can be a
-     new connection originated by a internal process running on VyOS router,
-     such as NTP, or a response to traffic received externaly through
-     **inputt** (for example response to an ssh login attempt to the router).
-     This includes ipv4 and ipv6 filtering rules, defined in:
-
-     * ``set firewall ipv4 input filter ...``.
-
-     * ``set firewall ipv6 output filter ...``.
-
-   * **Postrouting**: as in **Prerouting**, several actions defined in
-     different parts of VyOS configuration are performed in this
-     stage. This includes:
-
-     * **Source NAT**: rules defined under ``set [nat | nat66]
-       destination...``.
-
-If interface where the packet was received is part of a bridge, then packet
-is processed at the **Bridge Layer**, which contains a basic setup for
-bridge filtering:
-
-   * **Forward (Bridge)**: stage where traffic that is trespasing through the
-     bridge is filtered and controlled:
-
-     * ``set firewall bridge forward filter ...``.
-
-Main structure VyOS firewall cli is shown next:
-
-.. code-block:: none
-
-   - set firewall
-       * bridge
-            - forward
-               + filter
-       * flowtable
-            - custom_flow_table
-               + ...
-       * global-options
-            + all-ping
-            + broadcast-ping
-            + ...
-       * group
-            - address-group
-            - ipv6-address-group
-            - network-group
-            - ipv6-network-group
-            - interface-group
-            - mac-group
-            - port-group
-            - domain-group
-       * ipv4
-            - forward
-               + filter
-            - input
-               + filter
-            - output
-               + filter
-            - name
-               + custom_name
-       * ipv6
-            - forward
-               + filter
-            - input
-               + filter
-            - output
-               + filter
-            - ipv6-name
-               + custom_name
-       * zone
-            - custom_zone_name
-               + ...
-
-Please, refer to appropiate section for more information about firewall
-configuration:
-
-.. toctree::
-   :maxdepth: 1
-   :includehidden:
-
-   global-options
-   groups
-   bridge
-   ipv4
-   ipv6
-   flowtables
-
-.. note:: **For more information**
-   of Netfilter hooks and Linux networking packet flows can be
-   found in `Netfilter-Hooks
-   <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_
-
-
-Zone-based firewall
-^^^^^^^^^^^^^^^^^^^
-.. toctree::
-   :maxdepth: 1
-   :includehidden:
-
-   zone
-
-With zone-based firewalls a new concept was implemented, in addtion to the
-standard in and out traffic flows, a local flow was added. This local was for
-traffic originating and destined to the router itself. Which means additional
-rules were required to secure the firewall itself from the network, in
-addition to the existing inbound and outbound rules from the traditional
-concept above.
-
-To configure VyOS with the
-:doc:`zone-based firewall configuration </configuration/firewall/zone>`
-
-As the example image below shows, the device now needs rules to allow/block
-traffic to or from the services running on the device that have open
-connections on that interface.
-
-.. figure:: /_static/images/firewall-zonebased.png