diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-11-27 17:20:36 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-11-27 17:20:38 +0100 |
| commit | 6aa3cbb611f74bdf8e44d5527f5138f3122a7497 (patch) | |
| tree | 009a1fe9447bdd980d5017d49f102e7ccdace03b /docs/appendix/examples/zone-policy.rst | |
| parent | 76bbe2744d7184ee50626d9d7b65f21dad1c7e99 (diff) | |
| download | vyos-documentation-6aa3cbb611f74bdf8e44d5527f5138f3122a7497.tar.gz vyos-documentation-6aa3cbb611f74bdf8e44d5527f5138f3122a7497.zip | |
Refactor "code-block:: sh" to "code-block:: console"
This will add proper new-lines into the rendered PDF. Before if it has
been a long line, not all content was preserved in the PDF.
Diffstat (limited to 'docs/appendix/examples/zone-policy.rst')
| -rw-r--r-- | docs/appendix/examples/zone-policy.rst | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/docs/appendix/examples/zone-policy.rst b/docs/appendix/examples/zone-policy.rst index d159d02d..66cc3338 100644 --- a/docs/appendix/examples/zone-policy.rst +++ b/docs/appendix/examples/zone-policy.rst @@ -8,7 +8,7 @@ Native IPv4 and IPv6 We have three networks. -.. code-block:: sh +.. code-block:: console WAN - 172.16.10.0/24, 2001:0DB8:0:9999::0/64 LAN - 192.168.100.0/24, 2001:0DB8:0:AAAA::0/64 @@ -25,7 +25,7 @@ WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30. It will look something like this: -.. code-block:: sh +.. code-block:: console interfaces { ethernet eth0 { @@ -80,7 +80,7 @@ ruleset. In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be. -.. code-block:: sh +.. code-block:: console Rule 1 - State Established, Related Rule 2 - State Invalid @@ -105,7 +105,7 @@ significant headaches when trying to troubleshoot a connectivity issue. To add logging to the default rule, do: -.. code-block:: sh +.. code-block:: console set firewall name <ruleSet> enable-default-log @@ -143,7 +143,7 @@ The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit. -.. code-block:: sh +.. code-block:: console WAN – DMZ:192.168.200.200 – tcp/80 WAN – DMZ:192.168.200.200 – tcp/443 @@ -195,7 +195,7 @@ then the source/destination address is not explicit. Since we have 4 zones, we need to setup the following rulesets. -.. code-block:: sh +.. code-block:: console Lan-wan Lan-local @@ -217,7 +217,7 @@ connection attempts. This is an example of the three base rules. -.. code-block:: sh +.. code-block:: console name wan-lan { default-action drop @@ -241,7 +241,7 @@ This is an example of the three base rules. Here is an example of an IPv6 DMZ-WAN ruleset. -.. code-block:: sh +.. code-block:: console ipv6-name dmz-wan-6 { default-action drop @@ -317,7 +317,7 @@ zone-policy. Start by setting the interface and default action for each zone. -.. code-block:: sh +.. code-block:: console set zone-policy zone dmz default-action drop set zone-policy zone dmz interface eth0.30 @@ -342,7 +342,7 @@ LAN, WAN, DMZ, local and TUN (tunnel) v6 pairs would be: -.. code-block:: sh +.. code-block:: console lan-tun lan-local @@ -363,7 +363,7 @@ You would have to add a couple of rules on your wan-local ruleset to allow proto Something like: -.. code-block:: sh +.. code-block:: console rule 400 { action accept |