Refactor "code-block:: sh" to "code-block:: console"

This will add proper new-lines into the rendered PDF. Before if it has
been a long line, not all content was preserved in the PDF.

8 files changed, 73 insertions, 73 deletions

diff --git a/docs/appendix/examples/azure-vpn-bgp.rst b/docs/appendix/examples/azure-vpn-bgp.rst
index 818817ae..896f43d4 100644
--- a/docs/appendix/examples/azure-vpn-bgp.rst
+++ b/docs/appendix/examples/azure-vpn-bgp.rst
@@ -52,7 +52,7 @@ Vyos configuration
 - Configure the IKE and ESP settings to match a subset
   of those supported by Azure:
 
-.. code-block:: sh
+.. code-block:: console
 
   set vpn ipsec esp-group AZURE compression 'disable'
   set vpn ipsec esp-group AZURE lifetime '3600'
@@ -73,26 +73,26 @@ Vyos configuration
 
 - Enable IPsec on eth0
 
-.. code-block:: sh
+.. code-block:: console
 
   set vpn ipsec ipsec-interfaces interface 'eth0'
 
 - Configure a VTI with a dummy IP address
 
-.. code-block:: sh
+.. code-block:: console
 
   set interfaces vti vti1 address '10.10.1.5/32'
   set interfaces vti vti1 description 'Azure Tunnel'
 
 - Clamp the VTI's MSS to 1350 to avoid PMTU blackholes.
 
-.. code-block:: sh
+.. code-block:: console
 
   set firewall options interface vti1 adjust-mss 1350
 
 - Configure the VPN tunnel
 
-.. code-block:: sh
+.. code-block:: console
 
   set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3'
   set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret'
@@ -108,13 +108,13 @@ Vyos configuration
 
 - **Important**: Add an interface route to reach Azure's BGP listener
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1
 
 - Configure your BGP settings
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
   set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
@@ -123,6 +123,6 @@ Vyos configuration
 
 - **Important**: Disable connected check \
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
diff --git a/docs/appendix/examples/azure-vpn-dual-bgp.rst b/docs/appendix/examples/azure-vpn-dual-bgp.rst
index 4cbcde3b..27007709 100644
--- a/docs/appendix/examples/azure-vpn-dual-bgp.rst
+++ b/docs/appendix/examples/azure-vpn-dual-bgp.rst
@@ -55,7 +55,7 @@ Vyos configuration
 - Configure the IKE and ESP settings to match a subset
   of those supported by Azure:
 
-.. code-block:: sh
+.. code-block:: console
 
   set vpn ipsec esp-group AZURE compression 'disable'
   set vpn ipsec esp-group AZURE lifetime '3600'
@@ -76,13 +76,13 @@ Vyos configuration
 
 - Enable IPsec on eth0
 
-.. code-block:: sh
+.. code-block:: console
 
   set vpn ipsec ipsec-interfaces interface 'eth0'
 
 - Configure two VTIs with a dummy IP address each
 
-.. code-block:: sh
+.. code-block:: console
 
   set interfaces vti vti1 address '10.10.1.5/32'
   set interfaces vti vti1 description 'Azure Primary Tunnel'
@@ -92,14 +92,14 @@ Vyos configuration
 
 - Clamp the VTI's MSS to 1350 to avoid PMTU blackholes.
 
-.. code-block:: sh
+.. code-block:: console
 
   set firewall options interface vti1 adjust-mss 1350
   set firewall options interface vti2 adjust-mss 1350
 
 - Configure the VPN tunnels
 
-.. code-block:: sh
+.. code-block:: console
 
   set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3'
   set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret'
@@ -127,14 +127,14 @@ Vyos configuration
 
 - **Important**: Add an interface route to reach both Azure's BGP listeners
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1
   set protocols static interface-route 10.0.0.5/32 next-hop-interface vti2
 
 - Configure your BGP settings
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
   set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
@@ -149,7 +149,7 @@ Vyos configuration
 - **Important**: Disable connected check, otherwise the routes learned
   from Azure will not be imported into the routing table.
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
   set protocols bgp 64499 neighbor 10.0.0.5 disable-connected-check
diff --git a/docs/appendix/examples/bgp-ipv6-unnumbered.rst b/docs/appendix/examples/bgp-ipv6-unnumbered.rst
index 910ae3ab..0aceee01 100644
--- a/docs/appendix/examples/bgp-ipv6-unnumbered.rst
+++ b/docs/appendix/examples/bgp-ipv6-unnumbered.rst
@@ -10,7 +10,7 @@ Configuration
 
 - Router A:
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols bgp 65020 address-family ipv4-unicast redistribute connected
   set protocols bgp 65020 address-family ipv6-unicast redistribute connected
@@ -29,7 +29,7 @@ Configuration
 
 - Router B:
 
-.. code-block:: sh
+.. code-block:: console
 
   set protocols bgp 65021 address-family ipv4-unicast redistribute connected
   set protocols bgp 65021 address-family ipv6-unicast redistribute connected
@@ -51,7 +51,7 @@ Results
 
 - Router A:
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show interfaces
   Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -64,7 +64,7 @@ Results
                    192.168.0.1/32
                    ::1/128
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show ip route
   Codes: K - kernel route, C - connected, S - static, R - RIP,
@@ -79,7 +79,7 @@ Results
   B>* 192.168.0.2/32 [20/0] via fe80::a00:27ff:fe3b:7ed2, eth2, 00:05:07
     *                       via fe80::a00:27ff:fe7b:4000, eth1, 00:05:07
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ ping 192.168.0.2
   PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
@@ -93,7 +93,7 @@ Results
   5 packets transmitted, 5 received, 0% packet loss, time 4086ms
   rtt min/avg/max/mdev = 0.575/0.612/0.682/0.047 ms
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show ip bgp summary
 
@@ -112,7 +112,7 @@ Results
 
 - Router B:
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show interfaces
   Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -125,7 +125,7 @@ Results
                    192.168.0.2/32
                    ::1/128
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show ip route
   Codes: K - kernel route, C - connected, S - static, R - RIP,
@@ -140,7 +140,7 @@ Results
     *                       via fe80::a00:27ff:fe93:e142, eth2, 00:06:18
   C>* 192.168.0.2/32 is directly connected, lo, 00:44:11
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ ping 192.168.0.1
   PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
@@ -153,7 +153,7 @@ Results
   4 packets transmitted, 4 received, 0% packet loss, time 3051ms
   rtt min/avg/max/mdev = 0.427/0.598/0.782/0.155 ms
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show ip bgp summary
   IPv4 Unicast Summary:
diff --git a/docs/appendix/examples/dmvpn.rst b/docs/appendix/examples/dmvpn.rst
index f247cade..4ccce3d9 100644
--- a/docs/appendix/examples/dmvpn.rst
+++ b/docs/appendix/examples/dmvpn.rst
@@ -9,7 +9,7 @@ General infomration can be found in the :ref:`vpn-dmvpn` chapter.
 Configuration
 ^^^^^^^^^^^^^
 
-.. code-block:: sh
+.. code-block:: console
 
   set interfaces tunnel tun100 address '172.16.253.134/29'
   set interfaces tunnel tun100 encapsulation 'gre'
@@ -54,7 +54,7 @@ Cisco IOS Spoke
 This example is verified with a Cisco 2811 platform running IOS 15.1(4)M9 and
 VyOS 1.1.7 (helium) up to VyOS 1.2 (Crux).
 
-.. code-block:: sh
+.. code-block:: console
 
   Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M9, RELEASE SOFTWARE (fc3)
   Technical Support: http://www.cisco.com/techsupport
@@ -65,7 +65,7 @@ VyOS 1.1.7 (helium) up to VyOS 1.2 (Crux).
 
 Use this configuration on your Cisco device:
 
-.. code-block:: sh
+.. code-block:: console
 
   crypto pki token default removal timeout 0
   crypto keyring DMVPN
diff --git a/docs/appendix/examples/ha.rst b/docs/appendix/examples/ha.rst
index d0338b09..cd60f8e4 100644
--- a/docs/appendix/examples/ha.rst
+++ b/docs/appendix/examples/ha.rst
@@ -94,7 +94,7 @@ Bonding on Hardware Router
 
 Create a LACP bond on the hardware router. We are assuming that eth0 and eth1 are connected to port 8 on both switches, and that those ports are configured as a Port-Channel.
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces bonding bond0 description 'Switch Port-Channel'
    set interfaces bonding bond0 hash-policy 'layer2'
@@ -111,14 +111,14 @@ VLAN 100 and 201 will have floating IP addresses, but VLAN50 does not, as this i
 
 For the hardware router, replace ``eth0`` with ``bond0``. As (almost) every command is identical, this will not be specified unless different things need to be performed on different hosts.
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet eth0 vif 50 address '192.0.2.21/24'
 
 
 In this case, the hardware router has a different IP, so it would be
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet bond0 vif 50 address '192.0.2.22/24'
 
@@ -128,7 +128,7 @@ Add (temporary) default route, and enable SSH
 
 It is assumed that the routers provided by upstream are capable of acting as a default router. Add that as a static route, and enable SSH so you can now SSH into the routers, rather than using the console.
 
-.. code-block:: sh
+.. code-block:: console
 
    set protocols static route 0.0.0.0/0 next-hop 192.0.2.11
    set service ssh
@@ -158,7 +158,7 @@ This has a floating IP address of 10.200.201.1, using virtual router ID 201. The
 router1
 ~~~~~~~
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet eth0 vif 201 address 10.200.201.2/24
    set high-availability vrrp group int hello-source-address '10.200.201.2'
@@ -173,7 +173,7 @@ router1
 router2
 ~~~~~~~
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet bond0 vif 201 address 10.200.201.3/24
    set high-availability vrrp group int hello-source-address '10.200.201.3'
@@ -194,7 +194,7 @@ The virtual router ID is just a random number between 1 and 254, and can be set
 router1
 ~~~~~~~
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet eth0 vif 100 address 203.0.113.2/24
    set high-availability vrrp group public hello-source-address '203.0.113.2'
@@ -209,7 +209,7 @@ router1
 router2
 ~~~~~~~
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet bond0 vif 100 address 203.0.113.3/24
    set high-availability vrrp group public hello-source-address '203.0.113.3'
@@ -226,7 +226,7 @@ Create vrrp sync-group
 
 The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``. 
 
-.. code-block:: sh
+.. code-block:: console
 
    set high-availability vrrp sync-group sync member 'int'
 
@@ -236,7 +236,7 @@ Testing
 
 At this point, you should be able to see both IP addresses when you run ``show interfaces``\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2).
 
-.. code-block:: sh
+.. code-block:: console
 
    vyos@router1:~$ show vrrp
    Name      Interface      VRID  State    Last Transition
@@ -254,7 +254,7 @@ NAT and conntrack-sync
 Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface. 
 Note we explicitly exclude the primary upstream network so that BGP or OSPF traffic doesn't accidentally get NAT'ed.
 
-.. code-block:: sh
+.. code-block:: console
 
    set nat source rule 10 destination address '!192.0.2.0/24'
    set nat source rule 10 outbound-interface 'eth0.50'
@@ -267,7 +267,7 @@ Configure conntrack-sync and disable helpers
 
 Most conntrack modules cause more problems than they're worth, especially in a complex network. Turn them off by default, and if you need to turn them on later, you can do so. 
 
-.. code-block:: sh
+.. code-block:: console
 
    set system conntrack modules ftp disable
    set system conntrack modules gre disable
@@ -279,7 +279,7 @@ Most conntrack modules cause more problems than they're worth, especially in a c
 
 Now enable replication between nodes. Replace eth0.201 with bond0.201 on the hardware router.
 
-.. code-block:: sh
+.. code-block:: console
 
    set service conntrack-sync accept-protocol 'tcp,udp,icmp'
    set service conntrack-sync event-listen-queue-size '8'
@@ -315,7 +315,7 @@ router1
 
 Replace the 99.99.99.99 with whatever the other router's IP address is.
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces wireguard wg01 address '10.254.60.1/30'
    set interfaces wireguard wg01 description 'router1-to-offsite1'
@@ -339,7 +339,7 @@ offsite1
 
 This is connecting back to the STATIC IP of router1, not the floating.
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces wireguard wg01 address '10.254.60.2/30'
    set interfaces wireguard wg01 description 'offsite1-to-router1'
@@ -373,7 +373,7 @@ This filter is applied to ``redistribute connected``.  If we WERE to advertise i
 via their default route, establish the connection, and then OSPF would say '192.0.2.0/24 is available via this tunnel', at which point
 the tunnel would break, OSPF would drop the routes, and then 192.0.2.0/24 would be reachable via default again. This is called 'flapping'.
 
-.. code-block:: sh
+.. code-block:: console
 
    set policy access-list 150 description 'Outbound OSPF Redistribution'
    set policy access-list 150 rule 10 action 'permit'
@@ -394,7 +394,7 @@ Create Import Filter
 
 We only want to import networks we know about. Our OSPF peer should only be advertising networks in the 10.201.0.0/16 range. Note that this is an INVERSE MATCH. You deny in access-list 100 to accept the route.
 
-.. code-block:: sh
+.. code-block:: console
 
    set policy access-list 100 description 'Inbound OSPF Routes from Peers'
    set policy access-list 100 rule 10 action 'deny'
@@ -415,7 +415,7 @@ Enable OSPF
 Every router **must** have a unique router-id.
 The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly. 
 
-.. code-block:: sh
+.. code-block:: console
 
    set protocols ospf area 0.0.0.0 authentication 'md5'
    set protocols ospf area 0.0.0.0 network '10.254.60.0/24'
@@ -440,7 +440,7 @@ As a reminder, only advertise routes that you are the default router for. This i
 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that
 network over a tunnel that connects to that network!
 
-.. code-block:: sh
+.. code-block:: console
 
    set protocols ospf access-list 150 export 'connected'
    set protocols ospf redistribute connected
@@ -458,7 +458,7 @@ Priorities
 
 Set the cost on the secondary links to be 200. This means that they will not be used unless the primary links are down.
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces wireguard wg01 ip ospf cost '10'
    set interfaces wireguard wg02 ip ospf cost '200'
@@ -476,7 +476,7 @@ router1
 
 The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24.
 
-.. code-block:: sh
+.. code-block:: console
 
    set policy prefix-list BGPOUT description 'BGP Export List'
    set policy prefix-list BGPOUT rule 10 action 'deny'
diff --git a/docs/appendix/examples/ospf-unnumbered.rst b/docs/appendix/examples/ospf-unnumbered.rst
index 04f2cb7e..13e5f961 100644
--- a/docs/appendix/examples/ospf-unnumbered.rst
+++ b/docs/appendix/examples/ospf-unnumbered.rst
@@ -10,7 +10,7 @@ Configuration
 
 - Router A:
 
-.. code-block:: sh
+.. code-block:: console
 
   set interfaces ethernet eth0 address '10.0.0.1/24'
   set interfaces ethernet eth1 address '192.168.0.1/32'
@@ -27,7 +27,7 @@ Configuration
 
 - Router B:
 
-.. code-block:: sh
+.. code-block:: console
 
   set interfaces ethernet eth0 address '10.0.0.2/24'
   set interfaces ethernet eth1 address '192.168.0.2/32'
@@ -48,7 +48,7 @@ Results
 
 - Router A:
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show interfaces 
   Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -63,7 +63,7 @@ Results
   vyos@vyos:~$ 
 
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show ip route 
   Codes: K - kernel route, C - connected, S - static, R - RIP,
@@ -87,7 +87,7 @@ Results
 
 - Router B:
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show interfaces 
   Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -102,7 +102,7 @@ Results
   vyos@vyos:~$ 
 
 
-.. code-block:: sh
+.. code-block:: console
 
   vyos@vyos:~$ show ip route 
   Codes: K - kernel route, C - connected, S - static, R - RIP,
diff --git a/docs/appendix/examples/tunnelbroker-ipv6.rst b/docs/appendix/examples/tunnelbroker-ipv6.rst
index e05d77a5..234d9cf1 100644
--- a/docs/appendix/examples/tunnelbroker-ipv6.rst
+++ b/docs/appendix/examples/tunnelbroker-ipv6.rst
@@ -17,7 +17,7 @@ Setting up the initial tunnel
 
 - Set up the initial IPv6 tunnel. Replace the field below from the fields on the `Tunnelbroker.net <https://www.tunnelbroker.net/>`_ tunnel information page.
 
-.. code-block:: sh
+.. code-block:: console
 
     conf
     set interfaces tunnel tun0 address Client_IPv6_from_Tunnelbroker    # This will be your VyOS install's public IPv6 address
@@ -34,7 +34,7 @@ Setting up the initial tunnel
 
 - At this point you should be able to ping an IPv6 address. Try pinging Google:
 
-.. code-block:: sh
+.. code-block:: console
 
    ping6 -c2 2001:4860:4860::8888
 
@@ -47,7 +47,7 @@ Setting up the initial tunnel
 
 - Assuming the pings are successful, you need to add some DNS servers. Some options:
 
-.. code-block:: sh
+.. code-block:: console
 
    set system name-server 2001:4860:4860::8888  # Google
    set system name-server 2001:4860:4860::8844  # Google
@@ -57,7 +57,7 @@ Setting up the initial tunnel
 
 - You should now be able to ping something by IPv6 DNS name:
 
-.. code-block:: sh
+.. code-block:: console
 
    # ping6 -c2 one.one.one.one
    PING one.one.one.one(one.one.one.one) 56 data bytes
@@ -87,7 +87,7 @@ Single LAN Setup
 
 Single LAN setup where eth1 is your LAN interface.  Use the /64 (all the xxxx should be replaced with the information from your `Routed /64` tunnel):
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64'    
    set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8888'
@@ -118,7 +118,7 @@ In the above examples, 1,2,ffff are all chosen by you.  You can use 1-ffff (1-65
 
 So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc:
 
-.. code-block:: sh
+.. code-block:: console
 
    set interfaces ethernet eth1 address '2001:470:xxxx:1::1/64'
    set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8888'
diff --git a/docs/appendix/examples/zone-policy.rst b/docs/appendix/examples/zone-policy.rst
index d159d02d..66cc3338 100644
--- a/docs/appendix/examples/zone-policy.rst
+++ b/docs/appendix/examples/zone-policy.rst
@@ -8,7 +8,7 @@ Native IPv4 and IPv6
 
 We have three networks.
 
-.. code-block:: sh
+.. code-block:: console
 
   WAN - 172.16.10.0/24, 2001:0DB8:0:9999::0/64
   LAN - 192.168.100.0/24, 2001:0DB8:0:AAAA::0/64
@@ -25,7 +25,7 @@ WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30.
 
 It will look something like this:
 
-.. code-block:: sh
+.. code-block:: console
 
   interfaces {
       ethernet eth0 {
@@ -80,7 +80,7 @@ ruleset.
 In rules, it is good to keep them named consistently. As the number of rules
 you have grows, the more consistency you have, the easier your life will be.
 
-.. code-block:: sh
+.. code-block:: console
 
   Rule 1 - State Established, Related
   Rule 2 - State Invalid
@@ -105,7 +105,7 @@ significant headaches when trying to troubleshoot a connectivity issue.
 
 To add logging to the default rule, do:
 
-.. code-block:: sh
+.. code-block:: console
 
   set firewall name <ruleSet> enable-default-log
 
@@ -143,7 +143,7 @@ The following are the rules that were created for this example
 (may not be complete), both in IPv4 and IPv6. If there is no IP specified,
 then the source/destination address is not explicit.
 
-.. code-block:: sh
+.. code-block:: console
 
   WAN – DMZ:192.168.200.200 – tcp/80
   WAN – DMZ:192.168.200.200 – tcp/443
@@ -195,7 +195,7 @@ then the source/destination address is not explicit.
 
 Since we have 4 zones, we need to setup the following rulesets.
 
-.. code-block:: sh
+.. code-block:: console
 
   Lan-wan
   Lan-local
@@ -217,7 +217,7 @@ connection attempts.
 
 This is an example of the three base rules.
 
-.. code-block:: sh
+.. code-block:: console
 
   name wan-lan {
     default-action drop
@@ -241,7 +241,7 @@ This is an example of the three base rules.
 
 Here is an example of an IPv6 DMZ-WAN ruleset.
 
-.. code-block:: sh
+.. code-block:: console
 
   ipv6-name dmz-wan-6 {
     default-action drop
@@ -317,7 +317,7 @@ zone-policy.
 
 Start by setting the interface and default action for each zone.
 
-.. code-block:: sh
+.. code-block:: console
 
   set zone-policy zone dmz default-action drop
   set zone-policy zone dmz interface eth0.30
@@ -342,7 +342,7 @@ LAN, WAN, DMZ, local and TUN (tunnel)
 
 v6 pairs would be:
 
-.. code-block:: sh
+.. code-block:: console
 
   lan-tun
   lan-local
@@ -363,7 +363,7 @@ You would have to add a couple of rules on your wan-local ruleset to allow proto
 
 Something like:
 
-.. code-block:: sh
+.. code-block:: console
 
   rule 400 {
     action accept