diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-01-02 22:25:43 +0100 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-01-02 22:25:43 +0100 |
| commit | d74d2f6a400a5740e8e1438bcec6d72d604d745f (patch) | |
| tree | 7f408c54ed9f19db02d11feb4a6b54f0d954a8db /docs/configexamples | |
| parent | 878aa0bd85a206afd4a0bd58535ba250748e1c8c (diff) | |
| download | vyos-documentation-d74d2f6a400a5740e8e1438bcec6d72d604d745f.tar.gz vyos-documentation-d74d2f6a400a5740e8e1438bcec6d72d604d745f.zip | |
Fix firewall syntax for refactor in PPPoE IPv6 example
Diffstat (limited to 'docs/configexamples')
| -rw-r--r-- | docs/configexamples/pppoe-ipv6-basic.rst | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst index f569d9c3..ad588def 100644 --- a/docs/configexamples/pppoe-ipv6-basic.rst +++ b/docs/configexamples/pppoe-ipv6-basic.rst @@ -89,24 +89,28 @@ To have basic protection while keeping IPv6 network functional, we need to: .. code-block:: none - set firewall ipv6-name WAN_IN default-action 'drop' - set firewall ipv6-name WAN_IN rule 10 action 'accept' - set firewall ipv6-name WAN_IN rule 10 state established 'enable' - set firewall ipv6-name WAN_IN rule 10 state related 'enable' - set firewall ipv6-name WAN_IN rule 20 action 'accept' - set firewall ipv6-name WAN_IN rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL default-action 'drop' - set firewall ipv6-name WAN_LOCAL rule 10 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 10 state established 'enable' - set firewall ipv6-name WAN_LOCAL rule 10 state related 'enable' - set firewall ipv6-name WAN_LOCAL rule 20 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL rule 30 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 30 destination port '546' - set firewall ipv6-name WAN_LOCAL rule 30 protocol 'udp' - set firewall ipv6-name WAN_LOCAL rule 30 source port '547' - set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN' - set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL' + set firewall ipv6 name WAN_IN default-action 'drop' + set firewall ipv6 name WAN_IN rule 10 action 'accept' + set firewall ipv6 name WAN_IN rule 10 state established 'enable' + set firewall ipv6 name WAN_IN rule 10 state related 'enable' + set firewall ipv6 name WAN_IN rule 20 action 'accept' + set firewall ipv6 name WAN_IN rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL default-action 'drop' + set firewall ipv6 name WAN_LOCAL rule 10 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 10 state established 'enable' + set firewall ipv6 name WAN_LOCAL rule 10 state related 'enable' + set firewall ipv6 name WAN_LOCAL rule 20 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL rule 30 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 30 destination port '546' + set firewall ipv6 name WAN_LOCAL rule 30 protocol 'udp' + set firewall ipv6 name WAN_LOCAL rule 30 source port '547' + set firewall ipv6 forward filter rule 10 action jump + set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN' + set firewall ipv6 forward filter rule 10 inbound-interface name 'pppoe0' + set firewall ipv6 input filter rule 10 action jump + set firewall ipv6 input filter rule 10 jump-target 'WAN_LOCAL' + set firewall ipv6 input filter rule 10 inbound-interface name 'pppoe0' Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client). |