diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-10-08 14:33:59 -0300 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-10-08 14:33:59 -0300 |
| commit | 177ba9dd0d8a9eacd5ca5e022a68a1aa6170c3fa (patch) | |
| tree | 36eeef892b157e157f4c9174c6a2433dcfc8a6be /docs/configuration/firewall/ipv6.rst | |
| parent | 1bbe5de12c60bc558cbc178b5b37d26b332c31a0 (diff) | |
| download | vyos-documentation-177ba9dd0d8a9eacd5ca5e022a68a1aa6170c3fa.tar.gz vyos-documentation-177ba9dd0d8a9eacd5ca5e022a68a1aa6170c3fa.zip | |
T6760: add docs for new commands available in firewall: packet modifications commands.
Diffstat (limited to 'docs/configuration/firewall/ipv6.rst')
| -rw-r--r-- | docs/configuration/firewall/ipv6.rst | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 5f526dac..0c995c12 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -970,6 +970,56 @@ geoip) to keep database and rules updated. Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts. +Packet Modifications +==================== + +Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify +packets before they are sent out. This feaure provides more flexibility in +packet handling. + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set dscp <0-63> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set dscp <0-63> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set dscp <0-63> + + Set a specific value of Differentiated Services Codepoint (DSCP). + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set mark <1-2147483647> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set mark <1-2147483647> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set mark <1-2147483647> + + Set a specific packet mark value. + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set tcp-mss <500-1460> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set tcp-mss <500-1460> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set tcp-mss <500-1460> + + Set the TCP-MSS (TCP maximum segment size) for the connection. + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set hop-limit <0-255> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set hop-limit <0-255> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set hop-limit <0-255> + + Set hop limit value. + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set connection-mark <0-2147483647> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set connection-mark <0-2147483647> + + Set connection mark value. + ******** Synproxy ******** |