diff options
author | rebortg <github@ghlr.de> | 2024-07-18 21:53:35 +0200 |
---|---|---|
committer | rebortg <github@ghlr.de> | 2024-07-18 21:53:35 +0200 |
commit | d3ad8cc86cf3561788b2c3f0d274453a31c3c2ba (patch) | |
tree | 9faadb3a3958c24aca4302d3783173f61131425b /docs/configuration/system | |
parent | 579c5cc953c8f5ac2a17218fd8d58b4a53bab7ca (diff) | |
parent | 873a461bdf972ebd815baf50893700b0a2518213 (diff) | |
download | vyos-documentation-d3ad8cc86cf3561788b2c3f0d274453a31c3c2ba.tar.gz vyos-documentation-d3ad8cc86cf3561788b2c3f0d274453a31c3c2ba.zip |
Merge branch 'current' of github.com:vyos/vyos-documentation into current
Diffstat (limited to 'docs/configuration/system')
-rw-r--r-- | docs/configuration/system/conntrack.rst | 39 | ||||
-rw-r--r-- | docs/configuration/system/login.rst | 6 |
2 files changed, 12 insertions, 33 deletions
diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst index 1401e02e..6d551575 100644 --- a/docs/configuration/system/conntrack.rst +++ b/docs/configuration/system/conntrack.rst @@ -64,39 +64,7 @@ Configure Contrack Timeouts ================= -VyOS supports setting timeouts for connections according to the -connection type. You can set timeout values for generic connections, for ICMP -connections, UDP connections, or for TCP connections in a number of different -states. - -.. cfgcmd:: set system conntrack timeout icmp <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout other <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp close <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp close-wait <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp established <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp fin-wait <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp last-ack <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp syn-recv <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp syn-sent <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout tcp time-wait <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout udp other <1-21474836> - :defaultvalue: -.. cfgcmd:: set system conntrack timeout udp stream <1-21474836> - :defaultvalue: - - Set the timeout in seconds for a protocol or state. - -You can also define custom timeout values to apply to a specific subset of +You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector. @@ -177,6 +145,11 @@ create a rule defining the packet and flow selector. Conntrack ignore rules ====================== +.. note:: **Important note about conntrack ignore rules:** + Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in + ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in + the future the conntrack ignore rules will be removed. + Customized ignore rules, based on a packet and flow selector. .. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999> diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index 09e27c53..452981a9 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -234,6 +234,12 @@ An example: set system login user otptester authentication otp rate-time '20' set system login user otptester authentication otp window-size '5' +Once a user has 2FA/OTP configured against their account, they must login +using their password with the OTP code appended to it. +For example: If the users password is vyosrocks and the OTP code is 817454 +then they would enter their password as vyosrocks817454 + + RADIUS ====== |