diff options
| author | blex2 <36881979+blex2@users.noreply.github.com> | 2023-11-16 00:52:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-16 00:52:35 +0100 |
| commit | 71e2bb08717b3563a77d8699265be4d14ddb94cb (patch) | |
| tree | d27e9e9e19e7646f262387f86c1751fd8c00625c /docs | |
| parent | 9e9f2755a87f61caa17b12cff669af73a5863dac (diff) | |
| download | vyos-documentation-71e2bb08717b3563a77d8699265be4d14ddb94cb.tar.gz vyos-documentation-71e2bb08717b3563a77d8699265be4d14ddb94cb.zip | |
Update quick-start.rst
tryed document with rolling release 1.5 and had some problems with commands that changed. I adopted the changes here to reflect how I got it on the rolling releae without parse errors
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/quick-start.rst | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst index a3927560..6ae70e9f 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -185,11 +185,11 @@ The chain we will create is called ``CONN_FILTER`` and has three rules: set firewall ipv4 name CONN_FILTER default-action 'return' set firewall ipv4 name CONN_FILTER rule 10 action 'accept' - set firewall ipv4 name CONN_FILTER rule 10 state established 'enable' - set firewall ipv4 name CONN_FILTER rule 10 state related 'enable' + set firewall ipv4 name CONN_FILTER rule 10 state established + set firewall ipv4 name CONN_FILTER rule 10 state related set firewall ipv4 name CONN_FILTER rule 20 action 'drop' - set firewall ipv4 name CONN_FILTER rule 20 state invalid 'enable' + set firewall ipv4 name CONN_FILTER rule 20 state invalid Then, we can jump to the common chain from both the ``forward`` and ``input`` hooks as the first filtering rule in the respective chains: @@ -212,16 +212,16 @@ creating rules on each hook's chain: .. code-block:: none set firewall ipv4 forward filter rule 5 action 'accept' - set firewall ipv4 forward filter rule 5 state established 'enable' - set firewall ipv4 forward filter rule 5 state related 'enable' + set firewall ipv4 forward filter rule 5 state established + set firewall ipv4 forward filter rule 5 state related set firewall ipv4 forward filter rule 10 action 'drop' - set firewall ipv4 forward filter rule 10 state invalid 'enable' + set firewall ipv4 forward filter rule 10 state invalid set firewall ipv4 input filter rule 5 action 'accept' - set firewall ipv4 input filter rule 5 state established 'enable' - set firewall ipv4 input filter rule 5 state related 'enable' + set firewall ipv4 input filter rule 5 state established + set firewall ipv4 input filter rule 5 state related set firewall ipv4 input filter rule 10 action 'drop' - set firewall ipv4 input filter rule 10 state invalid 'enable' + set firewall ipv4 input filter rule 10 state invalid Block Incoming Traffic ---------------------- @@ -241,7 +241,7 @@ group and is addressed to our local network. set firewall ipv4 forward filter rule 100 action jump set firewall ipv4 forward filter rule 100 jump-target OUTSIDE-IN - set firewall ipv4 forward filter rule 100 inbound-interface interface-group WAN + set firewall ipv4 forward filter rule 100 inbound-interface group WAN set firewall ipv4 forward filter rule 100 destination group network-group NET-INSIDE-v4 We should also block all traffic destinated to the router itself that isn't @@ -285,17 +285,17 @@ interface group to 4 per minute: .. code-block:: none set firewall ipv4 name VyOS_MANAGEMENT rule 15 action 'accept' - set firewall ipv4 name VyOS_MANAGEMENT rule 15 inbound-interface interface-group 'LAN' + set firewall ipv4 name VyOS_MANAGEMENT rule 15 inbound-interface group 'LAN' set firewall ipv4 name VyOS_MANAGEMENT rule 20 action 'drop' set firewall ipv4 name VyOS_MANAGEMENT rule 20 recent count 4 set firewall ipv4 name VyOS_MANAGEMENT rule 20 recent time minute - set firewall ipv4 name VyOS_MANAGEMENT rule 20 state new enable - set firewall ipv4 name VyOS_MANAGEMENT rule 20 inbound-interface interface-group 'WAN' + set firewall ipv4 name VyOS_MANAGEMENT rule 20 state new + set firewall ipv4 name VyOS_MANAGEMENT rule 20 inbound-interface group 'WAN' set firewall ipv4 name VyOS_MANAGEMENT rule 21 action 'accept' - set firewall ipv4 name VyOS_MANAGEMENT rule 21 state new enable - set firewall ipv4 name VyOS_MANAGEMENT rule 21 inbound-interface interface-group 'WAN' + set firewall ipv4 name VyOS_MANAGEMENT rule 21 state new + set firewall ipv4 name VyOS_MANAGEMENT rule 21 inbound-interface group 'WAN' Allow Access to Services ------------------------ @@ -309,7 +309,7 @@ all hosts on the ``NET-INSIDE-v4`` network: set firewall ipv4 input filter rule 30 action 'accept' set firewall ipv4 input filter rule 30 icmp type-name 'echo-request' set firewall ipv4 input filter rule 30 protocol 'icmp' - set firewall ipv4 input filter rule 30 state new 'enable' + set firewall ipv4 input filter rule 30 state new set firewall ipv4 input filter rule 40 action 'accept' set firewall ipv4 input filter rule 40 destination port '53' |