diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2025-05-29 23:10:21 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-29 23:10:21 +0300 |
| commit | 8ce433c4d5e5cb63a368c8967e75f7099c19d5df (patch) | |
| tree | 6c961d8d197a7d3d2e02bfb87b211a42fd262883 /docs | |
| parent | bfa8a806ee97eced6fc8d8c4c2a74a5c2e5e4eaf (diff) | |
| parent | c369910ce0280bdcdb83d1fc8ea563112de96132 (diff) | |
| download | vyos-documentation-8ce433c4d5e5cb63a368c8967e75f7099c19d5df.tar.gz vyos-documentation-8ce433c4d5e5cb63a368c8967e75f7099c19d5df.zip | |
Merge pull request #1628 from 991jo/policy-vrf-and-fwmark
policy: added set vrf and mark matching documentation
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/policy/route.rst | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst index b818d238..1ddd04cf 100644 --- a/docs/configuration/policy/route.rst +++ b/docs/configuration/policy/route.rst @@ -51,6 +51,20 @@ in this section. Set match criteria based on connection mark. +.. cfgcmd:: set policy route <name> rule <n> mark <match_criteria> +.. cfgcmd:: set policy route6 <name> rule <n> mark <match_criteria> + + Match based on the firewall mark (fwmark), where <match_criteria> can be: + + * <0-2147483647> a single fwmark + * !<0-2147483647> everything except a single fwmark + * <start-end> a range of marks + * !<start-end> everything except the range of marks + + .. note:: When using the ``set table`` or ``set vrf`` commands the mark + settings are ignored and overwritten with a table-specific mark that + is set to 0x7FFFFFFF - the id of the table/VRF. + .. cfgcmd:: set policy route <name> rule <n> source address <match_criteria> .. cfgcmd:: set policy route <name> rule <n> destination address @@ -273,7 +287,20 @@ setting a different routing table. Set the routing table to forward packet with. + .. note:: When using the ``set table`` or ``set vrf`` commands matching + against the mark is not possible, because it gets overwritten with a + table-specific mark that is 0x7FFFFFFF - the id of the table/VRF. + .. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460> .. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460> Set packet modifications: Explicitly set TCP Maximum segment size value. + +.. cfgcmd:: set policy route <name> rule <n> set vrf <default | text > +.. cfgcmd:: set policy route6 <name> rule <n> set vrf <default | text > + + Set the VRF to forward packet with. + + .. note:: When using the ``set table`` or ``set vrf`` commands matching + against the mark is not possible, because it gets overwritten with a + table-specific mark that is 0x7FFFFFFF - the id of the table/VRF. |