diff options
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/_locale/de/LC_MESSAGES/configuration.mo | bin | 1051533 -> 1052473 bytes | |||
| -rw-r--r-- | docs/_locale/de/configuration.pot | 184 | ||||
| -rw-r--r-- | docs/_locale/en/LC_MESSAGES/configuration.mo | bin | 1051494 -> 1052434 bytes | |||
| -rw-r--r-- | docs/_locale/es/LC_MESSAGES/configuration.mo | bin | 1131863 -> 1132803 bytes | |||
| -rw-r--r-- | docs/_locale/es/configuration.pot | 184 | ||||
| -rw-r--r-- | docs/_static/images/firewall-netfilter.png | bin | 0 -> 73608 bytes | |||
| -rw-r--r-- | docs/_static/images/firewall-traditional.png | bin | 0 -> 53437 bytes | |||
| -rw-r--r-- | docs/_static/images/firewall-zonebased.png | bin | 0 -> 55621 bytes | |||
| -rw-r--r-- | docs/changelog/1.3.rst | 6 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 44 | ||||
| -rw-r--r-- | docs/changelog/1.5.rst | 37 | ||||
| -rw-r--r-- | docs/configuration/firewall/general-legacy.rst | 8 | ||||
| -rw-r--r-- | docs/configuration/firewall/general.rst | 55 | ||||
| -rw-r--r-- | docs/configuration/firewall/index.rst | 73 | ||||
| -rw-r--r-- | docs/configuration/firewall/zone.rst | 6 | ||||
| -rw-r--r-- | docs/installation/virtual/libvirt.rst | 25 | 
17 files changed, 432 insertions, 190 deletions
| diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 8f79a5cb4ee9b6eb5e825304702558fd5db791d +Subproject 90ce099f065325841c4c18b4a4beadaf141a35b diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.moBinary files differ index 2214ada7..a4a72442 100644 --- a/docs/_locale/de/LC_MESSAGES/configuration.mo +++ b/docs/_locale/de/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index ae73e71e..02238ad3 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -205,7 +205,7 @@ msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vo  msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."  msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für eine Kette nicht definiert ist, ist die Standardaktion für diese Kette auf ** accept** gesetzt. Nur für benutzerdefinierte Ketten ist die Standardaktion auf **drop** gesetzt." -#: ../../configuration/firewall/general.rst:409 +#: ../../configuration/firewall/general.rst:411  msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain."  msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." @@ -1481,7 +1481,7 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra  msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"  msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/general.rst:766 +#: ../../configuration/firewall/general.rst:768  #: ../../configuration/firewall/general-legacy.rst:506  msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."  msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1898,7 +1898,7 @@ msgstr "Allow host networking in a container. The network stack of the container  msgid "Allow this BFD peer to not be directly connected"  msgstr "Allow this BFD peer to not be directly connected" -#: ../../configuration/firewall/general.rst:1142 +#: ../../configuration/firewall/general.rst:1144  #: ../../configuration/firewall/general-legacy.rst:694  msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."  msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." @@ -1923,7 +1923,7 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP  msgid "Already learned known_hosts files of clients need an update as the public key will change."  msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/general.rst:382 +#: ../../configuration/firewall/general.rst:384  msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."  msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." @@ -2007,7 +2007,7 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai  msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."  msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)." -#: ../../configuration/firewall/general.rst:624 +#: ../../configuration/firewall/general.rst:626  msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"  msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" @@ -2333,7 +2333,7 @@ msgstr "Assured Forwarding(AF) 43"  msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."  msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." -#: ../../configuration/firewall/general.rst:1451 +#: ../../configuration/firewall/general.rst:1496  #: ../../configuration/firewall/general-legacy.rst:972  msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"  msgstr "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``" @@ -2975,7 +2975,7 @@ msgstr "Clock daemon"  msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."  msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." -#: ../../configuration/firewall/general.rst:535 +#: ../../configuration/firewall/general.rst:537  msgid "Command for disabling a rule but keep it in the configuration."  msgstr "Command for disabling a rule but keep it in the configuration." @@ -2983,7 +2983,7 @@ msgstr "Command for disabling a rule but keep it in the configuration."  msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."  msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/general.rst:1506 +#: ../../configuration/firewall/general.rst:1551  #: ../../configuration/firewall/general-legacy.rst:1054  msgid "Command used to update GeoIP database and firewall sets."  msgstr "Command used to update GeoIP database and firewall sets." @@ -3875,7 +3875,7 @@ msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:"  msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"  msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/general.rst:719 +#: ../../configuration/firewall/general.rst:721  #: ../../configuration/firewall/general-legacy.rst:480  msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."  msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." @@ -4127,22 +4127,22 @@ msgstr "Define different modes for sending replies in response to received ARP r  msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."  msgstr "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface." -#: ../../configuration/firewall/general.rst:481 +#: ../../configuration/firewall/general.rst:483  #: ../../configuration/firewall/general-legacy.rst:361  msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."  msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." -#: ../../configuration/firewall/general.rst:455 +#: ../../configuration/firewall/general.rst:457  #: ../../configuration/firewall/general-legacy.rst:347  msgid "Define log-level. Only applicable if rule log is enable."  msgstr "Define log-level. Only applicable if rule log is enable." -#: ../../configuration/firewall/general.rst:468 +#: ../../configuration/firewall/general.rst:470  #: ../../configuration/firewall/general-legacy.rst:354  msgid "Define log group to send message to. Only applicable if rule log is enable."  msgstr "Define log group to send message to. Only applicable if rule log is enable." -#: ../../configuration/firewall/general.rst:495 +#: ../../configuration/firewall/general.rst:497  #: ../../configuration/firewall/general-legacy.rst:369  msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."  msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." @@ -4300,6 +4300,10 @@ msgstr "Disable a BFD peer"  msgid "Disable a container."  msgstr "Disable a container." +#: ../../configuration/firewall/general.rst:1290 +msgid "Disable conntrack loose track option" +msgstr "Disable conntrack loose track option" +  #: ../../configuration/service/dhcp-relay.rst:50  msgid "Disable dhcp-relay service."  msgstr "Disable dhcp-relay service." @@ -4872,7 +4876,7 @@ msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system p  msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"  msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" -#: ../../configuration/firewall/general.rst:431 +#: ../../configuration/firewall/general.rst:433  #: ../../configuration/firewall/general-legacy.rst:340  msgid "Enable or disable logging for the matched packet."  msgstr "Enable or disable logging for the matched packet." @@ -5719,7 +5723,7 @@ msgstr "Example IPv6 only:"  msgid "Example Network"  msgstr "Example Network" -#: ../../configuration/firewall/general.rst:1457 +#: ../../configuration/firewall/general.rst:1502  #: ../../configuration/firewall/general-legacy.rst:979  msgid "Example Partial Config"  msgstr "Example Partial Config" @@ -5740,6 +5744,10 @@ msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access (  msgid "Example of redirection:"  msgstr "Example of redirection:" +#: ../../configuration/firewall/general.rst:1285 +msgid "Example synproxy" +msgstr "Example synproxy" +  #: ../../configuration/interfaces/bridge.rst:187  #: ../../configuration/interfaces/macsec.rst:153  #: ../../configuration/interfaces/wireless.rst:541 @@ -5921,7 +5929,7 @@ msgstr "Firewall"  msgid "Firewall-Legacy"  msgstr "Firewall-Legacy" -#: ../../configuration/firewall/general.rst:500 +#: ../../configuration/firewall/general.rst:502  msgid "Firewall Description"  msgstr "Firewall Description" @@ -5930,7 +5938,7 @@ msgstr "Firewall Description"  msgid "Firewall Exceptions"  msgstr "Firewall Exceptions" -#: ../../configuration/firewall/general.rst:415 +#: ../../configuration/firewall/general.rst:417  msgid "Firewall Logs"  msgstr "Firewall Logs" @@ -6162,7 +6170,7 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead  msgid "For outbound updates the order of preference is:"  msgstr "For outbound updates the order of preference is:" -#: ../../configuration/firewall/general.rst:502 +#: ../../configuration/firewall/general.rst:504  msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."  msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -8520,7 +8528,7 @@ msgstr "Log the connection tracking events per protocol."  msgid "Logging"  msgstr "Logging" -#: ../../configuration/firewall/general.rst:417 +#: ../../configuration/firewall/general.rst:419  msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."  msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." @@ -8713,7 +8721,7 @@ msgstr "Match BGP large communities."  msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."  msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/general.rst:715 +#: ../../configuration/firewall/general.rst:717  msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."  msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -8725,17 +8733,17 @@ msgstr "Match RPKI validation result."  msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."  msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/general.rst:1096 +#: ../../configuration/firewall/general.rst:1098  #: ../../configuration/firewall/general-legacy.rst:671  msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."  msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/general.rst:1163 +#: ../../configuration/firewall/general.rst:1165  #: ../../configuration/firewall/general-legacy.rst:709  msgid "Match against the state of a packet."  msgstr "Match against the state of a packet." -#: ../../configuration/firewall/general.rst:929 +#: ../../configuration/firewall/general.rst:931  #: ../../configuration/firewall/general-legacy.rst:590  msgid "Match based on dscp value."  msgstr "Match based on dscp value." @@ -8744,18 +8752,18 @@ msgstr "Match based on dscp value."  msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."  msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/general.rst:942 +#: ../../configuration/firewall/general.rst:944  #: ../../configuration/firewall/general-legacy.rst:597  msgid "Match based on fragment criteria."  msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/general.rst:961 +#: ../../configuration/firewall/general.rst:963  #: ../../configuration/firewall/general-legacy.rst:604  #: ../../configuration/policy/route.rst:131  msgid "Match based on icmp|icmpv6 code and type."  msgstr "Match based on icmp|icmpv6 code and type." -#: ../../configuration/firewall/general.rst:980 +#: ../../configuration/firewall/general.rst:982  #: ../../configuration/firewall/general-legacy.rst:610  msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."  msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." @@ -8768,57 +8776,57 @@ msgstr "Match based on icmp|icmpv6 type-name criteria. Use tab for information a  msgid "Match based on inbound/outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"  msgstr "Match based on inbound/outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:992 +#: ../../configuration/firewall/general.rst:994  msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"  msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:1018 +#: ../../configuration/firewall/general.rst:1020  #: ../../configuration/firewall/general-legacy.rst:630  msgid "Match based on ipsec criteria."  msgstr "Match based on ipsec criteria." -#: ../../configuration/firewall/general.rst:1004 +#: ../../configuration/firewall/general.rst:1006  msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"  msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:1069 +#: ../../configuration/firewall/general.rst:1071  #: ../../configuration/firewall/general-legacy.rst:656  #: ../../configuration/policy/route.rst:176  msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."  msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/general.rst:1083 +#: ../../configuration/firewall/general.rst:1085  #: ../../configuration/firewall/general-legacy.rst:664  #: ../../configuration/policy/route.rst:184  msgid "Match based on packet type criteria."  msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/general.rst:1044 +#: ../../configuration/firewall/general.rst:1046  #: ../../configuration/firewall/general-legacy.rst:644  msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"  msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/general.rst:1031 +#: ../../configuration/firewall/general.rst:1033  #: ../../configuration/firewall/general-legacy.rst:637  msgid "Match based on the maximum number of packets to allow in excess of rate."  msgstr "Match based on the maximum number of packets to allow in excess of rate." -#: ../../configuration/firewall/general.rst:1129 +#: ../../configuration/firewall/general.rst:1131  #: ../../configuration/firewall/general-legacy.rst:689  msgid "Match bases on recently seen sources."  msgstr "Match bases on recently seen sources." -#: ../../configuration/firewall/general.rst:567 +#: ../../configuration/firewall/general.rst:569  #: ../../configuration/firewall/general-legacy.rst:394  msgid "Match criteria based on connection mark."  msgstr "Match criteria based on connection mark." -#: ../../configuration/firewall/general.rst:554 +#: ../../configuration/firewall/general.rst:556  #: ../../configuration/firewall/general-legacy.rst:387  msgid "Match criteria based on nat connection status."  msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/general.rst:591 +#: ../../configuration/firewall/general.rst:593  msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."  msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." @@ -8826,7 +8834,7 @@ msgstr "Match criteria based on source and/or destination address. This is simil  msgid "Match domain name"  msgstr "Match domain name" -#: ../../configuration/firewall/general.rst:1239 +#: ../../configuration/firewall/general.rst:1241  #: ../../configuration/firewall/general-legacy.rst:732  #: ../../configuration/policy/route.rst:234  msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -8840,18 +8848,18 @@ msgstr "Match local preference."  msgid "Match route metric."  msgstr "Match route metric." -#: ../../configuration/firewall/general.rst:1227 +#: ../../configuration/firewall/general.rst:1229  #: ../../configuration/firewall/general-legacy.rst:726  #: ../../configuration/policy/route.rst:229  msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."  msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/general.rst:1264 +#: ../../configuration/firewall/general.rst:1266  #: ../../configuration/firewall/general-legacy.rst:742  msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."  msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." -#: ../../configuration/firewall/general.rst:539 +#: ../../configuration/firewall/general.rst:541  #: ../../configuration/firewall/general-legacy.rst:378  #: ../../configuration/policy/route.rst:38  msgid "Matching criteria" @@ -9028,7 +9036,7 @@ msgstr "Multiple servers can be specified."  msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"  msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/general.rst:775 +#: ../../configuration/firewall/general.rst:777  #: ../../configuration/firewall/general-legacy.rst:515  msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"  msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" @@ -9554,7 +9562,7 @@ msgstr "Only 802.1Q-tagged packets are accepted on Ethernet vifs."  msgid "Only VRRP is supported. Required option."  msgstr "Only VRRP is supported. Required option." -#: ../../configuration/firewall/general.rst:736 +#: ../../configuration/firewall/general.rst:738  #: ../../configuration/firewall/general-legacy.rst:490  msgid "Only in the source criteria, you can specify a mac-address."  msgstr "Only in the source criteria, you can specify a mac-address." @@ -9688,7 +9696,7 @@ msgstr "Operating Modes"  msgid "Operation"  msgstr "Operation" -#: ../../configuration/firewall/general.rst:1269 +#: ../../configuration/firewall/general.rst:1314  #: ../../configuration/firewall/general-legacy.rst:778  msgid "Operation-mode Firewall"  msgstr "Operation-mode Firewall" @@ -9864,7 +9872,7 @@ msgstr "Overview"  msgid "Overview and basic concepts"  msgstr "Overview and basic concepts" -#: ../../configuration/firewall/general.rst:1423 +#: ../../configuration/firewall/general.rst:1468  #: ../../configuration/firewall/general-legacy.rst:908  msgid "Overview of defined groups. You see the type, the members, and where the group is used."  msgstr "Overview of defined groups. You see the type, the members, and where the group is used." @@ -10355,7 +10363,7 @@ msgstr "Provide a IPv4 or IPv6 address group description"  msgid "Provide a IPv4 or IPv6 network group description."  msgstr "Provide a IPv4 or IPv6 network group description." -#: ../../configuration/firewall/general.rst:520 +#: ../../configuration/firewall/general.rst:522  #: ../../configuration/firewall/general-legacy.rst:334  #: ../../configuration/policy/route.rst:30  msgid "Provide a description for each rule." @@ -10379,7 +10387,7 @@ msgstr "Provide a port group description."  msgid "Provide a rule-set description."  msgstr "Provide a rule-set description." -#: ../../configuration/firewall/general.rst:508 +#: ../../configuration/firewall/general.rst:510  msgid "Provide a rule-set description to a custom firewall chain."  msgstr "Provide a rule-set description to a custom firewall chain." @@ -10808,6 +10816,10 @@ msgstr "Requirements"  msgid "Requirements:"  msgstr "Requirements:" +#: ../../configuration/firewall/general.rst:1286 +msgid "Requirements to enable synproxy:" +msgstr "Requirements to enable synproxy:" +  #: ../../configuration/protocols/bgp.rst:1063  #: ../../configuration/protocols/mpls.rst:248  msgid "Reset" @@ -11012,7 +11024,7 @@ msgstr "Routing tables that will be used in this example are:"  msgid "Rule-Sets"  msgstr "Rule-Sets" -#: ../../configuration/firewall/general.rst:1272 +#: ../../configuration/firewall/general.rst:1317  #: ../../configuration/firewall/general-legacy.rst:781  msgid "Rule-set overview"  msgstr "Rule-set overview" @@ -11033,7 +11045,7 @@ msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact pat  msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"  msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" -#: ../../configuration/firewall/general.rst:524 +#: ../../configuration/firewall/general.rst:526  msgid "Rule Status"  msgstr "Rule Status" @@ -11388,6 +11400,10 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne  msgid "Set SSL certeficate <name> for service <name>"  msgstr "Set SSL certeficate <name> for service <name>" +#: ../../configuration/firewall/general.rst:1278 +msgid "Set TCP-MSS (maximum segment size) for the connection" +msgstr "Set TCP-MSS (maximum segment size) for the connection" +  #: ../../configuration/service/dns.rst:267  msgid "Set TTL to 300 seconds"  msgstr "Set TTL to 300 seconds" @@ -11935,6 +11951,10 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule."  msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."  msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." +#: ../../configuration/firewall/general.rst:1282 +msgid "Set the window scale factor for TCP window scaling" +msgstr "Set the window scale factor for TCP window scaling" +  #: ../../configuration/system/login.rst:124  msgid "Set window of concurrently valid codes."  msgstr "Set window of concurrently valid codes." @@ -12048,7 +12068,7 @@ msgstr "Show DHCP server daemon log file"  msgid "Show DHCPv6 server daemon log file"  msgstr "Show DHCPv6 server daemon log file" -#: ../../configuration/firewall/general.rst:1444 +#: ../../configuration/firewall/general.rst:1489  #: ../../configuration/firewall/general-legacy.rst:965  msgid "Show Firewall log"  msgstr "Show Firewall log" @@ -12296,7 +12316,7 @@ msgstr "Show the list of all active containers."  msgid "Show the local container images."  msgstr "Show the local container images." -#: ../../configuration/firewall/general.rst:1448 +#: ../../configuration/firewall/general.rst:1493  #: ../../configuration/firewall/general-legacy.rst:969  msgid "Show the logs of a specific Rule-Set."  msgstr "Show the logs of a specific Rule-Set." @@ -12665,7 +12685,7 @@ msgstr "Specifies which RADIUS server attribute contains the rate limit informat  msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."  msgstr "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined." -#: ../../configuration/firewall/general.rst:668 +#: ../../configuration/firewall/general.rst:670  #: ../../configuration/firewall/general-legacy.rst:455  msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."  msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." @@ -12951,6 +12971,18 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect  msgid "Sync groups"  msgstr "Sync groups" +#: ../../configuration/firewall/general.rst:1271 +msgid "Synproxy" +msgstr "Synproxy" + +#: ../../configuration/firewall/general.rst:1272 +msgid "Synproxy connections" +msgstr "Synproxy connections" + +#: ../../configuration/firewall/general.rst:1289 +msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" +msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" +  #: ../../configuration/interfaces/pppoe.rst:327  msgid "Syntax has changed from VyOS 1.2 (crux) and it will be automatically migrated during an upgrade."  msgstr "Syntax has changed from VyOS 1.2 (crux) and it will be automatically migrated during an upgrade." @@ -14131,7 +14163,7 @@ msgstr "There's a variety of client GUI frontends for any platform"  msgid "There are 3 default NTP server set. You are able to change them."  msgstr "There are 3 default NTP server set. You are able to change them." -#: ../../configuration/firewall/general.rst:541 +#: ../../configuration/firewall/general.rst:543  #: ../../configuration/firewall/general-legacy.rst:380  msgid "There are a lot of matching criteria against which the package can be tested."  msgstr "There are a lot of matching criteria against which the package can be tested." @@ -15341,7 +15373,7 @@ msgstr "This command will generate a default-route in L1 database."  msgid "This command will generate a default-route in L2 database."  msgstr "This command will generate a default-route in L2 database." -#: ../../configuration/firewall/general.rst:1419 +#: ../../configuration/firewall/general.rst:1464  #: ../../configuration/firewall/general-legacy.rst:904  msgid "This command will give an overview of a rule in a single rule-set"  msgstr "This command will give an overview of a rule in a single rule-set" @@ -15350,7 +15382,7 @@ msgstr "This command will give an overview of a rule in a single rule-set"  msgid "This command will give an overview of a rule in a single rule-set."  msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/general.rst:1397 +#: ../../configuration/firewall/general.rst:1442  #: ../../configuration/firewall/general-legacy.rst:932  msgid "This command will give an overview of a single rule-set."  msgstr "This command will give an overview of a single rule-set." @@ -15478,7 +15510,7 @@ msgstr "This example shows how to target an MSS clamp (in our example to 1360 by  msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."  msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs." -#: ../../configuration/firewall/general.rst:631 +#: ../../configuration/firewall/general.rst:633  #: ../../configuration/firewall/general-legacy.rst:431  msgid "This functions for both individual addresses and address groups."  msgstr "This functions for both individual addresses and address groups." @@ -15719,7 +15751,7 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer  msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."  msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." -#: ../../configuration/firewall/general.rst:365 +#: ../../configuration/firewall/general.rst:367  msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."  msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." @@ -15765,7 +15797,7 @@ msgstr "This section needs improvements, examples and explanations."  msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."  msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed." -#: ../../configuration/firewall/general.rst:397 +#: ../../configuration/firewall/general.rst:399  msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."  msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." @@ -15873,7 +15905,7 @@ msgstr "This will match TCP traffic with source port 80."  msgid "This will render the following ddclient_ configuration entry:"  msgstr "This will render the following ddclient_ configuration entry:" -#: ../../configuration/firewall/general.rst:1276 +#: ../../configuration/firewall/general.rst:1321  #: ../../configuration/firewall/general-legacy.rst:785  msgid "This will show you a basic firewall overview"  msgstr "This will show you a basic firewall overview" @@ -15882,12 +15914,12 @@ msgstr "This will show you a basic firewall overview"  msgid "This will show you a rule-set statistic since the last boot."  msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/general.rst:1441 +#: ../../configuration/firewall/general.rst:1486  #: ../../configuration/firewall/general-legacy.rst:900  msgid "This will show you a statistic of all rule-sets since the last boot."  msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/general.rst:1339 +#: ../../configuration/firewall/general.rst:1384  #: ../../configuration/firewall/general-legacy.rst:851  msgid "This will show you a summary of rule-sets and groups"  msgstr "This will show you a summary of rule-sets and groups" @@ -15932,7 +15964,7 @@ msgstr "Time in seconds that the prefix will remain valid (default: 30 days)"  msgid "Time is in minutes and defaults to 60."  msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/general.rst:1216 +#: ../../configuration/firewall/general.rst:1218  #: ../../configuration/firewall/general-legacy.rst:722  #: ../../configuration/policy/route.rst:225  msgid "Time to match the defined rule." @@ -15983,12 +16015,12 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c  msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."  msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/general.rst:406 +#: ../../configuration/firewall/general.rst:408  #: ../../configuration/firewall/general-legacy.rst:295  msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."  msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." -#: ../../configuration/firewall/general.rst:379 +#: ../../configuration/firewall/general.rst:381  msgid "To be used only when action is set to jump. Use this command to specify jump target."  msgstr "To be used only when action is set to jump. Use this command to specify jump target." @@ -16222,6 +16254,10 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece  msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."  msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)." +#: ../../configuration/firewall/general.rst:1288 +msgid "Traffic must be symmetric" +msgstr "Traffic must be symmetric" +  #: ../../configuration/highavailability/index.rst:322  msgid "Transition scripts"  msgstr "Transition scripts" @@ -16347,7 +16383,7 @@ msgstr "Update"  msgid "Update container image"  msgstr "Update container image" -#: ../../configuration/firewall/general.rst:1502 +#: ../../configuration/firewall/general.rst:1547  #: ../../configuration/firewall/general-legacy.rst:1050  msgid "Update geoip database"  msgstr "Update geoip database" @@ -16401,27 +16437,27 @@ msgstr "Use `delete system conntrack modules` to deactive all modules."  msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."  msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/general.rst:804 +#: ../../configuration/firewall/general.rst:806  #: ../../configuration/firewall/general-legacy.rst:531  msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:879 +#: ../../configuration/firewall/general.rst:881  #: ../../configuration/firewall/general-legacy.rst:567  msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:904 +#: ../../configuration/firewall/general.rst:906  #: ../../configuration/firewall/general-legacy.rst:579  msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:829 +#: ../../configuration/firewall/general.rst:831  #: ../../configuration/firewall/general-legacy.rst:543  msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/general.rst:854 +#: ../../configuration/firewall/general.rst:856  #: ../../configuration/firewall/general-legacy.rst:555  msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." @@ -16957,7 +16993,7 @@ msgstr "Use this command to enable the local router to try and connect with a ta  msgid "Use this command to enable the logging of the default action."  msgstr "Use this command to enable the logging of the default action." -#: ../../configuration/firewall/general.rst:436 +#: ../../configuration/firewall/general.rst:438  msgid "Use this command to enable the logging of the default action on custom chains."  msgstr "Use this command to enable the logging of the default action on custom chains." @@ -17791,7 +17827,7 @@ msgstr "When configuring your filter, you can use the ``Tab`` key to see the man  msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."  msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." -#: ../../configuration/firewall/general.rst:526 +#: ../../configuration/firewall/general.rst:528  msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."  msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." @@ -19645,6 +19681,10 @@ msgstr "``static`` - Statically configured routes"  msgid "``station`` - Connects to another access point"  msgstr "``station`` - Connects to another access point" +#: ../../configuration/firewall/general.rst:354 +msgid "``synproxy``: synproxy the packet." +msgstr "``synproxy``: synproxy the packet." +  #: ../../configuration/system/sysctl.rst:9  msgid "``sysctl`` is used to modify kernel parameters at runtime.  The parameters available are those listed under /proc/sys/."  msgstr "``sysctl`` is used to modify kernel parameters at runtime.  The parameters available are those listed under /proc/sys/." diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.moBinary files differ index 76714055..398748f9 100644 --- a/docs/_locale/en/LC_MESSAGES/configuration.mo +++ b/docs/_locale/en/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.moBinary files differ index 3bc77c66..5430f6c9 100644 --- a/docs/_locale/es/LC_MESSAGES/configuration.mo +++ b/docs/_locale/es/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index e365059b..e9fe139c 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -205,7 +205,7 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr  msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**."  msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **accept** for that chain. Only for custom chains, the default action is set to **drop**." -#: ../../configuration/firewall/general.rst:409 +#: ../../configuration/firewall/general.rst:411  msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain."  msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." @@ -1481,7 +1481,7 @@ msgstr "Se requiere una interfaz física para conectar esta instancia de MACsec.  msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:"  msgstr "Se puede definir un grupo de direcciones usando un guión entre dos direcciones IP:" -#: ../../configuration/firewall/general.rst:766 +#: ../../configuration/firewall/general.rst:768  #: ../../configuration/firewall/general-legacy.rst:506  msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``."  msgstr "Un puerto se puede configurar con un número de puerto o un nombre que se define aquí: ``/etc/services``." @@ -1898,7 +1898,7 @@ msgstr "Permitir redes de host en un contenedor. La pila de red del contenedor n  msgid "Allow this BFD peer to not be directly connected"  msgstr "Permitir que este par BFD no se conecte directamente" -#: ../../configuration/firewall/general.rst:1142 +#: ../../configuration/firewall/general.rst:1144  #: ../../configuration/firewall/general-legacy.rst:694  msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol."  msgstr "Valores permitidos para indicadores TCP: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` Al especificar más de una bandera, las banderas deben estar separadas por comas. El ``!`` niega el protocolo seleccionado." @@ -1923,7 +1923,7 @@ msgstr "Le permite configurar la interfaz de siguiente salto para una ruta está  msgid "Already learned known_hosts files of clients need an update as the public key will change."  msgstr "Los archivos de hosts conocidos ya aprendidos de los clientes necesitan una actualización ya que la clave pública cambiará." -#: ../../configuration/firewall/general.rst:382 +#: ../../configuration/firewall/general.rst:384  msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**."  msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." @@ -2007,7 +2007,7 @@ msgstr "Se puede aplicar una máscara de red arbitraria a las direcciones de má  msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)."  msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 and a zone-based firewall as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)." -#: ../../configuration/firewall/general.rst:624 +#: ../../configuration/firewall/general.rst:626  msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)"  msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" @@ -2333,7 +2333,7 @@ msgstr "Reenvío asegurado (AF) 43"  msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued."  msgstr "En cada ronda, el contador de déficit agrega el cuanto para que incluso los paquetes grandes tengan la oportunidad de ser eliminados." -#: ../../configuration/firewall/general.rst:1451 +#: ../../configuration/firewall/general.rst:1496  #: ../../configuration/firewall/general-legacy.rst:972  msgid "At the moment it not possible to look at the whole firewall log with VyOS operational commands. All logs will save to ``/var/logs/messages``. For example: ``grep '10.10.0.10' /var/log/messages``"  msgstr "Por el momento, no es posible ver todo el registro del firewall con los comandos operativos de VyOS. Todos los registros se guardarán en ``/var/logs/messages``. Por ejemplo: ``grep '10.10.0.10' /var/log/messages``" @@ -2975,7 +2975,7 @@ msgstr "Demonio del reloj"  msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year."  msgstr "La finalización del comando se puede utilizar para enumerar las zonas horarias disponibles. El ajuste del horario de verano se realizará automáticamente en función de la época del año." -#: ../../configuration/firewall/general.rst:535 +#: ../../configuration/firewall/general.rst:537  msgid "Command for disabling a rule but keep it in the configuration."  msgstr "Command for disabling a rule but keep it in the configuration." @@ -2983,7 +2983,7 @@ msgstr "Command for disabling a rule but keep it in the configuration."  msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview."  msgstr "El comando probablemente debería extenderse para enumerar también las interfaces reales asignadas a este VRF para obtener una mejor visión general." -#: ../../configuration/firewall/general.rst:1506 +#: ../../configuration/firewall/general.rst:1551  #: ../../configuration/firewall/general-legacy.rst:1054  msgid "Command used to update GeoIP database and firewall sets."  msgstr "Comando utilizado para actualizar la base de datos GeoIP y los conjuntos de firewall." @@ -3875,7 +3875,7 @@ msgstr "Valores DSCP según :rfc:`2474` y :rfc:`4595`:"  msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``"  msgstr "Modo DSSS/CCK en 40 MHz, esto establece ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/general.rst:719 +#: ../../configuration/firewall/general.rst:721  #: ../../configuration/firewall/general-legacy.rst:480  msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated."  msgstr "Los datos son proporcionados por DB-IP.com bajo licencia CC-BY-4.0. Se requiere atribución, permite la redistribución para que podamos incluir una base de datos en imágenes (~3 MB comprimidos). Incluye secuencia de comandos cron (invocable manualmente por geoip de actualización de modo operativo) para mantener la base de datos y las reglas actualizadas." @@ -4127,22 +4127,22 @@ msgstr "Defina diferentes modos para enviar respuestas en respuesta a las solici  msgid "Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface."  msgstr "Defina diferentes niveles de restricción para anunciar la dirección IP de origen local de los paquetes IP en las solicitudes ARP enviadas en la interfaz." -#: ../../configuration/firewall/general.rst:481 +#: ../../configuration/firewall/general.rst:483  #: ../../configuration/firewall/general-legacy.rst:361  msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined."  msgstr "Defina la longitud de la carga útil del paquete para incluir en el mensaje de enlace de red. Solo se aplica si el registro de reglas está habilitado y el grupo de registros está definido." -#: ../../configuration/firewall/general.rst:455 +#: ../../configuration/firewall/general.rst:457  #: ../../configuration/firewall/general-legacy.rst:347  msgid "Define log-level. Only applicable if rule log is enable."  msgstr "Defina el nivel de registro. Solo se aplica si el registro de reglas está habilitado." -#: ../../configuration/firewall/general.rst:468 +#: ../../configuration/firewall/general.rst:470  #: ../../configuration/firewall/general-legacy.rst:354  msgid "Define log group to send message to. Only applicable if rule log is enable."  msgstr "Defina el grupo de registro al que enviar el mensaje. Solo se aplica si el registro de reglas está habilitado." -#: ../../configuration/firewall/general.rst:495 +#: ../../configuration/firewall/general.rst:497  #: ../../configuration/firewall/general-legacy.rst:369  msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined."  msgstr "Defina la cantidad de paquetes para poner en cola dentro del kernel antes de enviarlos al espacio de usuario. Solo se aplica si el registro de reglas está habilitado y el grupo de registros está definido." @@ -4300,6 +4300,10 @@ msgstr "Deshabilitar un compañero BFD"  msgid "Disable a container."  msgstr "Deshabilitar un contenedor." +#: ../../configuration/firewall/general.rst:1290 +msgid "Disable conntrack loose track option" +msgstr "Disable conntrack loose track option" +  #: ../../configuration/service/dhcp-relay.rst:50  msgid "Disable dhcp-relay service."  msgstr "Deshabilite el servicio de retransmisión dhcp." @@ -4872,7 +4876,7 @@ msgstr "Habilite o deshabilite VyOS para que se ajuste a :rfc:`1337`. Se modific  msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:"  msgstr "Habilite o deshabilite si VyOS usa cookies IPv4 TCP SYN. Se modificará el siguiente parámetro del sistema:" -#: ../../configuration/firewall/general.rst:431 +#: ../../configuration/firewall/general.rst:433  #: ../../configuration/firewall/general-legacy.rst:340  msgid "Enable or disable logging for the matched packet."  msgstr "Habilite o deshabilite el registro para el paquete coincidente." @@ -5719,7 +5723,7 @@ msgstr "Ejemplo de solo IPv6:"  msgid "Example Network"  msgstr "Red de ejemplo" -#: ../../configuration/firewall/general.rst:1457 +#: ../../configuration/firewall/general.rst:1502  #: ../../configuration/firewall/general-legacy.rst:979  msgid "Example Partial Config"  msgstr "Ejemplo de configuración parcial" @@ -5740,6 +5744,10 @@ msgstr "Ejemplo para configurar una VPN L2TP simple sobre IPsec para acceso remo  msgid "Example of redirection:"  msgstr "Ejemplo de redirección:" +#: ../../configuration/firewall/general.rst:1285 +msgid "Example synproxy" +msgstr "Example synproxy" +  #: ../../configuration/interfaces/bridge.rst:187  #: ../../configuration/interfaces/macsec.rst:153  #: ../../configuration/interfaces/wireless.rst:541 @@ -5921,7 +5929,7 @@ msgstr "cortafuegos"  msgid "Firewall-Legacy"  msgstr "Firewall-Legacy" -#: ../../configuration/firewall/general.rst:500 +#: ../../configuration/firewall/general.rst:502  msgid "Firewall Description"  msgstr "Firewall Description" @@ -5930,7 +5938,7 @@ msgstr "Firewall Description"  msgid "Firewall Exceptions"  msgstr "Excepciones de cortafuegos" -#: ../../configuration/firewall/general.rst:415 +#: ../../configuration/firewall/general.rst:417  msgid "Firewall Logs"  msgstr "Firewall Logs" @@ -6162,7 +6170,7 @@ msgstr "Para una escalabilidad óptima, no se debe usar Multicast en absoluto, s  msgid "For outbound updates the order of preference is:"  msgstr "Para las actualizaciones salientes, el orden de preferencia es:" -#: ../../configuration/firewall/general.rst:502 +#: ../../configuration/firewall/general.rst:504  msgid "For reference, a description can be defined for every single rule, and for every defined custom chain."  msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -8520,7 +8528,7 @@ msgstr "Registre los eventos de seguimiento de conexión por protocolo."  msgid "Logging"  msgstr "Inicio sesión" -#: ../../configuration/firewall/general.rst:417 +#: ../../configuration/firewall/general.rst:419  msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined."  msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." @@ -8713,7 +8721,7 @@ msgstr "Haga coincidir grandes comunidades BGP."  msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_."  msgstr "Haga coincidir las direcciones IP en función de su geolocalización. Más información: `coincidencia geoip<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching> `_." -#: ../../configuration/firewall/general.rst:715 +#: ../../configuration/firewall/general.rst:717  msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes."  msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -8725,17 +8733,17 @@ msgstr "Coincide con el resultado de la validación de RPKI."  msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol."  msgstr "Coincidir con un criterio de protocolo. Un número de protocolo o un nombre que se define en: ``/etc/protocols``. Los nombres especiales son ``all`` para todos los protocolos y ``tcp_udp`` para paquetes basados en tcp y udp. El ``!`` niega el protocolo seleccionado." -#: ../../configuration/firewall/general.rst:1096 +#: ../../configuration/firewall/general.rst:1098  #: ../../configuration/firewall/general-legacy.rst:671  msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol."  msgstr "Coincidir con un criterio de protocolo. Un número de protocolo o un nombre que se define aquí: ``/etc/protocols``. Los nombres especiales son ``all`` para todos los protocolos y ``tcp_udp`` para paquetes basados en tcp y udp. El ``!`` niega el protocolo seleccionado." -#: ../../configuration/firewall/general.rst:1163 +#: ../../configuration/firewall/general.rst:1165  #: ../../configuration/firewall/general-legacy.rst:709  msgid "Match against the state of a packet."  msgstr "Comparar con el estado de un paquete." -#: ../../configuration/firewall/general.rst:929 +#: ../../configuration/firewall/general.rst:931  #: ../../configuration/firewall/general-legacy.rst:590  msgid "Match based on dscp value."  msgstr "Coincidencia basada en el valor de dscp." @@ -8744,18 +8752,18 @@ msgstr "Coincidencia basada en el valor de dscp."  msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported."  msgstr "Coincidencia basada en criterios de valor de dscp. Se admiten múltiples valores de 0 a 63 y rangos." -#: ../../configuration/firewall/general.rst:942 +#: ../../configuration/firewall/general.rst:944  #: ../../configuration/firewall/general-legacy.rst:597  msgid "Match based on fragment criteria."  msgstr "Coincidencia basada en criterios de fragmentos." -#: ../../configuration/firewall/general.rst:961 +#: ../../configuration/firewall/general.rst:963  #: ../../configuration/firewall/general-legacy.rst:604  #: ../../configuration/policy/route.rst:131  msgid "Match based on icmp|icmpv6 code and type."  msgstr "Coincidencia basada en código y tipo icmp|icmpv6." -#: ../../configuration/firewall/general.rst:980 +#: ../../configuration/firewall/general.rst:982  #: ../../configuration/firewall/general-legacy.rst:610  msgid "Match based on icmp|icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported."  msgstr "Coincidencia basada en criterios de nombre de tipo icmp|icmpv6. Use la pestaña para obtener información sobre qué criterios de **nombre de tipo** se admiten." @@ -8768,57 +8776,57 @@ msgstr "Coincidencia basada en criterios de nombre de tipo icmp|icmpv6. Use la p  msgid "Match based on inbound/outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"  msgstr "Coincidencia basada en la interfaz de entrada/salida. Se puede utilizar Wilcard ``*``. Por ejemplo: ``eth2*``" -#: ../../configuration/firewall/general.rst:992 +#: ../../configuration/firewall/general.rst:994  msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"  msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:1018 +#: ../../configuration/firewall/general.rst:1020  #: ../../configuration/firewall/general-legacy.rst:630  msgid "Match based on ipsec criteria."  msgstr "Coincidencia basada en criterios de ipsec." -#: ../../configuration/firewall/general.rst:1004 +#: ../../configuration/firewall/general.rst:1006  msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``"  msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" -#: ../../configuration/firewall/general.rst:1069 +#: ../../configuration/firewall/general.rst:1071  #: ../../configuration/firewall/general-legacy.rst:656  #: ../../configuration/policy/route.rst:176  msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported."  msgstr "Coincidencia basada en criterios de longitud de paquete. Se admiten varios valores de 1 a 65535 y rangos." -#: ../../configuration/firewall/general.rst:1083 +#: ../../configuration/firewall/general.rst:1085  #: ../../configuration/firewall/general-legacy.rst:664  #: ../../configuration/policy/route.rst:184  msgid "Match based on packet type criteria."  msgstr "Coincidencia basada en criterios de tipo de paquete." -#: ../../configuration/firewall/general.rst:1044 +#: ../../configuration/firewall/general.rst:1046  #: ../../configuration/firewall/general-legacy.rst:644  msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**"  msgstr "Coincidencia basada en la tasa promedio máxima, especificada como **entero/unidad**. Por ejemplo **5/minutos**" -#: ../../configuration/firewall/general.rst:1031 +#: ../../configuration/firewall/general.rst:1033  #: ../../configuration/firewall/general-legacy.rst:637  msgid "Match based on the maximum number of packets to allow in excess of rate."  msgstr "Coincidencia basada en el número máximo de paquetes que se permiten por encima de la tasa." -#: ../../configuration/firewall/general.rst:1129 +#: ../../configuration/firewall/general.rst:1131  #: ../../configuration/firewall/general-legacy.rst:689  msgid "Match bases on recently seen sources."  msgstr "Coincide con las bases de las fuentes vistas recientemente." -#: ../../configuration/firewall/general.rst:567 +#: ../../configuration/firewall/general.rst:569  #: ../../configuration/firewall/general-legacy.rst:394  msgid "Match criteria based on connection mark."  msgstr "Criterios de coincidencia basados en la marca de conexión." -#: ../../configuration/firewall/general.rst:554 +#: ../../configuration/firewall/general.rst:556  #: ../../configuration/firewall/general-legacy.rst:387  msgid "Match criteria based on nat connection status."  msgstr "Criterios de coincidencia basados en el estado de la conexión nacional." -#: ../../configuration/firewall/general.rst:591 +#: ../../configuration/firewall/general.rst:593  msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses."  msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." @@ -8826,7 +8834,7 @@ msgstr "Match criteria based on source and/or destination address. This is simil  msgid "Match domain name"  msgstr "Coincidencia de nombre de dominio" -#: ../../configuration/firewall/general.rst:1239 +#: ../../configuration/firewall/general.rst:1241  #: ../../configuration/firewall/general-legacy.rst:732  #: ../../configuration/policy/route.rst:234  msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -8840,18 +8848,18 @@ msgstr "Coincide con la preferencia local."  msgid "Match route metric."  msgstr "Coincidir con la métrica de la ruta." -#: ../../configuration/firewall/general.rst:1227 +#: ../../configuration/firewall/general.rst:1229  #: ../../configuration/firewall/general-legacy.rst:726  #: ../../configuration/policy/route.rst:229  msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'."  msgstr "Igualar el tiempo de vida del parámetro, donde 'eq' significa 'igual'; 'gt' significa 'mayor que' y 'lt' significa 'menor que'." -#: ../../configuration/firewall/general.rst:1264 +#: ../../configuration/firewall/general.rst:1266  #: ../../configuration/firewall/general-legacy.rst:742  msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts."  msgstr "Coincidencia cuando se ve la cantidad de conexiones 'recuento' dentro de 'tiempo'. Estos criterios coincidentes se pueden utilizar para bloquear los intentos de fuerza bruta." -#: ../../configuration/firewall/general.rst:539 +#: ../../configuration/firewall/general.rst:541  #: ../../configuration/firewall/general-legacy.rst:378  #: ../../configuration/policy/route.rst:38  msgid "Matching criteria" @@ -9028,7 +9036,7 @@ msgstr "Se pueden especificar varios servidores."  msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!"  msgstr "Se pueden utilizar múltiples servicios por interfaz. ¡Simplemente especifique tantos servicios por interfaz como desee!" -#: ../../configuration/firewall/general.rst:775 +#: ../../configuration/firewall/general.rst:777  #: ../../configuration/firewall/general-legacy.rst:515  msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:"  msgstr "Se pueden especificar varios puertos de origen como una lista separada por comas. La lista completa también se puede "negar" usando ``!``. Por ejemplo:" @@ -9554,7 +9562,7 @@ msgstr "Solo se aceptan paquetes con etiquetas 802.1Q en vifs de Ethernet."  msgid "Only VRRP is supported. Required option."  msgstr "Solo se admite VRRP. Opción requerida." -#: ../../configuration/firewall/general.rst:736 +#: ../../configuration/firewall/general.rst:738  #: ../../configuration/firewall/general-legacy.rst:490  msgid "Only in the source criteria, you can specify a mac-address."  msgstr "Solo en los criterios de origen, puede especificar una dirección MAC." @@ -9688,7 +9696,7 @@ msgstr "Modos de funcionamiento"  msgid "Operation"  msgstr "Operación" -#: ../../configuration/firewall/general.rst:1269 +#: ../../configuration/firewall/general.rst:1314  #: ../../configuration/firewall/general-legacy.rst:778  msgid "Operation-mode Firewall"  msgstr "Cortafuegos en modo operativo" @@ -9864,7 +9872,7 @@ msgstr "Descripción general"  msgid "Overview and basic concepts"  msgstr "Resumen y conceptos básicos" -#: ../../configuration/firewall/general.rst:1423 +#: ../../configuration/firewall/general.rst:1468  #: ../../configuration/firewall/general-legacy.rst:908  msgid "Overview of defined groups. You see the type, the members, and where the group is used."  msgstr "Resumen de grupos definidos. Verá el tipo, los miembros y dónde se usa el grupo." @@ -10355,7 +10363,7 @@ msgstr "Proporcione una descripción del grupo de direcciones IPv4 o IPv6"  msgid "Provide a IPv4 or IPv6 network group description."  msgstr "Proporcione una descripción del grupo de red IPv4 o IPv6." -#: ../../configuration/firewall/general.rst:520 +#: ../../configuration/firewall/general.rst:522  #: ../../configuration/firewall/general-legacy.rst:334  #: ../../configuration/policy/route.rst:30  msgid "Provide a description for each rule." @@ -10379,7 +10387,7 @@ msgstr "Proporcione una descripción del grupo de puertos."  msgid "Provide a rule-set description."  msgstr "Proporcione una descripción del conjunto de reglas." -#: ../../configuration/firewall/general.rst:508 +#: ../../configuration/firewall/general.rst:510  msgid "Provide a rule-set description to a custom firewall chain."  msgstr "Provide a rule-set description to a custom firewall chain." @@ -10808,6 +10816,10 @@ msgstr "Requisitos"  msgid "Requirements:"  msgstr "Requisitos:" +#: ../../configuration/firewall/general.rst:1286 +msgid "Requirements to enable synproxy:" +msgstr "Requirements to enable synproxy:" +  #: ../../configuration/protocols/bgp.rst:1063  #: ../../configuration/protocols/mpls.rst:248  msgid "Reset" @@ -11012,7 +11024,7 @@ msgstr "Las tablas de enrutamiento que se utilizarán en este ejemplo son:"  msgid "Rule-Sets"  msgstr "Conjuntos de reglas" -#: ../../configuration/firewall/general.rst:1272 +#: ../../configuration/firewall/general.rst:1317  #: ../../configuration/firewall/general-legacy.rst:781  msgid "Rule-set overview"  msgstr "Descripción general del conjunto de reglas" @@ -11033,7 +11045,7 @@ msgstr "La regla 20 coincide con las solicitudes con rutas URL que terminan en `  msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``"  msgstr "La regla 20 hace coincidir las solicitudes con el nombre de dominio ``node2.example.com`` reenvía al backend ``bk-api-02``" -#: ../../configuration/firewall/general.rst:524 +#: ../../configuration/firewall/general.rst:526  msgid "Rule Status"  msgstr "Rule Status" @@ -11388,6 +11400,10 @@ msgstr "Establezca la regla SNAT 30 para que solo lleguen paquetes NAT de la red  msgid "Set SSL certeficate <name> for service <name>"  msgstr "Establecer certificado SSL<name> para servicio<name>" +#: ../../configuration/firewall/general.rst:1278 +msgid "Set TCP-MSS (maximum segment size) for the connection" +msgstr "Set TCP-MSS (maximum segment size) for the connection" +  #: ../../configuration/service/dns.rst:267  msgid "Set TTL to 300 seconds"  msgstr "Establecer TTL a 300 segundos" @@ -11935,6 +11951,10 @@ msgstr "Establezca el tiempo de espera en segundos para un protocolo o estado en  msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created."  msgstr "Establezca la identificación del túnel, que es un valor entero de 32 bits. Identifica de forma exclusiva el túnel en el que se creará la sesión." +#: ../../configuration/firewall/general.rst:1282 +msgid "Set the window scale factor for TCP window scaling" +msgstr "Set the window scale factor for TCP window scaling" +  #: ../../configuration/system/login.rst:124  msgid "Set window of concurrently valid codes."  msgstr "Establecer ventana de códigos válidos concurrentemente." @@ -12048,7 +12068,7 @@ msgstr "Mostrar el archivo de registro del demonio del servidor DHCP"  msgid "Show DHCPv6 server daemon log file"  msgstr "Mostrar el archivo de registro del demonio del servidor DHCPv6" -#: ../../configuration/firewall/general.rst:1444 +#: ../../configuration/firewall/general.rst:1489  #: ../../configuration/firewall/general-legacy.rst:965  msgid "Show Firewall log"  msgstr "Mostrar registro de cortafuegos" @@ -12296,7 +12316,7 @@ msgstr "Muestra la lista de todos los contenedores activos."  msgid "Show the local container images."  msgstr "Muestra las imágenes del contenedor local." -#: ../../configuration/firewall/general.rst:1448 +#: ../../configuration/firewall/general.rst:1493  #: ../../configuration/firewall/general-legacy.rst:969  msgid "Show the logs of a specific Rule-Set."  msgstr "Muestra los registros de un conjunto de reglas específico." @@ -12665,7 +12685,7 @@ msgstr "Especifica qué atributo del servidor RADIUS contiene la información de  msgid "Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined."  msgstr "Especifique la dirección de escucha IPv4/IPv6 del servidor SSH. Se pueden definir varias direcciones." -#: ../../configuration/firewall/general.rst:668 +#: ../../configuration/firewall/general.rst:670  #: ../../configuration/firewall/general-legacy.rst:455  msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query."  msgstr "Especifique un nombre de dominio completo como comparador de origen/destino. Asegúrese de que el enrutador pueda resolver dicha consulta DNS." @@ -12951,6 +12971,18 @@ msgstr "Synamic instruye a reenviar a todos los compañeros con los que tenemos  msgid "Sync groups"  msgstr "Sincronizar grupos" +#: ../../configuration/firewall/general.rst:1271 +msgid "Synproxy" +msgstr "Synproxy" + +#: ../../configuration/firewall/general.rst:1272 +msgid "Synproxy connections" +msgstr "Synproxy connections" + +#: ../../configuration/firewall/general.rst:1289 +msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" +msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" +  #: ../../configuration/interfaces/pppoe.rst:327  msgid "Syntax has changed from VyOS 1.2 (crux) and it will be automatically migrated during an upgrade."  msgstr "La sintaxis ha cambiado desde VyOS 1.2 (crux) y se migrará automáticamente durante una actualización." @@ -14131,7 +14163,7 @@ msgstr "Hay una variedad de interfaces GUI de cliente para cualquier plataforma"  msgid "There are 3 default NTP server set. You are able to change them."  msgstr "Hay 3 servidores NTP predeterminados establecidos. Usted es capaz de cambiarlos." -#: ../../configuration/firewall/general.rst:541 +#: ../../configuration/firewall/general.rst:543  #: ../../configuration/firewall/general-legacy.rst:380  msgid "There are a lot of matching criteria against which the package can be tested."  msgstr "Hay muchos criterios coincidentes con los que se puede probar el paquete." @@ -15341,7 +15373,7 @@ msgstr "Este comando generará una ruta predeterminada en la base de datos L1."  msgid "This command will generate a default-route in L2 database."  msgstr "Este comando generará una ruta predeterminada en la base de datos L2." -#: ../../configuration/firewall/general.rst:1419 +#: ../../configuration/firewall/general.rst:1464  #: ../../configuration/firewall/general-legacy.rst:904  msgid "This command will give an overview of a rule in a single rule-set"  msgstr "Este comando brindará una descripción general de una regla en un solo conjunto de reglas" @@ -15350,7 +15382,7 @@ msgstr "Este comando brindará una descripción general de una regla en un solo  msgid "This command will give an overview of a rule in a single rule-set."  msgstr "Este comando le dará una descripción general de una regla en un solo conjunto de reglas." -#: ../../configuration/firewall/general.rst:1397 +#: ../../configuration/firewall/general.rst:1442  #: ../../configuration/firewall/general-legacy.rst:932  msgid "This command will give an overview of a single rule-set."  msgstr "Este comando le dará una visión general de un solo conjunto de reglas." @@ -15478,7 +15510,7 @@ msgstr "Este ejemplo muestra cómo apuntar una abrazadera MSS (en nuestro ejempl  msgid "This feature summarises originated external LSAs (Type-5 and Type-7). Summary Route will be originated on-behalf of all matched external LSAs."  msgstr "Esta característica resume los LSA externos originados (Tipo 5 y Tipo 7). La ruta resumida se originará en nombre de todos los LSA externos coincidentes." -#: ../../configuration/firewall/general.rst:631 +#: ../../configuration/firewall/general.rst:633  #: ../../configuration/firewall/general-legacy.rst:431  msgid "This functions for both individual addresses and address groups."  msgstr "Esto funciona tanto para direcciones individuales como para grupos de direcciones." @@ -15719,7 +15751,7 @@ msgstr "Esto llevó a algunos ISP a desarrollar una política dentro del :abbr:`  msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed."  msgstr "Esta configuración obligatoria define la acción de la regla actual. Si la acción se establece en ``jump``, entonces también se necesita ``jump-target``." -#: ../../configuration/firewall/general.rst:365 +#: ../../configuration/firewall/general.rst:367  msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed."  msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." @@ -15765,7 +15797,7 @@ msgstr "Esta sección necesita mejoras, ejemplos y explicaciones."  msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed."  msgstr "Esto establece la acción predeterminada del conjunto de reglas si ninguna regla coincide con un criterio de paquete. Si la acción predeterminada se establece en ``jump``, entonces también se necesita ``default-jump-target``." -#: ../../configuration/firewall/general.rst:397 +#: ../../configuration/firewall/general.rst:399  msgid "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available."  msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." @@ -15873,7 +15905,7 @@ msgstr "Esto hará coincidir el tráfico TCP con el puerto de origen 80."  msgid "This will render the following ddclient_ configuration entry:"  msgstr "Esto generará la siguiente entrada de configuración ddclient_:" -#: ../../configuration/firewall/general.rst:1276 +#: ../../configuration/firewall/general.rst:1321  #: ../../configuration/firewall/general-legacy.rst:785  msgid "This will show you a basic firewall overview"  msgstr "Esto le mostrará una descripción general básica del firewall" @@ -15882,12 +15914,12 @@ msgstr "Esto le mostrará una descripción general básica del firewall"  msgid "This will show you a rule-set statistic since the last boot."  msgstr "Esto le mostrará una estadística de conjunto de reglas desde el último arranque." -#: ../../configuration/firewall/general.rst:1441 +#: ../../configuration/firewall/general.rst:1486  #: ../../configuration/firewall/general-legacy.rst:900  msgid "This will show you a statistic of all rule-sets since the last boot."  msgstr "Esto le mostrará una estadística de todos los conjuntos de reglas desde el último arranque." -#: ../../configuration/firewall/general.rst:1339 +#: ../../configuration/firewall/general.rst:1384  #: ../../configuration/firewall/general-legacy.rst:851  msgid "This will show you a summary of rule-sets and groups"  msgstr "Esto le mostrará un resumen de conjuntos de reglas y grupos." @@ -15932,7 +15964,7 @@ msgstr "Tiempo en segundos que el prefijo seguirá siendo válido (predeterminad  msgid "Time is in minutes and defaults to 60."  msgstr "El tiempo es en minutos y el valor predeterminado es 60." -#: ../../configuration/firewall/general.rst:1216 +#: ../../configuration/firewall/general.rst:1218  #: ../../configuration/firewall/general-legacy.rst:722  #: ../../configuration/policy/route.rst:225  msgid "Time to match the defined rule." @@ -15983,12 +16015,12 @@ msgstr "Para asignar automáticamente al cliente una dirección IP como extremo  msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target."  msgstr "Para ser usado solo cuando ``action`` se establece en ``jump``. Utilice este comando para especificar el objetivo de salto." -#: ../../configuration/firewall/general.rst:406 +#: ../../configuration/firewall/general.rst:408  #: ../../configuration/firewall/general-legacy.rst:295  msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule."  msgstr "Para usarse solo cuando ``defult-action`` está configurado en ``jump``. Utilice este comando para especificar el destino de salto para la regla predeterminada." -#: ../../configuration/firewall/general.rst:379 +#: ../../configuration/firewall/general.rst:381  msgid "To be used only when action is set to jump. Use this command to specify jump target."  msgstr "To be used only when action is set to jump. Use this command to specify jump target." @@ -16222,6 +16254,10 @@ msgstr "El tráfico de las fuentes de multidifusión irá al punto de encuentro  msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)."  msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using MLD (Multicast Listener Discovery)." +#: ../../configuration/firewall/general.rst:1288 +msgid "Traffic must be symmetric" +msgstr "Traffic must be symmetric" +  #: ../../configuration/highavailability/index.rst:322  msgid "Transition scripts"  msgstr "Guiones de transición" @@ -16347,7 +16383,7 @@ msgstr "Actualizar"  msgid "Update container image"  msgstr "Actualizar la imagen del contenedor" -#: ../../configuration/firewall/general.rst:1502 +#: ../../configuration/firewall/general.rst:1547  #: ../../configuration/firewall/general-legacy.rst:1050  msgid "Update geoip database"  msgstr "Actualizar base de datos geoip" @@ -16401,27 +16437,27 @@ msgstr "Use `eliminar módulos de seguimiento del sistema` para desactivar todos  msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations."  msgstr "Utilice una conexión LDAP persistente. Normalmente, la conexión LDAP solo se abre mientras se valida un nombre de usuario para preservar los recursos en el servidor LDAP. Esta opción hace que la conexión LDAP se mantenga abierta, lo que permite reutilizarla para posteriores validaciones de usuarios." -#: ../../configuration/firewall/general.rst:804 +#: ../../configuration/firewall/general.rst:806  #: ../../configuration/firewall/general-legacy.rst:531  msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Utilice un grupo de direcciones específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/general.rst:879 +#: ../../configuration/firewall/general.rst:881  #: ../../configuration/firewall/general-legacy.rst:567  msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Utilice un grupo de dominio específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/general.rst:904 +#: ../../configuration/firewall/general.rst:906  #: ../../configuration/firewall/general-legacy.rst:579  msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Utilice un grupo Mac específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/general.rst:829 +#: ../../configuration/firewall/general.rst:831  #: ../../configuration/firewall/general-legacy.rst:543  msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Utilice un grupo de red específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/general.rst:854 +#: ../../configuration/firewall/general.rst:856  #: ../../configuration/firewall/general-legacy.rst:555  msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria."  msgstr "Utilice un grupo de puertos específico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." @@ -16957,7 +16993,7 @@ msgstr "Utilice este comando para permitir que el enrutador local intente conect  msgid "Use this command to enable the logging of the default action."  msgstr "Utilice este comando para habilitar el registro de la acción predeterminada." -#: ../../configuration/firewall/general.rst:436 +#: ../../configuration/firewall/general.rst:438  msgid "Use this command to enable the logging of the default action on custom chains."  msgstr "Use this command to enable the logging of the default action on custom chains." @@ -17791,7 +17827,7 @@ msgstr "Al configurar su filtro, puede usar la tecla ``Tab`` para ver los difere  msgid "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use."  msgstr "A la hora de configurar tu política de tráfico tendrás que establecer valores de tasa de datos, ojo con las unidades que estás gestionando, es fácil confundirse con los diferentes prefijos y sufijos que puedes utilizar. VyOS siempre te mostrará las diferentes unidades que puedes usar." -#: ../../configuration/firewall/general.rst:526 +#: ../../configuration/firewall/general.rst:528  msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it."  msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." @@ -19645,6 +19681,10 @@ msgstr "``static`` - Rutas configuradas estáticamente"  msgid "``station`` - Connects to another access point"  msgstr "``estación`` - Se conecta a otro punto de acceso" +#: ../../configuration/firewall/general.rst:354 +msgid "``synproxy``: synproxy the packet." +msgstr "``synproxy``: synproxy the packet." +  #: ../../configuration/system/sysctl.rst:9  msgid "``sysctl`` is used to modify kernel parameters at runtime.  The parameters available are those listed under /proc/sys/."  msgstr "``sysctl`` se usa para modificar los parámetros del kernel en tiempo de ejecución. Los parámetros disponibles son los que se enumeran en /proc/sys/." diff --git a/docs/_static/images/firewall-netfilter.png b/docs/_static/images/firewall-netfilter.pngBinary files differ new file mode 100644 index 00000000..dde3766b --- /dev/null +++ b/docs/_static/images/firewall-netfilter.png diff --git a/docs/_static/images/firewall-traditional.png b/docs/_static/images/firewall-traditional.pngBinary files differ new file mode 100644 index 00000000..7eb2b49d --- /dev/null +++ b/docs/_static/images/firewall-traditional.png diff --git a/docs/_static/images/firewall-zonebased.png b/docs/_static/images/firewall-zonebased.pngBinary files differ new file mode 100644 index 00000000..46b2f623 --- /dev/null +++ b/docs/_static/images/firewall-zonebased.png diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 52b7d2f3..ef74b249 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,12 @@     _ext/releasenotes.py +2023-09-20 +========== + +* :vytask:`T5271` ``(default): Add support for peer-fingerprint to OpenVPN`` + +  2023-09-11  ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index f0b4442d..215a22e2 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,50 @@     _ext/releasenotes.py +2023-09-24 +========== + +* :vytask:`T5511` ``(feature): Cleanup of unused directories (and files) in order to shrink image-size`` + + +2023-09-23 +========== + +* :vytask:`T5518` ``(default): Add MLD protocol support`` + + +2023-09-22 +========== + +* :vytask:`T5602` ``(feature): For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration`` +* :vytask:`T5609` ``(enhancment): Add util to get drive device name from id`` +* :vytask:`T5608` ``(enhancment): Rewrite add/delete raid member to Python and remove from vyatta-op`` +* :vytask:`T5607` ``(bug): Adjust RAID smoketest for non-deterministic SCSI device probing`` + + +2023-09-20 +========== + +* :vytask:`T5588` ``(bug): Add kernel conntrack_bridge module`` +* :vytask:`T5271` ``(default): Add support for peer-fingerprint to OpenVPN`` +* :vytask:`T5241` ``(feature): Support veth interfaces to working with netns`` +* :vytask:`T5238` ``(default): interface virtual-etherne - error when it doesn't use a peer`` +* :vytask:`T5592` ``(feature): salt: upgrade minion to 3005.2`` + + +2023-09-19 +========== + +* :vytask:`T5597` ``(feature): isis: add new features from FRR 9.`` +* :vytask:`T4284` ``(feature): QoS: rewrite to XML and Python`` + + +2023-09-18 +========== + +* :vytask:`T5419` ``(feature): Software/Hardware fastpath with nftables flowtable`` + +  2023-09-15  ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index ea23b0c7..1d4333f7 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,43 @@     _ext/releasenotes.py +2023-09-24 +========== + +* :vytask:`T5604` ``(bug): List of debian archives is out of date (non-free-firmware is missing)`` +* :vytask:`T5591` ``(feature): Cleanup of FRR daemons-file and various FRR fixes`` + + +2023-09-22 +========== + +* :vytask:`T5602` ``(feature): For reverse-proxy type of load-balancing feature, support "backup" option in backends configuration`` +* :vytask:`T5609` ``(enhancment): Add util to get drive device name from id`` +* :vytask:`T5608` ``(enhancment): Rewrite add/delete raid member to Python and remove from vyatta-op`` +* :vytask:`T5607` ``(bug): Adjust RAID smoketest for non-deterministic SCSI device probing`` + + +2023-09-20 +========== + +* :vytask:`T5588` ``(bug): Add kernel conntrack_bridge module`` +* :vytask:`T5241` ``(feature): Support veth interfaces to working with netns`` +* :vytask:`T5592` ``(feature): salt: upgrade minion to 3005.2`` +* :vytask:`T5590` ``(default): Firewall "log enable" logs every packet`` + + +2023-09-19 +========== + +* :vytask:`T5597` ``(feature): isis: add new features from FRR 9.`` + + +2023-09-18 +========== + +* :vytask:`T5575` ``(bug): ARP/NDP table-size isnt set properly`` + +  2023-09-15  ========== diff --git a/docs/configuration/firewall/general-legacy.rst b/docs/configuration/firewall/general-legacy.rst index 041dd8aa..5d235eb8 100644 --- a/docs/configuration/firewall/general-legacy.rst +++ b/docs/configuration/firewall/general-legacy.rst @@ -1,10 +1,10 @@  :lastproofread: 2021-06-29 -.. _firewall-legacy: +.. _legacy-firewall: -############### -Firewall-Legacy -############### +################################### +Firewall Configuration (Deprecated) +###################################  .. note:: **Important note:**     This documentation is valid only for VyOS Sagitta prior to diff --git a/docs/configuration/firewall/general.rst b/docs/configuration/firewall/general.rst index d2bc1435..3fe876f2 100644 --- a/docs/configuration/firewall/general.rst +++ b/docs/configuration/firewall/general.rst @@ -1,10 +1,10 @@ -:lastproofread: 2021-06-29 +:lastproofread: 2023-09-17 -.. _firewall: +.. _firewall-configuration: -######## -Firewall -######## +###################### +Firewall Configuration +######################  ********  Overview @@ -17,48 +17,41 @@ The firewall supports the creation of groups for addresses, domains,  interfaces, mac-addresses, networks and port groups. This groups can be used  later in firewall ruleset as desired. -.. note:: **Important note on usage of terms:** -   The firewall makes use of the terms `forward`, `input`, and `output` -   for firewall policy. More information of Netfilter hooks and Linux -   networking packet flows can be found in `Netfilter-Hooks -   <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ - -  Main structure is shown next:  .. code-block:: none     - set firewall         * global-options -           + all-ping -           + broadcast-ping -           + ... +            + all-ping +            + broadcast-ping +            + ...         * group -           - address-group -           - ipv6-address-group -           - network-group -           - ipv6-network-group -           - interface-group -           - mac-group -           - port-group -           - domain-group +            - address-group +            - ipv6-address-group +            - network-group +            - ipv6-network-group +            - interface-group +            - mac-group +            - port-group +            - domain-group         * ipv4 -           - forward +            - forward                 + filter -           - input +            - input                 + filter -           - output +            - output                 + filter -           - name +            - name                 + custom_name         * ipv6 -           - forward +            - forward                 + filter -           - input +            - input                 + filter -           - output +            - output                 + filter -           - ipv6-name +            - ipv6-name                 + custom_name  Where, main key words and configuration paths that needs to be understood: diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 567e48a0..4b923143 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -1,24 +1,85 @@ +:lastproofread: 2023-09-17 +  ########  Firewall  ######## -Starting from VyOS 1.4-rolling-202308040557, a new firewall structure -can be found on all vyos installations. Documentation for most new firewall -cli can be found here: +.. attention::  +   Starting from VyOS 1.4-rolling-202308040557, a new firewall structure +   can be found on all vyos installations. + +.. note::  +   The legacy and zone-based firewall configuration options is not longer +   supported. They are here for reference purposes only. +Netfilter based +^^^^^^^^^^^^^^^  .. toctree::     :maxdepth: 1     :includehidden:     general -Also, for those who haven't updated to newer version, legacy documentation is -still present and valid for all sagitta version prior to VyOS -1.4-rolling-202308040557: +With VyOS being based on top of Linux and its kernel, the Netfilter project created +the iptables and now the successor nftables for the Linux kernel to work directly +on the data flows. This now extends the concept of zone-based security to allow +for manipulating the data at multiple stages once accepted by the network interface +and the driver before being handed off to the destination (e.g. a web server OR +another device). + +To configure VyOS with the new :doc:`firewall configuration </configuration/firewall/general>` + +The only stages VyOS will process as part of the firewall configuration is the  +`forward` (F4 stage), `input` (L4 stage), and `output` (L5 stage). All the other +stages and steps are for reference and cant be manipulated through VyOS. + +In this example image, a simplifed traffic flow is shown to help provide context +to the terms of `forward`, `input`, and `output` for the new firewall CLI format. +.. figure:: /_static/images/firewall-netfilter.png + +.. note:: **For more information** +   of Netfilter hooks and Linux networking packet flows can be +   found in `Netfilter-Hooks +   <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ + +Legacy Firewall +^^^^^^^^^^^^^^^  .. toctree::     :maxdepth: 1     :includehidden:     general-legacy + +Traditionally firewalls weere configured with the concept of data going in and +out of an interface. The router just listened to the data flowing through and +responding as required if it was directed at the router itself. + +To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` + +As the example image below shows, the device was configured with rules blocking +inbound or outbound traffic on each interface. + +.. figure:: /_static/images/firewall-traditional.png + +Zone-based firewall +^^^^^^^^^^^^^^^^^^^ +.. toctree:: +   :maxdepth: 1 +   :includehidden: +     zone + +With zone-based firewalls a new concept was implemented, in addtion to the standard +in and out traffic flows, a local flow was added. This local was for traffic +originating and destined to the router itself. Which means additional rules were  +required to secure the firewall itself from the network, in addition to the existing +inbound and outbound rules from the traditional concept above. + +To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>` + +As the example image below shows, the device now needs rules to allow/block traffic +to or from the services running on the device that have open connections on that +interface. + +.. figure:: /_static/images/firewall-zonebased.png diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index a2069e0d..38869c32 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -2,9 +2,9 @@  .. _firewall-zone: -################### -Zone Based Firewall -################### +################################ +Zone Based Firewall (Deprecated) +################################  .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall     structure can be found on all vyos instalations, and zone based firewall is diff --git a/docs/installation/virtual/libvirt.rst b/docs/installation/virtual/libvirt.rst index 09d2cfed..5bc16273 100644 --- a/docs/installation/virtual/libvirt.rst +++ b/docs/installation/virtual/libvirt.rst @@ -25,7 +25,6 @@ the virtual network (type Virtio) created by the hypervisor with NAT.      --ram 4096 \      --vcpus 2 \      --cdrom /var/lib/libvirt/images/vyos.iso \ -    --os-type linux \      --os-variant debian10 \      --network network=default \      --graphics vnc \ @@ -68,7 +67,6 @@ Create VM with ``import`` qcow2 disk option.    $ virt-install -n vyos_r2 \       --ram 4096 \       --vcpus 2 \ -     --os-type linux \       --os-variant debian10 \       --network network=default \       --graphics vnc \ @@ -92,6 +90,29 @@ Connect to VM  with command ``virsh console vyos_r2``    vyos@vyos:~$ +If you can not go to this screen + +.. code-block:: none + +  vyos login: vyos +  Password: + +Stayed in this stage. This is because the KVM console is chosen as the default boot option. + +.. code-block:: none + +  Connected to domain vyos_r2 +  Escape character is ^] + +Open a secondary/parallel session and use this command to reboot the VM: + +.. code-block:: none + +  $ virsh reboot vyos_r2 + +Then go to the first session where you opened the console. +Select ``VyOS 1.4.x for QEMU (Serial console)`` and press ``Enter`` +  The system is fully operational.  Virt-manager | 
