diff options
| -rw-r--r-- | CODEOWNERS | 2 | ||||
| -rw-r--r-- | docs/configuration/firewall/groups.rst | 27 | ||||
| -rw-r--r-- | docs/configuration/protocols/ospf.rst | 13 | ||||
| -rw-r--r-- | docs/configuration/system/syslog.rst | 25 | ||||
| -rw-r--r-- | docs/contributing/build-vyos.rst | 2 |
5 files changed, 55 insertions, 14 deletions
@@ -1,2 +1,2 @@ -* @vyos/reviewers +# * @vyos/reviewers * @rebortg
\ No newline at end of file diff --git a/docs/configuration/firewall/groups.rst b/docs/configuration/firewall/groups.rst index b7364154..64221413 100644 --- a/docs/configuration/firewall/groups.rst +++ b/docs/configuration/firewall/groups.rst @@ -37,6 +37,33 @@ In an **address group** a single IP address or IP address range is defined. Provide a IPv4 or IPv6 address group description +Remote Groups +============== + +A **remote-group** takes an argument of a URL hosting a linebreak-deliminated +list of IPv4s addresses, CIDRs and ranges. VyOS will pull this list periodicity +according to the frequency defined in the firewall **resolver-interval** and load +matching entries into the group for use in rules. The list will be cached in +persistent storage, so in cases of update failure rules will still function. + +.. cfgcmd:: set firewall group remote-group <name> url <http(s) url> + + Define remote list of IPv4 addresses/ranges/CIDRs to fetch + +.. cfgcmd:: set firewall group remote-group <name> description <text> + + Set a description for a remote group + +The format of the remote list is very flexible. VyOS will attempt to parse the +first word of each line as an entry, and will skip if it cannot find a valid +match. Below is a list of acceptable matches that would be parsed correctly: + +.. code-block:: none + + 127.0.0.1 + 127.0.0.0/24 + 127.0.0.1-127.0.0.254 + Network Groups ============== diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 9891c77d..ac0ed160 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -1341,9 +1341,8 @@ A typical configuration using 2 nodes. show ipv6 ospfv3 redistribute -.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a - WireGuard interface link. This requires you to configure link-local - addresses manually on the WireGuard interfaces, see :vytask:`T1483`. +Cost calculation wireguard interfaces is unreliable as ospfv3 uses the link speed to calculate the link cost. +You might therefore want to set the link cost to a fixed value on WireGuard tunnels. Example configuration for WireGuard interfaces: @@ -1351,30 +1350,26 @@ Example configuration for WireGuard interfaces: .. code-block:: none - set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64' - set interfaces wireguard wg01 address '192.168.0.1/24' set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0' - set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0' set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345' set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...=' set interfaces wireguard wg01 port '12345' set protocols ospfv3 parameters router-id 192.168.1.1 set protocols ospfv3 interface 'wg01' area 0.0.0.0 + set protocols ospfv3 interface 'wg01' cost 10 set protocols ospfv3 interface 'lo' area 0.0.0.0 **Node 2** .. code-block:: none - set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64' - set interfaces wireguard wg01 address '192.168.0.2/24' set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0' - set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0' set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345' set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...=' set interfaces wireguard wg01 port '12345' set protocols ospfv3 parameters router-id 192.168.1.2 set protocols ospfv3 interface 'wg01' area 0.0.0.0 + set protocols ospfv3 interface 'wg01' cost 10 set protocols ospfv3 interface 'lo' area 0.0.0.0 **Status** diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst index 2a3eaa13..d266131d 100644 --- a/docs/configuration/system/syslog.rst +++ b/docs/configuration/system/syslog.rst @@ -83,13 +83,32 @@ sending the messages via port 514/UDP. Configure protocol used for communication to remote syslog host. This can be either UDP or TCP. +.. cfgcmd:: set system syslog remote <address> port <port> + + Configure the TCP or UDP port to connect to on the remote syslog host. + By default, the standard port 514 is used. + .. cfgcmd:: set system syslog remote <address> format include-timezone - Include system timezone in syslog message + Send syslog messages in the :rfc:`5424` format, rather than the + default :rfc:`3164` (BSD syslog) format. + + .. note:: + The :rfc:`5424` format utilises an :rfc:`3339` / ISO 8601 formatted + timestamp, including the system timezone. + + Examples of the two syslog message formats: + + :rfc:`3164` format: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8 + + :rfc:`5424` format: <34>1 2003-10-11T22:14:15.003-07:00 mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8 .. cfgcmd:: set system syslog remote <address> format octet-counted - Allows for the transmission of all characters inside a syslog message. + Allows for the transmission of multi-line messages, without them being split + across separate syslog messages. This only applies for the TCP protocol + (this setting is ignored for UDP protocol). Ensure the receiving system is + compatible before enabling this. .. cfgcmd:: set system syslog remote <address> vrf <name> @@ -164,7 +183,7 @@ Facilities can be adjusted to meet the needs of the user: +----------+----------+----------------------------------------------------+ | 21 | local5 | local use 5 (local5) | +----------+----------+----------------------------------------------------+ -| 22 | local6 | use 6 (local6) | +| 22 | local6 | local use 6 (local6) | +----------+----------+----------------------------------------------------+ | 23 | local7 | local use 7 (local7) | +----------+----------+----------------------------------------------------+ diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index 623cba78..3226def6 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -702,7 +702,7 @@ needs. We first need to clone the repository from GitHub. .. code-block:: none - $ git clone https://github.com/vyos/vyos-1x + $ git clone --recurse-submodules https://github.com/vyos/vyos-1x Build ===== |