diff options
| -rw-r--r-- | docs/configuration/firewall/groups.rst | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/configuration/firewall/groups.rst b/docs/configuration/firewall/groups.rst index b7364154..64221413 100644 --- a/docs/configuration/firewall/groups.rst +++ b/docs/configuration/firewall/groups.rst @@ -37,6 +37,33 @@ In an **address group** a single IP address or IP address range is defined. Provide a IPv4 or IPv6 address group description +Remote Groups +============== + +A **remote-group** takes an argument of a URL hosting a linebreak-deliminated +list of IPv4s addresses, CIDRs and ranges. VyOS will pull this list periodicity +according to the frequency defined in the firewall **resolver-interval** and load +matching entries into the group for use in rules. The list will be cached in +persistent storage, so in cases of update failure rules will still function. + +.. cfgcmd:: set firewall group remote-group <name> url <http(s) url> + + Define remote list of IPv4 addresses/ranges/CIDRs to fetch + +.. cfgcmd:: set firewall group remote-group <name> description <text> + + Set a description for a remote group + +The format of the remote list is very flexible. VyOS will attempt to parse the +first word of each line as an entry, and will skip if it cannot find a valid +match. Below is a list of acceptable matches that would be parsed correctly: + +.. code-block:: none + + 127.0.0.1 + 127.0.0.0/24 + 127.0.0.1-127.0.0.254 + Network Groups ============== |