summaryrefslogtreecommitdiff
path: root/docs/appendix/examples/zone-policy.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/appendix/examples/zone-policy.rst')
-rw-r--r--docs/appendix/examples/zone-policy.rst22
1 files changed, 11 insertions, 11 deletions
diff --git a/docs/appendix/examples/zone-policy.rst b/docs/appendix/examples/zone-policy.rst
index d159d02d..66cc3338 100644
--- a/docs/appendix/examples/zone-policy.rst
+++ b/docs/appendix/examples/zone-policy.rst
@@ -8,7 +8,7 @@ Native IPv4 and IPv6
We have three networks.
-.. code-block:: sh
+.. code-block:: console
WAN - 172.16.10.0/24, 2001:0DB8:0:9999::0/64
LAN - 192.168.100.0/24, 2001:0DB8:0:AAAA::0/64
@@ -25,7 +25,7 @@ WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30.
It will look something like this:
-.. code-block:: sh
+.. code-block:: console
interfaces {
ethernet eth0 {
@@ -80,7 +80,7 @@ ruleset.
In rules, it is good to keep them named consistently. As the number of rules
you have grows, the more consistency you have, the easier your life will be.
-.. code-block:: sh
+.. code-block:: console
Rule 1 - State Established, Related
Rule 2 - State Invalid
@@ -105,7 +105,7 @@ significant headaches when trying to troubleshoot a connectivity issue.
To add logging to the default rule, do:
-.. code-block:: sh
+.. code-block:: console
set firewall name <ruleSet> enable-default-log
@@ -143,7 +143,7 @@ The following are the rules that were created for this example
(may not be complete), both in IPv4 and IPv6. If there is no IP specified,
then the source/destination address is not explicit.
-.. code-block:: sh
+.. code-block:: console
WAN – DMZ:192.168.200.200 – tcp/80
WAN – DMZ:192.168.200.200 – tcp/443
@@ -195,7 +195,7 @@ then the source/destination address is not explicit.
Since we have 4 zones, we need to setup the following rulesets.
-.. code-block:: sh
+.. code-block:: console
Lan-wan
Lan-local
@@ -217,7 +217,7 @@ connection attempts.
This is an example of the three base rules.
-.. code-block:: sh
+.. code-block:: console
name wan-lan {
default-action drop
@@ -241,7 +241,7 @@ This is an example of the three base rules.
Here is an example of an IPv6 DMZ-WAN ruleset.
-.. code-block:: sh
+.. code-block:: console
ipv6-name dmz-wan-6 {
default-action drop
@@ -317,7 +317,7 @@ zone-policy.
Start by setting the interface and default action for each zone.
-.. code-block:: sh
+.. code-block:: console
set zone-policy zone dmz default-action drop
set zone-policy zone dmz interface eth0.30
@@ -342,7 +342,7 @@ LAN, WAN, DMZ, local and TUN (tunnel)
v6 pairs would be:
-.. code-block:: sh
+.. code-block:: console
lan-tun
lan-local
@@ -363,7 +363,7 @@ You would have to add a couple of rules on your wan-local ruleset to allow proto
Something like:
-.. code-block:: sh
+.. code-block:: console
rule 400 {
action accept
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 23:26:41 +0000