summaryrefslogtreecommitdiff
path: root/docs/configuration/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/firewall')
-rw-r--r--docs/configuration/firewall/bridge.rst24
-rw-r--r--docs/configuration/firewall/flowtables.rst12
-rw-r--r--docs/configuration/firewall/index.rst6
-rw-r--r--docs/configuration/firewall/ipv4.rst22
-rw-r--r--docs/configuration/firewall/ipv6.rst22
-rw-r--r--docs/configuration/firewall/zone.rst2
6 files changed, 44 insertions, 44 deletions
diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst
index 9fb019c5..bcde7beb 100644
--- a/docs/configuration/firewall/bridge.rst
+++ b/docs/configuration/firewall/bridge.rst
@@ -13,7 +13,7 @@ Overview
********
In this section there's useful information of all firewall configuration that
-can be done regarding bridge, and appropiate op-mode commands.
+can be done regarding bridge, and appropriate op-mode commands.
Configuration commands covered in this section:
.. cfgcmd:: set firewall bridge ...
@@ -37,13 +37,13 @@ for this layer is shown next:
.. figure:: /_static/images/firewall-bridge-packet-flow.png
-For traffic that needs to be forwared internally by the bridge, base chain is
+For traffic that needs to be forwarded internally by the bridge, base chain is
is **forward**, and it's base command for filtering is ``set firewall bridge
-forward filter ...``, which happens in stage 4, highlightened with red color.
+forward filter ...``, which happens in stage 4, highlighted with red color.
Custom bridge firewall chains can be create with command ``set firewall bridge
name <name> ...``. In order to use such custom chain, a rule with action jump,
-and the appropiate target should be defined in a base chain.
+and the appropriate target should be defined in a base chain.
.. note:: **Layer 3 bridge**:
When an IP address is assigned to the bridge interface, and if traffic
@@ -137,7 +137,7 @@ not match any rule in it's chain. For base chains, possible options for
.. cfgcmd:: set firewall bridge name <name> default-jump-target <text>
- To be used only when ``defult-action`` is set to ``jump``. Use this
+ To be used only when ``default-action`` is set to ``jump``. Use this
command to specify jump target for default rule.
.. note:: **Important note about default-actions:**
@@ -236,9 +236,9 @@ There are a lot of matching criteria against which the packet can be tested.
.. cfgcmd:: set firewall bridge name <name> rule <1-999999>
inbound-interface name <iface>
- Match based on inbound interface. Wilcard ``*`` can be used.
+ Match based on inbound interface. Wildcard ``*`` can be used.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
- criteria is also supportd. For example ``!eth2``
+ criteria is also supported. For example ``!eth2``
.. cfgcmd:: set firewall bridge forward filter rule <1-999999>
inbound-interface group <iface_group>
@@ -246,16 +246,16 @@ There are a lot of matching criteria against which the packet can be tested.
inbound-interface group <iface_group>
Match based on inbound interface group. Prepending character ``!`` for
- inverted matching criteria is also supportd. For example ``!IFACE_GROUP``
+ inverted matching criteria is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall bridge forward filter rule <1-999999>
outbound-interface name <iface>
.. cfgcmd:: set firewall bridge name <name> rule <1-999999>
outbound-interface name <iface>
- Match based on outbound interface. Wilcard ``*`` can be used.
+ Match based on outbound interface. Wildcard ``*`` can be used.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
- criteria is also supportd. For example ``!eth2``
+ criteria is also supported. For example ``!eth2``
.. cfgcmd:: set firewall bridge forward filter rule <1-999999>
outbound-interface group <iface_group>
@@ -263,7 +263,7 @@ There are a lot of matching criteria against which the packet can be tested.
outbound-interface group <iface_group>
Match based on outbound interface group. Prepending character ``!`` for
- inverted matching criteria is also supportd. For example ``!IFACE_GROUP``
+ inverted matching criteria is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall bridge forward filter rule <1-999999>
vlan id <0-4096>
@@ -288,7 +288,7 @@ Rule-set overview
In this section you can find all useful firewall op-mode commands.
-General commands for firewall configuration, counter and statiscits:
+General commands for firewall configuration, counter and statistics:
.. opcmd:: show firewall
.. opcmd:: show firewall summary
diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst
index bc7b9212..ffd791f9 100644
--- a/docs/configuration/firewall/flowtables.rst
+++ b/docs/configuration/firewall/flowtables.rst
@@ -99,20 +99,20 @@ Creating rules for using flow tables:
Configuration Example
*********************
-Things to be considred in this setup:
+Things to be considered in this setup:
* Two interfaces are going to be used in the flowtables: eth0 and eth1
- * Minumum firewall ruleset is provided, which includes some filtering rules,
- and appropiate rules for using flowtable offload capabilities.
+ * Minimum firewall ruleset is provided, which includes some filtering rules,
+ and appropriate rules for using flowtable offload capabilities.
As described, first packet will be evaluated by all the firewall path, so
-desired connection should be explicitely accepted. Same thing should be taken
+desired connection should be explicitly accepted. Same thing should be taken
into account for traffic in reverse order. In most cases state policies are
used in order to accept connection in reverse patch.
-We will only accept traffic comming from interface eth0, protocol tcp and
-destination port 1122. All other traffic traspassing the router should be
+We will only accept traffic coming from interface eth0, protocol tcp and
+destination port 1122. All other traffic trespassing the router should be
blocked.
Commands
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 44e0cd20..1d904901 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -24,7 +24,7 @@ firewall are covered below:
where the packet was received is part of a bridge, or not.
If the interface where the packet was received isn't part of a bridge, then
-packetis processed at the **IP Layer**:
+packet is processed at the **IP Layer**:
* **Prerouting**: several actions can be done in this stage, and currently
these actions are defined in different parts in VyOS configuration. Order
@@ -65,7 +65,7 @@ packetis processed at the **IP Layer**:
* **Output**: stage where traffic that originates from the router itself
can be filtered and controlled. Bear in mind that this traffic can be a
new connection originated by a internal process running on VyOS router,
- such as NTP, or a response to traffic received externaly through
+ such as NTP, or a response to traffic received externally through
**input** (for example response to an ssh login attempt to the router).
This includes ipv4 and ipv6 filtering rules, defined in:
@@ -84,7 +84,7 @@ If the interface where the packet was received is part of a bridge, then
the packet is processed at the **Bridge Layer**, which contains a basic setup for
bridge filtering:
- * **Forward (Bridge)**: stage where traffic that is trespasing through the
+ * **Forward (Bridge)**: stage where traffic that is trespassing through the
bridge is filtered and controlled:
* ``set firewall bridge forward filter ...``.
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index ff739418..5544ea95 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -11,7 +11,7 @@ Overview
********
In this section there's useful information of all firewall configuration that
-can be done regarding IPv4, and appropiate op-mode commands.
+can be done regarding IPv4, and appropriate op-mode commands.
Configuration commands covered in this section:
.. cfgcmd:: set firewall ipv4 ...
@@ -41,12 +41,12 @@ next:
Where firewall base chain to configure firewall filtering rules for transit
traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5,
-highlightened with red color.
+highlighted with red color.
For traffic towards the router itself, base chain is **input**, while traffic
originated by the router, base chain is **output**.
A new simplified packet flow diagram is shown next, which shows the path
-for traffic destinated to the router itself, and traffic generated by the
+for traffic destined to the router itself, and traffic generated by the
router (starting from circle number 6):
.. figure:: /_static/images/firewall-input-packet-flow.png
@@ -64,7 +64,7 @@ output filter ...``
Custom firewall chains can be created, with commands
``set firewall ipv4 name <name> ...``. In order to use
-such custom chain, a rule with **action jump**, and the appropiate **target**
+such custom chain, a rule with **action jump**, and the appropriate **target**
should be defined in a base chain.
*********************
@@ -184,7 +184,7 @@ not match any rule in it's chain. For base chains, possible options for
.. cfgcmd:: set firewall ipv4 name <name> default-jump-target <text>
- To be used only when ``defult-action`` is set to ``jump``. Use this
+ To be used only when ``default-action`` is set to ``jump``. Use this
command to specify jump target for default rule.
.. note:: **Important note about default-actions:**
@@ -683,9 +683,9 @@ geoip) to keep database and rules updated.
.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
inbound-interface name <iface>
- Match based on inbound interface. Wilcard ``*`` can be used.
+ Match based on inbound interface. Wildcard ``*`` can be used.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
- criteria is also supportd. For example ``!eth2``
+ criteria is also supported. For example ``!eth2``
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
inbound-interface group <iface_group>
@@ -695,7 +695,7 @@ geoip) to keep database and rules updated.
inbound-interface group <iface_group>
Match based on inbound interface group. Prepending character ``!`` for
- inverted matching criteria is also supportd. For example ``!IFACE_GROUP``
+ inverted matching criteria is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
outbound-interface name <iface>
@@ -704,9 +704,9 @@ geoip) to keep database and rules updated.
.. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
outbound-interface name <iface>
- Match based on outbound interface. Wilcard ``*`` can be used.
+ Match based on outbound interface. Wildcard ``*`` can be used.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
- criteria is also supportd. For example ``!eth2``
+ criteria is also supported. For example ``!eth2``
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
outbound-interface group <iface_group>
@@ -716,7 +716,7 @@ geoip) to keep database and rules updated.
outbound-interface group <iface_group>
Match based on outbound interface group. Prepending character ``!`` for
- inverted matching criteria is also supportd. For example ``!IFACE_GROUP``
+ inverted matching criteria is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
ipsec [match-ipsec | match-none]
diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst
index 0aa8a137..236bdead 100644
--- a/docs/configuration/firewall/ipv6.rst
+++ b/docs/configuration/firewall/ipv6.rst
@@ -11,7 +11,7 @@ Overview
********
In this section there's useful information of all firewall configuration that
-can be done regarding IPv6, and appropiate op-mode commands.
+can be done regarding IPv6, and appropriate op-mode commands.
Configuration commands covered in this section:
.. cfgcmd:: set firewall ipv6 ...
@@ -41,12 +41,12 @@ next:
Where firewall base chain to configure firewall filtering rules for transit
traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5,
-highlightened with red color.
+highlighted with red color.
For traffic towards the router itself, base chain is **input**, while traffic
originated by the router, base chain is **output**.
A new simplified packet flow diagram is shown next, which shows the path
-for traffic destinated to the router itself, and traffic generated by the
+for traffic destined to the router itself, and traffic generated by the
router (starting from circle number 6):
.. figure:: /_static/images/firewall-input-packet-flow.png
@@ -64,7 +64,7 @@ output filter ...``
Custom firewall chains can be created, with commands
``set firewall ipv6 name <name> ...``. In order to use
-such custom chain, a rule with **action jump**, and the appropiate **target**
+such custom chain, a rule with **action jump**, and the appropriate **target**
should be defined in a base chain.
******************************
@@ -184,7 +184,7 @@ not match any rule in it's chain. For base chains, possible options for
.. cfgcmd:: set firewall ipv6 name <name> default-jump-target <text>
- To be used only when ``defult-action`` is set to ``jump``. Use this
+ To be used only when ``default-action`` is set to ``jump``. Use this
command to specify jump target for default rule.
.. note:: **Important note about default-actions:**
@@ -670,9 +670,9 @@ geoip) to keep database and rules updated.
.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999>
inbound-interface name <iface>
- Match based on inbound interface. Wilcard ``*`` can be used.
+ Match based on inbound interface. Wildcard ``*`` can be used.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
- criteria is also supportd. For example ``!eth2``
+ criteria is also supported. For example ``!eth2``
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
inbound-interface group <iface_group>
@@ -682,7 +682,7 @@ geoip) to keep database and rules updated.
inbound-interface group <iface_group>
Match based on inbound interface group. Prepending character ``!`` for
- inverted matching criteria is also supportd. For example ``!IFACE_GROUP``
+ inverted matching criteria is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
outbound-interface name <iface>
@@ -691,9 +691,9 @@ geoip) to keep database and rules updated.
.. cfgcmd:: set firewall ipv6 name <name> rule <1-999999>
outbound-interface name <iface>
- Match based on outbound interface. Wilcard ``*`` can be used.
+ Match based on outbound interface. Wildcard ``*`` can be used.
For example: ``eth2*``. Prepending character ``!`` for inverted matching
- criteria is also supportd. For example ``!eth2``
+ criteria is also supported. For example ``!eth2``
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
outbound-interface group <iface_group>
@@ -703,7 +703,7 @@ geoip) to keep database and rules updated.
outbound-interface group <iface_group>
Match based on outbound interface group. Prepending character ``!`` for
- inverted matching criteria is also supportd. For example ``!IFACE_GROUP``
+ inverted matching criteria is also supported. For example ``!IFACE_GROUP``
.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
ipsec [match-ipsec | match-none]
diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst
index 059b029d..f71ad8c1 100644
--- a/docs/configuration/firewall/zone.rst
+++ b/docs/configuration/firewall/zone.rst
@@ -11,7 +11,7 @@ Overview
********
.. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall
- structure can be found on all vyos instalations. Zone based firewall was
+ structure can be found on all VyOS installations. Zone based firewall was
removed in that version, but re introduced in VyOS 1.4 and 1.5. All
versions built after 2023-10-22 has this feature.
Documentation for most of the new firewall CLI can be