diff options
Diffstat (limited to 'docs/configuration/policy')
| -rw-r--r-- | docs/configuration/policy/community-list.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/policy/route-map.rst | 5 | ||||
| -rw-r--r-- | docs/configuration/policy/route.rst | 32 |
3 files changed, 37 insertions, 2 deletions
diff --git a/docs/configuration/policy/community-list.rst b/docs/configuration/policy/community-list.rst index e53abeb3..ee2da03c 100644 --- a/docs/configuration/policy/community-list.rst +++ b/docs/configuration/policy/community-list.rst @@ -30,6 +30,6 @@ policy community-list Set description for rule. .. cfgcmd:: set policy community-list <text> rule <1-65535> regex - <aa:nn|local-AS|no-advertise|no-export|internet|additive> + <aa:nn|local-AS|no-advertise|no-export|additive> Regular expression to match against a community-list.
\ No newline at end of file diff --git a/docs/configuration/policy/route-map.rst b/docs/configuration/policy/route-map.rst index ccc4cef0..a2313466 100644 --- a/docs/configuration/policy/route-map.rst +++ b/docs/configuration/policy/route-map.rst @@ -179,6 +179,10 @@ Route Map Match RPKI validation result. +.. cfgcmd:: set policy route-map <text> rule <1-65535> match source-vrf <text> + + Source VRF to match. + .. cfgcmd:: set policy route-map <text> rule <1-65535> match tag <1-65535> Route tag to match. @@ -366,7 +370,6 @@ List of well-known communities * ``local-as`` - Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03 * ``no-advertise`` - Well-known communities value NO_ADVERTISE 0xFFFFFF02 * ``no-export`` - Well-known communities value NO_EXPORT 0xFFFFFF01 - * ``internet`` - Well-known communities value 0 * ``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000 * ``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001 * ``route-filter-translated-v4`` - Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002 diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst index 45975774..1ddd04cf 100644 --- a/docs/configuration/policy/route.rst +++ b/docs/configuration/policy/route.rst @@ -24,6 +24,11 @@ from 1 - 999999, at the first match the action of the rule will be executed. Option to log packets hitting default-action. +.. cfgcmd:: set policy route <name> interface <interface> +.. cfgcmd:: set policy route6 <name> interface <interface> + + Apply routing policy to interface + .. cfgcmd:: set policy route <name> rule <n> description <text> .. cfgcmd:: set policy route6 <name> rule <n> description <text> @@ -46,6 +51,20 @@ in this section. Set match criteria based on connection mark. +.. cfgcmd:: set policy route <name> rule <n> mark <match_criteria> +.. cfgcmd:: set policy route6 <name> rule <n> mark <match_criteria> + + Match based on the firewall mark (fwmark), where <match_criteria> can be: + + * <0-2147483647> a single fwmark + * !<0-2147483647> everything except a single fwmark + * <start-end> a range of marks + * !<start-end> everything except the range of marks + + .. note:: When using the ``set table`` or ``set vrf`` commands the mark + settings are ignored and overwritten with a table-specific mark that + is set to 0x7FFFFFFF - the id of the table/VRF. + .. cfgcmd:: set policy route <name> rule <n> source address <match_criteria> .. cfgcmd:: set policy route <name> rule <n> destination address @@ -268,7 +287,20 @@ setting a different routing table. Set the routing table to forward packet with. + .. note:: When using the ``set table`` or ``set vrf`` commands matching + against the mark is not possible, because it gets overwritten with a + table-specific mark that is 0x7FFFFFFF - the id of the table/VRF. + .. cfgcmd:: set policy route <name> rule <n> set tcp-mss <500-1460> .. cfgcmd:: set policy route6 <name> rule <n> set tcp-mss <500-1460> Set packet modifications: Explicitly set TCP Maximum segment size value. + +.. cfgcmd:: set policy route <name> rule <n> set vrf <default | text > +.. cfgcmd:: set policy route6 <name> rule <n> set vrf <default | text > + + Set the VRF to forward packet with. + + .. note:: When using the ``set table`` or ``set vrf`` commands matching + against the mark is not possible, because it gets overwritten with a + table-specific mark that is 0x7FFFFFFF - the id of the table/VRF. |