7 files changed, 166 insertions, 18 deletions
diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst
index a7cd7060..1b72f8eb 100644
--- a/docs/configuration/service/conntrack-sync.rst
+++ b/docs/configuration/service/conntrack-sync.rst
@@ -114,11 +114,11 @@ Operation
     conntrack is not enabled. To enable conntrack, just create a NAT or a firewall
     rule. :cfgcmd:`set firewall state-policy established action accept`
 
-.. opcmd:: show conntrack-sync external-cache
+.. opcmd:: show conntrack-sync cache external
 
   Show connection syncing external cache entries
 
-.. opcmd:: show conntrack-sync internal-cache
+.. opcmd:: show conntrack-sync cache internal
 
   Show connection syncing internal cache entries
 
diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst
index 46604dfd..3f4b7b89 100644
--- a/docs/configuration/service/dhcp-server.rst
+++ b/docs/configuration/service/dhcp-server.rst
@@ -69,10 +69,17 @@ Configuration
    respond to the client. The lease will remain abandoned for a minimum of
    abandon-lease-time seconds (defaults to 24 hours).
 
-   If a there are no free addressses but there are abandoned IP addresses, the
+   If there are no free addresses but there are abandoned IP addresses, the
    DHCP server will attempt to reclaim an abandoned IP address regardless of the
    value of abandon-lease-time.
 
+.. cfgcmd:: set service dhcp-server listen-address <address>
+
+   This configuration parameter lets the DHCP server to listen for DHCP 
+   requests sent to the specified address, it is only realistically useful for 
+   a server whose only clients are reached via unicasts, such as via DHCP relay 
+   agents.
+
 Individual Client Subnet
 -------------------------
 
@@ -151,7 +158,7 @@ Individual Client Subnet
    respond to the client. The lease will remain abandoned for a minimum of
    abandon-lease-time seconds (defaults to 24 hours).
 
-   If a there are no free addressses but there are abandoned IP addresses, the
+   If a there are no free addresses but there are abandoned IP addresses, the
    DHCP server will attempt to reclaim an abandoned IP address regardless of the
    value of abandon-lease-time.
 
@@ -516,18 +523,6 @@ Operation Mode
 
    Show logs from specific `interface` DHCP client process.
 
-.. opcmd:: show log dhcpv6 server
-
-   Show DHCPv6 server daemon log file
-
-.. opcmd:: show log dhcpv6 client
-
-   Show logs from all DHCPv6 client processes.
-
-.. opcmd:: show log dhcpv6 client interface <interface>
-
-   Show logs from specific `interface` DHCPv6 client process.
-
 .. opcmd:: restart dhcp server
 
    Restart the DHCP server
@@ -736,6 +731,18 @@ The configuration will look as follows:
 Operation Mode
 ==============
 
+.. opcmd:: show log dhcpv6 server
+
+   Show DHCPv6 server daemon log file
+
+.. opcmd:: show log dhcpv6 client
+
+   Show logs from all DHCPv6 client processes.
+
+.. opcmd:: show log dhcpv6 client interface <interface>
+
+   Show logs from specific `interface` DHCPv6 client process.
+
 .. opcmd:: restart dhcpv6 server
 
    To restart the DHCPv6 server
@@ -746,7 +753,7 @@ Operation Mode
 
 .. opcmd:: show dhcpv6 server leases
 
-   Show statuses of all assigned leases:
+   Shows status of all assigned leases:
 
 .. code-block:: none
 
diff --git a/docs/configuration/service/eventhandler.rst b/docs/configuration/service/eventhandler.rst
new file mode 100644
index 00000000..15f08239
--- /dev/null
+++ b/docs/configuration/service/eventhandler.rst
@@ -0,0 +1,127 @@
+.. _event-handler:
+
+#############
+Event Handler
+#############
+
+*********************************
+Event Handler Technology Overview
+*********************************
+
+Event handler allows you to execute scripts when a string that matches a regex or a regex with 
+a service name appears in journald logs. You can pass variables, arguments, and a full matching string to the script.
+
+
+******************************
+How to configure Event Handler
+******************************
+
+    `1. Create an event handler`_
+
+    `2. Add regex to the script`_
+
+    `3. Add a full path to the script`_
+
+    `4. Add optional parameters`_
+
+*********************************
+Event Handler Configuration Steps
+*********************************
+
+1. Create an event handler
+==========================
+
+    .. cfgcmd:: set service event-handler event <event-handler name>
+
+    This is an optional command because the event handler will be automatically created after any of the next commands.
+
+
+2. Add regex to the script
+===========================================
+
+    .. cfgcmd:: set service event-handler event <event-handler name> filter pattern <regex>   
+
+    This is a mandatory command. Sets regular expression to match against log string message.
+    
+    .. note:: The regular expression matches if and only if the entire string matches the pattern.
+
+
+
+3. Add a full path to the script
+================================
+
+    .. cfgcmd:: set service event-handler event <event-handler name> script path <path to script>
+   
+    This is a mandatory command. Sets the full path to the script. The script file must be executable.
+
+
+   
+4. Add optional parameters
+==========================
+
+    .. cfgcmd:: set service event-handler event <event-handler name> filter syslog-identifier <sylogid name>
+
+    This is an optional command. Filters log messages by syslog-identifier.
+
+    .. cfgcmd:: set service event-handler event <event-handler name> script environment <env name> value <env value>
+
+    This is an optional command. Adds environment and its value to the script. Use separate commands for each environment.
+    
+    One implicit environment exists.
+    
+    * ``message``: Full message that has triggered the script.
+
+    .. cfgcmd:: set service event-handler event <event-handler name> script arguments <arguments>
+
+    This is an optional command. Adds arguments to the script. Arguments must be separated by spaces.
+
+    .. note:: We don't recomend to use arguments. Using environments is more preffereble.
+    
+
+*******
+Example
+*******
+
+    Event handler that monitors the state of interface eth0.
+
+    .. code-block:: none
+
+	set service event-handler event INTERFACE_STATE_DOWN filter pattern '.*eth0.*,RUNNING,.*->.*'
+	set service event-handler event INTERFACE_STATE_DOWN filter syslog-identifier 'netplugd'
+	set service event-handler event INTERFACE_STATE_DOWN script environment interface_action value 'down'
+	set service event-handler event INTERFACE_STATE_DOWN script environment interface_name value 'eth2'
+	set service event-handler event INTERFACE_STATE_DOWN script path '/config/scripts/eventhandler.py'
+
+    Event handler script
+
+    .. code-block:: none
+
+	#!/usr/bin/env python3
+	#
+	# VyOS event-handler script example
+	from os import environ
+	import subprocess
+	from sys import exit
+
+	# Perform actions according to requirements
+	def process_event() -> None:
+    	    # Get variables
+    	    message_text = environ.get('message')
+    	    interface_name = environ.get('interface_name')
+    	    interface_action = environ.get('interface_action')
+    	    # Print the message that triggered this script
+    	    print(f'Logged message: {message_text}')
+    	    # Prepare a command to run
+    	    command = f'sudo ip link set {interface_name} {interface_action}'.split()
+    	    # Execute a command
+    	    subprocess.run(command)
+
+	if __name__ == '__main__':
+    	    try:
+        	# Run script actions and exit
+        	process_event()
+    	        exit(0)
+    	    except Exception as err:
+        	# Exit properly in case if something in the script goes wrong
+            	print(f'Error running script: {err}')
+            	exit(1)
diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst
index 4ff777e9..08b16575 100644
--- a/docs/configuration/service/https.rst
+++ b/docs/configuration/service/https.rst
@@ -93,4 +93,4 @@ To use this full configuration we asume a public accessible hostname.
    set service https virtual-host rtr01 listen-address 198.51.100.2
    set service https virtual-host rtr01 listen-port 11443
    set service https virtual-host rtr01 server-name rtr01.example.com
-   set service https api-restrict virtual-host rtr01.example.com
+   set service https api-restrict virtual-host rtr01
diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst
index 11a1a118..8607490d 100644
--- a/docs/configuration/service/index.rst
+++ b/docs/configuration/service/index.rst
@@ -25,3 +25,4 @@ Service
    ssh
    tftp-server
    webproxy
+   eventhandler
diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst
index 36fa600d..0de72941 100644
--- a/docs/configuration/service/router-advert.rst
+++ b/docs/configuration/service/router-advert.rst
@@ -61,6 +61,8 @@ Advertising a Prefix
     :header: "VyOS Field", "Description"
     :widths: 10,30
 
+    "decrement-lifetime", "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix"
+    "deprecate-prefix", "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA"
     "no-autonomous-flag","Prefix can not be used for stateless address auto-configuration"
     "no-on-link-flag","Prefix can not be used for on-link determination"
     "preferred-lifetime","Time in seconds that the prefix will remain preferred (default 4 hours)"
diff --git a/docs/configuration/service/webproxy.rst b/docs/configuration/service/webproxy.rst
index e8f6423e..a6c5ff0a 100644
--- a/docs/configuration/service/webproxy.rst
+++ b/docs/configuration/service/webproxy.rst
@@ -137,6 +137,17 @@ Configuration
 
     set service webproxy reply-body-max-size 2048
 
+.. cfgcmd:: set service webproxy safe-ports <port>
+
+  Add new port to Safe-ports acl. Ports included by default in Safe-ports acl:
+  21, 70, 80, 210, 280, 443, 488, 591, 777, 873, 1025-65535
+
+.. cfgcmd:: set service webproxy ssl-safe-ports <port>
+
+  Add new port to SSL-ports acl. Ports included by default in SSL-ports acl:
+  443
+
+
 Authentication
 ==============