summaryrefslogtreecommitdiff
path: root/docs/configuration/system
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/system')
-rw-r--r--docs/configuration/system/conntrack.rst149
-rw-r--r--docs/configuration/system/frr.rst38
-rw-r--r--docs/configuration/system/index.rst2
-rw-r--r--docs/configuration/system/ipv6.rst28
-rw-r--r--docs/configuration/system/name-server.rst8
-rw-r--r--docs/configuration/system/updates.rst39
6 files changed, 177 insertions, 87 deletions
diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst
index 68a4f2b8..6ed5fef7 100644
--- a/docs/configuration/system/conntrack.rst
+++ b/docs/configuration/system/conntrack.rst
@@ -46,9 +46,23 @@ Configure
| Use `delete system conntrack modules` to deactive all modules.
| Or, for example ftp, `delete system conntrack modules ftp`.
+.. cfgcmd:: set system conntrack tcp half-open-connections <1-21474836>
+ :defaultvalue:
-Define Conection Timeouts
-=========================
+ Set the maximum number of TCP half-open connections.
+
+.. cfgcmd:: set system conntrack tcp loose <enable | disable>
+ :defaultvalue:
+
+ Policy to track previously established connections.
+
+.. cfgcmd:: set system conntrack tcp max-retrans <1-2147483647>
+ :defaultvalue:
+
+ Set the number of TCP maximum retransmit attempts.
+
+Contrack Timeouts
+=================
VyOS supports setting timeouts for connections according to the
connection type. You can set timeout values for generic connections, for ICMP
@@ -82,34 +96,48 @@ states.
Set the timeout in secounds for a protocol or state.
-
You can also define custom timeout values to apply to a specific subset of
connections, based on a packet and flow selector. To do this, you need to
create a rule defining the packet and flow selector.
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> description <test>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ description <test>
Set a rule description.
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ destination address <ip-address>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ source address <ip-address>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> destination address <ip-address>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> source address <ip-address>
-
- set a destination and/or source address. Accepted input:
+ Set a destination and/or source address. Accepted input for ipv4:
.. code-block:: none
- <x.x.x.x> IP address to match
- <x.x.x.x/x> Subnet to match
- <x.x.x.x>-<x.x.x.x>
- IP range to match
- !<x.x.x.x> Match everything except the specified address
- !<x.x.x.x/x> Match everything except the specified subnet
- !<x.x.x.x>-<x.x.x.x>
- Match everything except the specified range
-
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> destination port <value>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> source port <value>
+ set system conntrack timeout custom ipv4 rule <1-999999> [source | destination] address
+ Possible completions:
+ <x.x.x.x> IPv4 address to match
+ <x.x.x.x/x> IPv4 prefix to match
+ <x.x.x.x>-<x.x.x.x> IPv4 address range to match
+ !<x.x.x.x> Match everything except the specified address
+ !<x.x.x.x/x> Match everything except the specified prefix
+ !<x.x.x.x>-<x.x.x.x> Match everything except the specified range
+
+ set system conntrack timeout custom ipv6 rule <1-999999> [source | destination] address
+ Possible completions:
+ <h:h:h:h:h:h:h:h> IP address to match
+ <h:h:h:h:h:h:h:h/x> Subnet to match
+ <h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h>
+ IP range to match
+ !<h:h:h:h:h:h:h:h> Match everything except the specified address
+ !<h:h:h:h:h:h:h:h/x> Match everything except the specified prefix
+ !<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h>
+ Match everything except the specified range
+
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ destination port <value>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ source port <value>
Set a destination and/or source port. Accepted input:
@@ -123,49 +151,58 @@ create a rule defining the packet and flow selector.
The whole list can also be "negated" using '!'. For example:
`!22,telnet,http,123,1001-1005``
-
-
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol icmp <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol other <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp close <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp close-wait <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp established <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp fin-wait <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp last-ack <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp syn-recv <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp syn-sent <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol tcp time-wait <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol udp other <1-21474836>
-.. cfgcmd:: set system conntrack timeout custom rule <1-9999> protocol udp stream <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp close <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp close-wait <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp established <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp fin-wait <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp last-ack <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp syn-recv <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp syn-sent <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol tcp time-wait <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol udp replied <1-21474836>
+.. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999>
+ protocol udp unreplied <1-21474836>
Set the timeout in secounds for a protocol or state in a custom rule.
-
-.. cfgcmd:: set system conntrack tcp half-open-connections <1-21474836>
- :defaultvalue:
-
- Set the maximum number of TCP half-open connections.
-
-.. cfgcmd:: set system conntrack tcp loose <enable | disable>
- :defaultvalue:
-
- Policy to track previously established connections.
-
-.. cfgcmd:: set system conntrack tcp max-retrans <1-2147483647>
- :defaultvalue:
-
- Set the number of TCP maximum retransmit attempts.
-
-.. cfgcmd:: set system conntrack ignore rule <1-9999> description <text>
-.. cfgcmd:: set system conntrack ignore rule <1-9999> destination address <ip-address>
-.. cfgcmd:: set system conntrack ignore rule <1-9999> destination port <port>
-.. cfgcmd:: set system conntrack ignore rule <1-9999> inbound-interface <interface>
-.. cfgcmd:: set system conntrack ignore rule <1-9999> protocol <protocol>
-.. cfgcmd:: set system conntrack ignore rule <1-9999> source address <ip-address>
-.. cfgcmd:: set system conntrack ignore rule <1-9999> source port <port>
+Conntrack ignore rules
+======================
Customized ignore rules, based on a packet and flow selector.
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ description <text>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ destination address <ip-address>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ destination port <port>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ inbound-interface <interface>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ protocol <protocol>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ source address <ip-address>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ source port <port>
+.. cfgcmd:: set system conntrack ignore [ipv4 | ipv6] rule <1-999999>
+ tcp flags [not] <text>
+
+ Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``,
+ ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for
+ inverted selection use ``not``, as shown in the example.
+
+Conntrack log
+=============
+
.. cfgcmd:: set system conntrack log icmp destroy
.. cfgcmd:: set system conntrack log icmp new
.. cfgcmd:: set system conntrack log icmp update
diff --git a/docs/configuration/system/frr.rst b/docs/configuration/system/frr.rst
new file mode 100644
index 00000000..a7f7ff93
--- /dev/null
+++ b/docs/configuration/system/frr.rst
@@ -0,0 +1,38 @@
+.. _system_frr:
+
+###
+FRR
+###
+
+VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic
+and static routing. The routing daemon behavior can be adjusted during runtime,
+but require either a restart of the routing daemon, or a reboot of the system.
+
+.. cfgcmd:: set system frr bmp
+
+ Enable :abbr:`BMP (BGP Monitoring Protocol)` support
+
+.. cfgcmd:: set system frr descriptors <numer>
+
+ This allows the operator to control the number of open file descriptors
+ each daemon is allowed to start with. If the operator plans to run bgp with
+ several thousands of peers then this is where we would modify FRR to allow
+ this to happen.
+
+.. cfgcmd:: set system frr irdp
+
+ Enable ICMP Router Discovery Protocol support
+
+.. cfgcmd:: set system frr snmp <daemon>
+
+ Enable SNMP support for an individual routing daemon.
+
+ Supported daemons:
+
+ - bgpd
+ - isisd
+ - ldpd
+ - ospf6d
+ - ospfd
+ - ripd
+ - zebra
diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst
index 23edaa3f..dbb63d09 100644
--- a/docs/configuration/system/index.rst
+++ b/docs/configuration/system/index.rst
@@ -11,6 +11,7 @@ System
conntrack
console
flow-accounting
+ frr
host-name
ip
ipv6
@@ -24,6 +25,7 @@ System
sysctl
task-scheduler
time-zone
+ updates
.. toctree::
diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst
index 076efdae..c7308f9d 100644
--- a/docs/configuration/system/ipv6.rst
+++ b/docs/configuration/system/ipv6.rst
@@ -81,6 +81,7 @@ Show commands
static Show IPv6 static routes
summary Show IPv6 routes summary
table Show IP routes in policy table
+ tag Show only routes with tag
vrf Show IPv6 routes in VRF
@@ -112,33 +113,6 @@ Show commands
<Enter> Execute the current command
<text> Show specified IPv6 access-list
-.. opcmd:: show ipv6 bgp
-
- Use this command to show IPv6 Border Gateway Protocol information.
-
-
- In addition, you can specify many other parameters to get BGP
- information:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 bgp
- Possible completions:
- <Enter> Execute the current command
- <X:X::X:X> Show BGP information for given address or prefix
- <X:X::X:X/M>
- community Show routes matching the communities
- community-list
- Show routes matching the community-list
- filter-list Show routes conforming to the filter-list
- large-community
- Show routes matching the large-community-list
- large-community-list
- neighbors Show detailed information on TCP and BGP neighbor connections
- prefix-list Show routes matching the prefix-list
- regexp Show routes matching the AS path regular expression
- route-map Show BGP routes matching the specified route map
- summary Show summary of BGP neighbor status
.. opcmd:: show ipv6 ospfv3
diff --git a/docs/configuration/system/name-server.rst b/docs/configuration/system/name-server.rst
index f18cb5a3..5d08dbc5 100644
--- a/docs/configuration/system/name-server.rst
+++ b/docs/configuration/system/name-server.rst
@@ -48,7 +48,7 @@ In order for the system to use and complete unqualified host names, a
list can be defined which will be used for domain searches.
-.. cfgcmd:: set system domain-search domain <domain>
+.. cfgcmd:: set system domain-search <domain>
Use this command to define domains, one at a time, so that the system
uses them to complete unqualified host names. Maximum: 6 entries.
@@ -68,7 +68,7 @@ order: vyos.io (first), vyos.net (second) and vyos.network (last):
.. code-block:: none
- set system domain-search domain vyos.io
- set system domain-search domain vyos.net
- set system domain-search domain vyos.network
+ set system domain-search vyos.io
+ set system domain-search vyos.net
+ set system domain-search vyos.network
diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst
new file mode 100644
index 00000000..505d9318
--- /dev/null
+++ b/docs/configuration/system/updates.rst
@@ -0,0 +1,39 @@
+#######
+Updates
+#######
+
+VyOS supports online checking for updates
+
+Configuration
+=============
+
+.. cfgcmd:: set system update-check auto-check
+
+ Configure auto-checking for new images
+
+
+.. cfgcmd:: set system update-check url <url>
+
+ Configure a URL that contains information about images.
+
+
+Example
+=======
+
+.. code-block:: none
+
+ set system update-check auto-check
+ set system update-check url 'https://raw.githubusercontent.com/vyos/vyos-rolling-nightly-builds/main/version.json'
+
+Check:
+
+.. code-block:: none
+
+ vyos@r4:~$ show system updates
+ Current version: 1.5-rolling-202312220023
+
+ Update available: 1.5-rolling-202312250024
+ Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso
+ vyos@r4:~$
+
+ vyos@r4:~$ add system image latest
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 02:08:36 +0000