diff options
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/container/index.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/firewall/index.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/loopback.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/failover.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/protocols/rpki.rst | 12 | ||||
| -rw-r--r-- | docs/configuration/service/conntrack-sync.rst | 5 |
6 files changed, 17 insertions, 10 deletions
diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index e63ac2c9..988b425b 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -117,7 +117,7 @@ Configuration Add a host device to the container. -.. cfgcmd:: set container name <name> cap-add <text> +.. cfgcmd:: set container name <name> capability <text> Set container capabilities or permissions. diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 5d9190d6..44e0cd20 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -163,7 +163,7 @@ Zone-based firewall zone -With zone-based firewalls a new concept was implemented, in addtion to the +With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in diff --git a/docs/configuration/interfaces/loopback.rst b/docs/configuration/interfaces/loopback.rst index 8e983abb..b5fbdf83 100644 --- a/docs/configuration/interfaces/loopback.rst +++ b/docs/configuration/interfaces/loopback.rst @@ -14,7 +14,7 @@ services on your local machine. you need multiple interfaces, please use the :ref:`dummy-interface` interface type. -.. hint:: A lookback interface is always up, thus it could be used for +.. hint:: A loopback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the diff --git a/docs/configuration/protocols/failover.rst b/docs/configuration/protocols/failover.rst index daeb65f4..8088e104 100644 --- a/docs/configuration/protocols/failover.rst +++ b/docs/configuration/protocols/failover.rst @@ -2,10 +2,10 @@ Failover ######## -Failover routes are manually configured routes, but they install +Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table -until the target will be available. +until the target becomes available. *************** Failover Routes diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index bb4b9e43..17557884 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -138,11 +138,13 @@ Configuration SSH === -Connections to the RPKI caching server can not only be established by HTTP/TLS -but you can also rely on a secure SSH session to the server. To enable SSH, -first you need to create an SSH client keypair using ``generate ssh -client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup -the connection. +Connections to the RPKI caching server can not only be established by TCP using +the RTR protocol but you can also rely on a secure SSH session to the server. +This provides transport integrity and confidentiality and it is a good idea if +your validation software supports it. To enable SSH, first you need to create +an SSH client keypair using ``generate ssh client-key +/config/auth/id_rsa_rpki``. Once your key is created you can setup the +connection. .. cfgcmd:: set protocols rpki cache <address> ssh username <user> diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index d43f2385..db23c92f 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -102,6 +102,11 @@ Configuration Disable connection logging via Syslog. +.. cfgcmd:: set service conntrack-sync startup-resync + + Order conntrackd to request a complete conntrack table resync against + the other node at startup. + ********* Operation ********* |