summaryrefslogtreecommitdiff
path: root/docs/quick-start.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/quick-start.rst')
-rw-r--r--docs/quick-start.rst32
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/quick-start.rst b/docs/quick-start.rst
index 9021dea9..04746017 100644
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@@ -9,14 +9,14 @@ for a device with two interfaces.
Enter configuration mode:
-.. code-block:: sh
+.. code-block:: console
vyos@vyos$ configure
vyos@vyos#
Configure network interfaces:
-.. code-block:: sh
+.. code-block:: console
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'OUTSIDE'
@@ -25,14 +25,14 @@ Configure network interfaces:
Enable SSH for remote management:
-.. code-block:: sh
+.. code-block:: console
set service ssh port '22'
Configure DHCP Server and DNS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-.. code-block:: sh
+.. code-block:: console
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server '192.168.0.1'
@@ -43,7 +43,7 @@ Configure DHCP Server and DNS
And a DNS forwarder:
-.. code-block:: sh
+.. code-block:: console
set service dns forwarding cache-size '0'
set service dns forwarding listen-address '192.168.0.1'
@@ -55,7 +55,7 @@ NAT and Firewall
Configure Source NAT for our "Inside" network.
-.. code-block:: sh
+.. code-block:: console
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.168.0.0/24'
@@ -65,7 +65,7 @@ Add a set of firewall policies for our "Outside" interface.
This configuration creates a proper stateful firewall that blocks all traffic:
-.. code-block:: sh
+.. code-block:: console
set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
@@ -86,7 +86,7 @@ could create some additional rules to allow the traffic.
These rules allow SSH traffic and rate limit it to 4 requests per minute. This
blocks brute-forcing attempts:
-.. code-block:: sh
+.. code-block:: console
set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
@@ -101,14 +101,14 @@ blocks brute-forcing attempts:
Apply the firewall policies:
-.. code-block:: sh
+.. code-block:: console
set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
Commit changes, save the configuration, and exit configuration mode:
-.. code-block:: sh
+.. code-block:: console
vyos@vyos# commit
vyos@vyos# save
@@ -127,7 +127,7 @@ One common use of traffic policy is to limit bandwidth for an interface. In
the example below we limit bandwidth for our LAN connection to 200 Mbit
download and out WAN connection to 50 Mbit upload:
-.. code-block:: sh
+.. code-block:: console
set traffic-policy shaper WAN-OUT bandwidth '50Mbit'
set traffic-policy shaper WAN-OUT default bandwidth '50%'
@@ -140,7 +140,7 @@ download and out WAN connection to 50 Mbit upload:
Resulting in the following configuration:
-.. code-block:: sh
+.. code-block:: console
traffic-policy {
shaper WAN-OUT {
@@ -164,7 +164,7 @@ Resulting in the following configuration:
Once defined, a traffic policy can be applied to each interface using the
interface-level traffic-policy directive:
-.. code-block:: sh
+.. code-block:: console
set interfaces ethernet eth0 traffic-policy out 'WAN-OUT'
set interfaces ethernet eth1 traffic-policy out 'LAN-OUT'
@@ -184,7 +184,7 @@ additional configuration steps that should be taken.
Create a user to replace the default `vyos` user:
-.. code-block:: sh
+.. code-block:: console
set system login user myvyosuser level admin
set system login user myvyosuser authentication plaintext-password mysecurepassword
@@ -192,7 +192,7 @@ Create a user to replace the default `vyos` user:
Set up SSH key based authentication. For example, on Linux you'd want to run
``ssh-keygen -t rsa``. Then the contents of ``id_rsa.pub`` would be used below:
-.. code-block:: sh
+.. code-block:: console
set system login user myvyosuser authentication public-keys myusername@mydesktop type ssh-rsa
set system login user myvyosuser authentication public-keys myusername@mydesktop key contents_of_id_rsa.pub
@@ -204,7 +204,7 @@ confirmed that your new user can access your server, without a password, delete
the original ``vyos`` user and probably disable password authentication for
SSH:
-.. code-block:: sh
+.. code-block:: console
delete system login user vyos
set service ssh disable-password-authentication