diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/firewall/general-legacy.rst | 7 | ||||
| -rw-r--r-- | docs/quick-start.rst | 4 | 
2 files changed, 7 insertions, 4 deletions
| diff --git a/docs/configuration/firewall/general-legacy.rst b/docs/configuration/firewall/general-legacy.rst index 783f655e..041dd8aa 100644 --- a/docs/configuration/firewall/general-legacy.rst +++ b/docs/configuration/firewall/general-legacy.rst @@ -424,11 +424,13 @@ There are a lot of matching criteria against which the package can be tested.     An arbitrary netmask can be applied to mask addresses to only match against     a specific portion. This is particularly useful with IPv6 and a zone-based     firewall as rules will remain valid if the IPv6 prefix changes and the host -   portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses -   <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_) +   portion of systems IPv6 address is static (for example, with SLAAC or +   `tokenised IPv6 addresses +   <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_).     This functions for both individual addresses and address groups. +   .. stop_vyoslinter     .. code-block:: none        # Match any IPv6 address with the suffix ::0000:0000:0000:beef @@ -442,6 +444,7 @@ There are a lot of matching criteria against which the package can be tested.        set firewall group ipv6-address-group WEBSERVERS address ::2000        set firewall name WAN-LAN-v6 rule 200 source group address-group WEBSERVERS        set firewall name WAN-LAN-v6 rule 200 source address-mask ::ffff:ffff:ffff:ffff +   .. start_vyoslinter  .. cfgcmd:: set firewall name <name> rule <1-999999> source fqdn <fqdn>  .. cfgcmd:: set firewall name <name> rule <1-999999> destination fqdn <fqdn> diff --git a/docs/quick-start.rst b/docs/quick-start.rst index 801089ee..221a8088 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -124,8 +124,8 @@ Firewall  A new firewall structure—which uses the ``nftables`` backend, rather  than ``iptables``—is available on all installations starting from  VyOS ``1.4-rolling-202308040557``. The firewall supports creation of distinct, -interlinked chains for each -`Netfilter hook <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_ +interlinked chains for each `Netfilter hook +<https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_  and allows for more granular control over the packet filtering process.  .. note:: Documentation for most of the new firewall CLI can be found in | 
