3 files changed, 18 insertions, 18 deletions

diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
index 0f7c9daf..370cf9d6 100644
--- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
+++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
@@ -208,9 +208,8 @@ Firewall
 ========
 
 Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for
-instead of `set firewall name NAME`, you would use `set firewall ipv6-name
+instead of `set firewall ipv4 name NAME`, you would use `set firewall ipv6 name
 NAME`.
 
-Similarly, to attach the firewall, you would use `set interfaces ethernet eth0
-firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall 
+Similarly, to attach the firewall, you would use `set firewall ipv6 name NAME rule N inbound-interface name eth0` or `set firewall zone LOCAL from WAN firewall 
 ipv6-name`.
diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst
index db2ff2c7..b4e4d8db 100644
--- a/docs/configuration/interfaces/wireguard.rst
+++ b/docs/configuration/interfaces/wireguard.rst
@@ -220,14 +220,15 @@ firewall exception.
     set firewall ipv4 name OUTSIDE_LOCAL rule 20 destination port 51820
     set firewall ipv4 name OUTSIDE_LOCAL rule 20 log enable
     set firewall ipv4 name OUTSIDE_LOCAL rule 20 protocol udp
-    set firewall ipv4 name OUTSIDE_LOCAL rule 20 source
 
 You should also ensure that the OUTSIDE_LOCAL firewall group is applied to the
-WAN interface and a direction (local).
+WAN interface and in an input (local) direction.
 
 .. code-block:: none
 
-    set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
+    set firewall ipv4 input filter rule 10 action jump
+    set firewall ipv4 input filter rule 10 jump-target 'OUTSIDE_LOCAL'
+    set firewall ipv4 input filter rule 10 inbound-interface name 'eth0'
 
 Assure that your firewall rules allow the traffic, in which case you have a
 working VPN using WireGuard.
diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst
index 3fa34449..7fdf8599 100644
--- a/docs/configuration/vpn/l2tp.rst
+++ b/docs/configuration/vpn/l2tp.rst
@@ -92,18 +92,18 @@ Example:
 
 .. code-block:: none
 
-  set firewall name OUTSIDE-LOCAL rule 40 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 40 protocol 'esp'
-  set firewall name OUTSIDE-LOCAL rule 41 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 41 destination port '500'
-  set firewall name OUTSIDE-LOCAL rule 41 protocol 'udp'
-  set firewall name OUTSIDE-LOCAL rule 42 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 42 destination port '4500'
-  set firewall name OUTSIDE-LOCAL rule 42 protocol 'udp'
-  set firewall name OUTSIDE-LOCAL rule 43 action 'accept'
-  set firewall name OUTSIDE-LOCAL rule 43 destination port '1701'
-  set firewall name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec'
-  set firewall name OUTSIDE-LOCAL rule 43 protocol 'udp'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 40 action 'accept'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 40 protocol 'esp'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 41 action 'accept'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 41 destination port '500'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 41 protocol 'udp'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 42 action 'accept'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 42 destination port '4500'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 42 protocol 'udp'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 43 action 'accept'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 43 destination port '1701'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec'
+  set firewall ipv4 name OUTSIDE-LOCAL rule 43 protocol 'udp'
 
 To allow VPN-clients access via your external address, a NAT rule is required: