vyos · c-po · May 10, 2024 · May 10, 2024
@@ -16,7 +16,7 @@

 .. cfgcmd:: set firewall ipv4 ...

 From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>`
 in this section you can find detailed information only for the next part
 of the general structure:

@@ -820,13 +820,13 @@
       set firewall ipv4 input filter rule 13 tcp flags not 'fin'
 
 .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 .. cfgcmd:: set firewall ipv4 input filter rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 .. cfgcmd:: set firewall ipv4 output filter rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 
    Match against the state of a packet.
 
@@ -935,13 +935,13 @@
 ********
 Synproxy connections

 .. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> action synproxy
 .. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> protocol tcp
 .. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> synproxy tcp mss <501-65535>

    Set TCP-MSS (maximum segment size) for the connection

 .. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> synproxy tcp window-scale <1-14>

    Set the window scale factor for TCP window scaling

@@ -965,12 +965,12 @@
   set firewall global-options syn-cookies 'enable'
   set firewall ipv4 input filter rule 10 action 'synproxy'
   set firewall ipv4 input filter rule 10 destination port '8080'
-  set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1'
+  set firewall ipv4 input filter rule 10 inbound-interface name 'eth1'
   set firewall ipv4 input filter rule 10 protocol 'tcp'
   set firewall ipv4 input filter rule 10 synproxy tcp mss '1460'
   set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7'
   set firewall ipv4 input filter rule 1000 action 'drop'
-  set firewall ipv4 input filter rule 1000 state invalid 'enable'
+  set firewall ipv4 input filter rule 1000 state invalid
 
 
 ***********************
@@ -1147,7 +1147,7 @@
 .. opcmd:: show log firewall ipv4 name <name> rule <rule>

   Show the logs of all firewall; show all ipv4 firewall logs; show all logs
   for particular hook; show all logs for particular hook and priority; show all logs
   for particular custom chain; show logs for specific Rule-Set.

 Example Partial Config

@@ -16,7 +16,7 @@

 .. cfgcmd:: set firewall ipv6 ...

 From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>`
 in this section you can find detailed information only for the next part
 of the general structure:

@@ -373,20 +373,20 @@
   remain valid if the IPv6 prefix changes and the host
   portion of systems IPv6 address is static (for example, with SLAAC or
   `tokenised IPv6 addresses
   <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)

   This functions for both individual addresses and address groups.

   .. code-block:: none

      # Match any IPv6 address with the suffix ::0000:0000:0000:beef
      set firewall ipv6 forward filter rule 100 destination address ::beef
      set firewall ipv6 forward filter rule 100 destination address-mask ::ffff:ffff:ffff:ffff
      # Address groups
      set firewall group ipv6-address-group WEBSERVERS address ::1000
      set firewall group ipv6-address-group WEBSERVERS address ::2000
      set firewall ipv6 forward filter rule 200 source group address-group WEBSERVERS
      set firewall ipv6 forward filter rule 200 source address-mask ::ffff:ffff:ffff:ffff

 .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
   source fqdn <fqdn>
@@ -829,13 +829,13 @@
       set firewall ipv6 input filter rule 13 tcp flags not 'fin'
 
 .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 .. cfgcmd:: set firewall ipv6 input filter rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 .. cfgcmd:: set firewall ipv6 output filter rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999>
-   state [established | invalid | new | related] [enable | disable]
+   state [established | invalid | new | related]
 
    Match against the state of a packet.
 
@@ -920,8 +920,8 @@
 ********
 Synproxy connections

 .. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> action synproxy
 .. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> protocol tcp
 .. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> synproxy tcp mss <501-65535>

    Set TCP-MSS (maximum segment size) for the connection
@@ -950,12 +950,12 @@
   set firewall global-options syn-cookies 'enable'
   set firewall ipv6 input filter rule 10 action 'synproxy'
   set firewall ipv6 input filter rule 10 destination port '8080'
-  set firewall ipv6 input filter rule 10 inbound-interface interface-name 'eth1'
+  set firewall ipv6 input filter rule 10 inbound-interface name 'eth1'
   set firewall ipv6 input filter rule 10 protocol 'tcp'
   set firewall ipv6 input filter rule 10 synproxy tcp mss '1460'
   set firewall ipv6 input filter rule 10 synproxy tcp window-scale '7'
   set firewall ipv6 input filter rule 1000 action 'drop'
-  set firewall ipv6 input filter rule 1000 state invalid 'enable'
+  set firewall ipv6 input filter rule 1000 state invalid
 
 ***********************
 Operation-mode Firewall