File tree 1 file changed +27
-0
lines changed
docs/configuration/firewall
1 file changed +27
-0
lines changed Original file line number Diff line number Diff line change @@ -37,6 +37,33 @@ In an **address group** a single IP address or IP address range is defined.
3737
3838 Provide a IPv4 or IPv6 address group description
3939
40+ Remote Groups
41+ ==============
42+
43+ A **remote-group ** takes an argument of a URL hosting a linebreak-deliminated
44+ list of IPv4s addresses, CIDRs and ranges. VyOS will pull this list periodicity
45+ according to the frequency defined in the firewall **resolver-interval ** and load
46+ matching entries into the group for use in rules. The list will be cached in
47+ persistent storage, so in cases of update failure rules will still function.
48+
49+ .. cfgcmd :: set firewall group remote-group <name> url <http(s) url>
50+
51+ Define remote list of IPv4 addresses/ranges/CIDRs to fetch
52+
53+ .. cfgcmd :: set firewall group remote-group <name> description <text>
54+
55+ Set a description for a remote group
56+
57+ The format of the remote list is very flexible. VyOS will attempt to parse the
58+ first word of each line as an entry, and will skip if it cannot find a valid
59+ match. Below is a list of acceptable matches that would be parsed correctly:
60+
61+ .. code-block :: none
62+
63+ 127.0.0.1
64+ 127.0.0.0/24
65+ 127.0.0.1-127.0.0.254
66+
4067
4168==============
4269
You can’t perform that action at this time.
0 commit comments