From aa90a6099d2b02e485c91a85e520dfc223c3c7a2 Mon Sep 17 00:00:00 2001 From: Adam Schultz Date: Mon, 24 Nov 2025 12:36:13 -0500 Subject: [PATCH] firewall: T7739: Default ruleset for firewall zones Adds new syntax documentation for https://github.com/vyos/vyos-1x/pull/4672 --- docs/configuration/firewall/zone.rst | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index 836d29fc65..fde6c16288 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -139,7 +139,7 @@ Applying a Rule-Set to a Zone Once a rule-set has been defined, it can then be applied to the source and destination zones. The configuration syntax is anchored on the destination -zone, with each of the source zone rulesets listed against the destination. +zone, with each of the source zone rule-sets listed against the destination. .. cfgcmd:: set firewall zone from firewall name @@ -154,6 +154,21 @@ It is recommended to create two rule-sets for each source-destination zone pair. set firewall zone DMZ from LAN firewall name LAN-DMZ-v4 set firewall zone LAN from DMZ firewall name DMZ-LAN-v4 +Applying a Default Rule-Set to a Zone +===================================== + +When a destination zone shares a common rule-set for multiple source zones or +a complex set of default policies are required, an optional default rule-set +can be applied. The default rule-set applies to all zones that do not have a +rule-set configured as defined in +:ref:`IPv4` + +.. cfgcmd:: set firewall zone default-firewall name + + +.. cfgcmd:: set firewall zone default-firewall ipv6-name + + ************** Operation-mode **************